[Openswan Users] OSX 10.4.5 maybe :)
Brett Curtis
dashnu at gmail.com
Fri Feb 17 08:21:56 CET 2006
Wondering if you figured out why you are losing your connect. I seem
to loose mine after about an hour. It seems to be an l2tpd or ppp
problem.
Some logs.. are yours reflecting the same errors?
Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a
magic=0xc6ac4467]
Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a
magic=0x85f75c48]
Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries
exceeded for tunnel 54320. Closing.
I get several of those pppd logs. It seems that the ipsec connect is
fine through this series of events.
Versions..
Gentoo Linux 2.6.11-hardened-r15
openswan-2.4.4
l2tpd-0.70_pre20031121
ppp-2.4.2-r15
Thanks.
On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:
> Hi,
>
> I’ve been connecting today as a roadwarrior with a 10.4.5 behind
> an DSL router and NATed
>
> What I’ve found so far:
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
> [RFC 3947] method set to=109
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike] method set to=110
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
> method 110
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main
> Mode from unknown peer 200.88.223.131
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent
> MR1, expecting MI2
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID
> payload [KAME/racoon]
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal:
> Result using RFC 3947 (NAT-Traversal): peer is NATed
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from
> state STATE_MAIN_R1 to state STATE_MAIN_R2
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent
> MR2, expecting MI3
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is
> ID_IPV4_ADDR: '10.0.0.3'
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection
> "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a
> certificate because I do not have one.
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from
> state STATE_MAIN_R2 to state STATE_MAIN_R3
> pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent
> MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick
> Mode {msgid:ecd87ac6}
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
> STATE_QUICK_R0 to state STATE_QUICK_R1
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent
> QR1, inbound IPsec SA installed, expecting QI2
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
> STATE_QUICK_R1 to state STATE_QUICK_R2
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec
> SA established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1
> NATD= x.x.x.x:50339 DPD=none}
>
> The strange thing I’ve noticed today is that the VPN connection
> seems to drop when the DSL connection is used a lot by the other
> computer (the 10.0.0.2) which is not connected to the VPN
>
> Let me know if I can help test something for you.
>
> Cheers,
> Christophe
>
> On 2/15/06 12:04 PM, "Brett Curtis" <dashnu at gmail.com> wrote:
>
>> Latest update Fix.. 10.4.5
>>
>> -VPN connections to Cisco servers when using NAT
>>
>> Hope they use the correct NAT-T now.. I will let you guys know.
>>
>> /me reboots
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?
>> n=283155
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?
> n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060217/ca106da7/attachment.htm
More information about the Users
mailing list