[Openswan Users] OSX 10.4.5 maybe :)
Christophe Ngo Van Duc
cngovanduc at gmail.com
Tue Feb 21 12:50:08 CET 2006
Yes it did work. I am not loosing the connection after 1 hours, I have an
expire and then a renegociation of the tunnel.
But it seems I have some stability issues with the xl2tpd. It went down
yesterday, I am still trying to figure why
On ppp side I have a 2.4.2 with the radius plugin (like you it seems)
On 2/21/06 11:11 AM, "Brett Curtis" <dashnu at gmail.com> wrote:
> Well I tried xl2tpd.. switch out my current gentoo l2tpd with it and still
> have the same issues. My best guess would be an issue with ppp. Did the xl2tpd
> fix the issue for you ? They both work fine for windows clients.. So who know
> it could be another OSX issue.
>
> Thanks.
> On Feb 17, 2006, at 10:55 AM, Christophe Ngo Van Duc wrote:
>
>> Hi,
>>
>> Yes I have exactly the same problem, I was testing it during the past 2
>> days. Exactly one hour and I loose the connection.
>> I am going to test the xl2tpd suggested by Paul and see.
>>
>> Cheers,
>> Christophe.
>>
>>
>> On 2/17/06 9:21 AM, "Brett Curtis" <dashnu at gmail.com> wrote:
>>
>>
>>> Wondering if you figured out why you are losing your connect. I seem to
>>> loose mine after about an hour. It seems to be an l2tpd or ppp problem.
>>>
>>> Some logs.. are yours reflecting the same errors?
>>>
>>> Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a
>>> magic=0xc6ac4467]
>>> Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a
>>> magic=0x85f75c48]
>>> Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries
>>> exceeded for tunnel 54320. Closing.
>>>
>>> I get several of those pppd logs. It seems that the ipsec connect is fine
>>> through this series of events.
>>>
>>> Versions..
>>>
>>> Gentoo Linux 2.6.11-hardened-r15
>>> openswan-2.4.4
>>> l2tpd-0.70_pre20031121
>>> ppp-2.4.2-r15
>>>
>>> Thanks.
>>>
>>>
>>>
>>> On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>> I¹ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL
>>>> router and NATed
>>>>
>>>> What I¹ve found so far:
>>>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC
>>>> 3947] method set to=109
>>>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>>>> [draft-ietf-ipsec-nat-t-ike] method set to=110
>>>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>>>> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
>>>> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload
>>>> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode
>>>> from unknown peer 200.88.223.131
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>>>> STATE_MAIN_R0 to state STATE_MAIN_R1
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1,
>>>> expecting MI2
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload
>>>> [KAME/racoon]
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result
>>>> using RFC 3947 (NAT-Traversal): peer is NATed
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state
>>>> STATE_MAIN_R1 to state STATE_MAIN_R2
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2,
>>>> expecting MI3
>>>> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is
>>>> ID_IPV4_ADDR: '10.0.0.3'
>>>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection
>>>> "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
>>>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a
>>>> certificate because I do not have one.
>>>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state
>>>> STATE_MAIN_R2 to state STATE_MAIN_R3
>>>> pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)
>>>> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3,
>>>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
>>>> prf=oakley_sha group=modp1024}
>>>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode
>>>> {msgid:ecd87ac6}
>>>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>>>> STATE_QUICK_R0 to state STATE_QUICK_R1
>>>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1,
>>>> inbound IPsec SA installed, expecting QI2
>>>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state
>>>> STATE_QUICK_R1 to state STATE_QUICK_R2
>>>> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA
>>>> established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD=
>>>> x.x.x.x:50339 DPD=none}
>>>>
>>>> The strange thing I¹ve noticed today is that the VPN connection seems
>>>> to drop when the DSL connection is used a lot by the other computer (the
>>>> 10.0.0.2) which is not connected to the VPN
>>>>
>>>> Let me know if I can help test something for you.
>>>>
>>>> Cheers,
>>>> Christophe
>>>>
>>>> On 2/15/06 12:04 PM, "Brett Curtis" <dashnu at gmail.com> wrote:
>>>>
>>>>
>>>>
>>>>> Latest update Fix.. 10.4.5
>>>>>
>>>>> -VPN connections to Cisco servers when using NAT
>>>>>
>>>>> Hope they use the correct NAT-T now.. I will let you guys know.
>>>>>
>>>>> /me reboots
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users at openswan.org
>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users at openswan.org
>>>> http://lists.openswan.org/mailman/listinfo/users
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060221/399ff384/attachment.htm
More information about the Users
mailing list