[Openswan Users] OSX 10.4.5 maybe :)

Christophe Ngo Van Duc cngovanduc at gmail.com
Tue Feb 21 12:50:08 CET 2006


Yes it did work. I am not loosing the connection after 1 hours, I have an
expire and then a renegociation of the tunnel.
But it seems I have some stability issues with the xl2tpd. It went down
yesterday, I am still trying to figure why

On ppp side I have a 2.4.2 with the radius plugin (like you it seems)


On 2/21/06 11:11 AM, "Brett Curtis" <dashnu at gmail.com> wrote:

> Well I tried  xl2tpd.. switch out my current gentoo l2tpd with it and still
> have the same issues. My best guess would be an issue with ppp. Did the xl2tpd
> fix the issue for you ? They both work fine for windows clients.. So who know
> it could be another OSX issue.
> 
> Thanks.
> On Feb 17, 2006, at 10:55 AM, Christophe Ngo Van Duc wrote:
> 
>>  Hi,
>>  
>>    Yes I have exactly the same problem, I was testing it during the past 2
>> days. Exactly one hour and I loose the connection.
>>    I am going to test the xl2tpd suggested by Paul and see.
>>  
>>  Cheers,
>>  Christophe.
>>  
>>  
>>  On 2/17/06 9:21 AM, "Brett Curtis" <dashnu at gmail.com> wrote:
>>  
>>  
>>> Wondering if you figured out why you are losing your connect. I seem to
>>> loose mine after about an hour. It seems to be an l2tpd or ppp problem.
>>>  
>>>  Some logs.. are yours reflecting the same errors?
>>>  
>>>  Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a
>>> magic=0xc6ac4467]
>>>  Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a
>>> magic=0x85f75c48]
>>>  Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries
>>> exceeded for tunnel 54320.  Closing.
>>>  
>>>  I get several of those pppd logs. It seems that the ipsec connect is fine
>>> through this series of events. 
>>>  
>>>  Versions..
>>>  
>>>  Gentoo Linux 2.6.11-hardened-r15
>>>  openswan-2.4.4
>>>  l2tpd-0.70_pre20031121 
>>>  ppp-2.4.2-r15  
>>>  
>>>  Thanks.
>>>  
>>>  
>>>  
>>>  On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:
>>>  
>>>  
>>>>  Hi,
>>>>   
>>>>     I¹ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL
>>>> router and NATed
>>>>   
>>>>     What I¹ve found so far:
>>>>   pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC
>>>> 3947] method set to=109
>>>>   pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>>>> [draft-ietf-ipsec-nat-t-ike] method set to=110
>>>>   pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>>>> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
>>>>   pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>>>> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode
>>>> from unknown peer 200.88.223.131
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>>>> STATE_MAIN_R0 to state STATE_MAIN_R1
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1,
>>>> expecting MI2
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload
>>>> [KAME/racoon]
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result
>>>> using RFC 3947 (NAT-Traversal): peer is NATed
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>>>> STATE_MAIN_R1 to state STATE_MAIN_R2
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2,
>>>> expecting MI3
>>>>   pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is
>>>> ID_IPV4_ADDR: '10.0.0.3'
>>>>   pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection
>>>> "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
>>>>   pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a
>>>> certificate because I do not have one.
>>>>   pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state
>>>> STATE_MAIN_R2 to state STATE_MAIN_R3
>>>>   pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)
>>>>   pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3,
>>>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
>>>> prf=oakley_sha group=modp1024}
>>>>   pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode
>>>> {msgid:ecd87ac6}
>>>>   pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>>>> STATE_QUICK_R0 to state STATE_QUICK_R1
>>>>   pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1,
>>>> inbound IPsec SA installed, expecting QI2
>>>>   pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>>>> STATE_QUICK_R1 to state STATE_QUICK_R2
>>>>   pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA
>>>> established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD=
>>>> x.x.x.x:50339 DPD=none}
>>>>   
>>>>     The strange thing I¹ve noticed today is that the VPN connection seems
>>>> to drop when the DSL connection is used a lot by the other computer (the
>>>> 10.0.0.2) which is not connected to the VPN
>>>>   
>>>>   Let me know if I can help test something for you.
>>>>   
>>>>   Cheers,
>>>>   Christophe
>>>>   
>>>>   On 2/15/06 12:04 PM, "Brett Curtis" <dashnu at gmail.com> wrote:
>>>>   
>>>>   
>>>>  
>>>>> Latest update Fix.. 10.4.5
>>>>>   
>>>>>   -VPN connections to Cisco servers when using NAT
>>>>>   
>>>>>   Hope they use the correct NAT-T now.. I will let you guys know.
>>>>>   
>>>>>   /me reboots
>>>>>   
>>>>>   
>>>>>  
>>>>> 
>>>>> _______________________________________________
>>>>>   Users at openswan.org
>>>>>   http://lists.openswan.org/mailman/listinfo/users
>>>>>   Building and Integrating Virtual Private Networks with Openswan:
>>>>>   http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>   
>>>>>  
>>>> 
>>>>   
>>>>  _______________________________________________
>>>>  Users at openswan.org
>>>>  http://lists.openswan.org/mailman/listinfo/users
>>>>  Building and Integrating Virtual Private Networks with Openswan: 
>>>>  http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>   
>>>>  
>>> 
>>>  
>>>  
>> 
>>  
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>  
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060221/399ff384/attachment.htm


More information about the Users mailing list