[Openswan Users] OSX 10.4.5 maybe :)

Christophe Ngo Van Duc cngovanduc at gmail.com
Fri Feb 17 11:55:07 CET 2006 

Hi,

  Yes I have exactly the same problem, I was testing it during the past 2
days. Exactly one hour and I loose the connection.
  I am going to test the xl2tpd suggested by Paul and see.

Cheers,
Christophe.


On 2/17/06 9:21 AM, "Brett Curtis" <dashnu at gmail.com> wrote:

> Wondering if you figured out why you are losing your connect. I seem to loose
> mine after about an hour. It seems to be an l2tpd or ppp problem.
> 
> Some logs.. are yours reflecting the same errors?
> 
> Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a
> magic=0xc6ac4467]
> Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a
> magic=0x85f75c48]
> Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries exceeded
> for tunnel 54320.  Closing.
> 
> I get several of those pppd logs. It seems that the ipsec connect is fine
> through this series of events. 
> 
> Versions..
> 
> Gentoo Linux 2.6.11-hardened-r15
> openswan-2.4.4
> l2tpd-0.70_pre20031121 
> ppp-2.4.2-r15  
> 
> Thanks.
> 
> 
> 
> On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:
> 
>>  Hi,
>>  
>>    I¹ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL
>> router and NATed
>>  
>>    What I¹ve found so far:
>>  pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947]
>> method set to=109
>>  pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike] method set to=110
>>  pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
>>  pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode from
>> unknown peer 200.88.223.131
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>> STATE_MAIN_R0 to state STATE_MAIN_R1
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1,
>> expecting MI2
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload
>> [KAME/racoon]
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result using
>> RFC 3947 (NAT-Traversal): peer is NATed
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>> STATE_MAIN_R1 to state STATE_MAIN_R2
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2,
>> expecting MI3
>>  pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is
>> ID_IPV4_ADDR: '10.0.0.3'
>>  pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection
>> "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
>>  pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a certificate
>> because I do not have one.
>>  pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state
>> STATE_MAIN_R2 to state STATE_MAIN_R3
>>  pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)
>>  pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3,
>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
>> prf=oakley_sha group=modp1024}
>>  pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode
>> {msgid:ecd87ac6}
>>  pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>> STATE_QUICK_R0 to state STATE_QUICK_R1
>>  pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1,
>> inbound IPsec SA installed, expecting QI2
>>  pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>> STATE_QUICK_R1 to state STATE_QUICK_R2
>>  pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA
>> established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD=
>> x.x.x.x:50339 DPD=none}
>>  
>>    The strange thing I¹ve noticed today is that the VPN connection seems to
>> drop when the DSL connection is used a lot by the other computer (the
>> 10.0.0.2) which is not connected to the VPN
>>  
>>  Let me know if I can help test something for you.
>>  
>>  Cheers,
>>  Christophe
>>  
>>  On 2/15/06 12:04 PM, "Brett Curtis" <dashnu at gmail.com> wrote:
>>  
>>  
>>> Latest update Fix.. 10.4.5
>>>  
>>>  -VPN connections to Cisco servers when using NAT
>>>  
>>>  Hope they use the correct NAT-T now.. I will let you guys know.
>>>  
>>>  /me reboots
>>>  
>>>  
>>> 
>>> _______________________________________________
>>>  Users at openswan.org
>>>  http://lists.openswan.org/mailman/listinfo/users
>>>  Building and Integrating Virtual Private Networks with Openswan:
>>>  http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>  
>> 
>>  
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>  
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060217/879b7557/attachment.htm

More information about the Users mailing list