[Openswan Users] OSX 10.4.5 maybe :)
Christophe Ngo Van Duc
cngovanduc at gmail.com
Fri Feb 17 11:55:07 CET 2006
Hi,
Yes I have exactly the same problem, I was testing it during the past 2
days. Exactly one hour and I loose the connection.
I am going to test the xl2tpd suggested by Paul and see.
Cheers,
Christophe.
On 2/17/06 9:21 AM, "Brett Curtis" <dashnu at gmail.com> wrote:
> Wondering if you figured out why you are losing your connect. I seem to loose
> mine after about an hour. It seems to be an l2tpd or ppp problem.
>
> Some logs.. are yours reflecting the same errors?
>
> Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a
> magic=0xc6ac4467]
> Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a
> magic=0x85f75c48]
> Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries exceeded
> for tunnel 54320. Closing.
>
> I get several of those pppd logs. It seems that the ipsec connect is fine
> through this series of events.
>
> Versions..
>
> Gentoo Linux 2.6.11-hardened-r15
> openswan-2.4.4
> l2tpd-0.70_pre20031121
> ppp-2.4.2-r15
>
> Thanks.
>
>
>
> On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:
>
>> Hi,
>>
>> I¹ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL
>> router and NATed
>>
>> What I¹ve found so far:
>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947]
>> method set to=109
>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike] method set to=110
>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode from
>> unknown peer 200.88.223.131
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>> STATE_MAIN_R0 to state STATE_MAIN_R1
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1,
>> expecting MI2
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload
>> [KAME/racoon]
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result using
>> RFC 3947 (NAT-Traversal): peer is NATed
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>> STATE_MAIN_R1 to state STATE_MAIN_R2
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2,
>> expecting MI3
>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is
>> ID_IPV4_ADDR: '10.0.0.3'
>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection
>> "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a certificate
>> because I do not have one.
>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state
>> STATE_MAIN_R2 to state STATE_MAIN_R3
>> pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)
>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3,
>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
>> prf=oakley_sha group=modp1024}
>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode
>> {msgid:ecd87ac6}
>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>> STATE_QUICK_R0 to state STATE_QUICK_R1
>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1,
>> inbound IPsec SA installed, expecting QI2
>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>> STATE_QUICK_R1 to state STATE_QUICK_R2
>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA
>> established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD=
>> x.x.x.x:50339 DPD=none}
>>
>> The strange thing I¹ve noticed today is that the VPN connection seems to
>> drop when the DSL connection is used a lot by the other computer (the
>> 10.0.0.2) which is not connected to the VPN
>>
>> Let me know if I can help test something for you.
>>
>> Cheers,
>> Christophe
>>
>> On 2/15/06 12:04 PM, "Brett Curtis" <dashnu at gmail.com> wrote:
>>
>>
>>> Latest update Fix.. 10.4.5
>>>
>>> -VPN connections to Cisco servers when using NAT
>>>
>>> Hope they use the correct NAT-T now.. I will let you guys know.
>>>
>>> /me reboots
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060217/879b7557/attachment.htm
More information about the Users
mailing list