[Openswan Users] Time Out on road-warrior connection

Mon Jan 2 16:23:12 CET 2006

"Paul Wouters" wrote:

> No,m that sets the mtu of the ipsec interface. We need to set the mtu of
> the ethX interface.. Just use the command: ifconfig ethX mtu 1400
>
>> ..for l2tp I must modify options.l2tpd:
>>
>> mru 1200
>> mtu 1200

I have made the modification demanded (mtu on eth used from ipsec and 
mru/mtu) but the result isn't changed, in log file I have:

Jan  2 16:00:47 fw2 l2tpd[4050]: control_finish: Connection established to 
1.2.3.4, 1701.  Local: 21904, Remote: 2.  LNS session is 'default'
Jan  2 16:00:47 fw2 pppd[4288]: pppd 2.4.2 started by root, uid 0
Jan  2 16:00:47 fw2 pppd[4288]: Using interface ppp0
Jan  2 16:00:47 fw2 pppd[4288]: Connect: ppp0 <--> /dev/pts/3
Jan  2 16:00:47 fw2 l2tpd[4050]: control_finish: Call established with 
1.2.3.4, Local: 44592, Remote: 1, Serial: 0
Jan  2 16:00:47 fw2 pppd[4288]: Unsupported protocol 'Compression Control 
Protocol' (0x80fd) received
Jan  2 16:00:47 fw2 pppd[4288]: found interface eth1 for proxy arp
Jan  2 16:00:47 fw2 pppd[4288]: local  IP address 10.0.1.19
Jan  2 16:00:47 fw2 pppd[4288]: remote IP address 10.0.1.20
Jan  2 16:01:01 fw2 crond(pam_unix)[4302]: session opened for user root by 
(uid=0)
Jan  2 16:01:01 fw2 crond(pam_unix)[4302]: session closed for user root
Jan  2 16:02:46 fw2 pppd[4288]: LCP terminated by peer 
(:M-o^A{^@<M-Mt^@^@^@^@)
Jan  2 16:02:49 fw2 pppd[4288]: Connection terminated.
Jan  2 16:02:49 fw2 pppd[4288]: Connect time 2.0 minutes.
Jan  2 16:02:49 fw2 pppd[4288]: Sent 12632 bytes, received 11417 bytes.
Jan  2 16:02:50 fw2 pppd[4288]: Connect time 2.0 minutes.
Jan  2 16:02:50 fw2 pppd[4288]: Sent 12632 bytes, received 11417 bytes.
Jan  2 16:02:50 fw2 pppd[4288]: Exit.
Jan  2 16:02:50 fw2 l2tpd[4050]: network_thread: tossing read packet, error 
= Bad file descriptor (9).  Closing call.
Jan  2 16:02:50 fw2 l2tpd[4050]: call_close: Call 44592 to 1.2.3.4 
disconnected
Jan  2 16:02:52 fw2 l2tpd[4050]: call_close : Connection 2 closed to 
1.2.3.4, port 1701 (Timeout)

Jan  2 16:00:43 fw2 pluto[4172]: packet from 1.2.3.4:500: ignoring Vendor ID 
payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan  2 16:00:43 fw2 pluto[4172]: packet from 1.2.3.4:500: ignoring Vendor ID 
payload [FRAGMENTATION]
Jan  2 16:00:43 fw2 pluto[4172]: packet from 1.2.3.4:500: received Vendor ID 
payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan  2 16:00:43 fw2 pluto[4172]: packet from 1.2.3.4:500: ignoring Vendor ID 
payload [Vid-Initial-Contact]
Jan  2 16:00:43 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: responding to 
Main Mode from unknown peer 1.2.3.4
Jan  2 16:00:43 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: transition from 
state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  2 16:00:43 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: STATE_MAIN_R1: 
sent MR1, expecting MI2
Jan  2 16:00:43 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: NAT-Traversal: 
Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Jan  2 16:00:43 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: transition from 
state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  2 16:00:43 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: STATE_MAIN_R2: 
sent MR2, expecting MI3
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[1] 1.2.3.4 #2: Main mode peer 
ID is ID_FQDN: '@sasa1.domain.local'
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: deleting 
connection "left-road" instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: I did not send a 
certificate because I do not have one.
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: transition from 
state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  2 16:00:44 fw2 pluto[4172]: | NAT-T: new mapping 1.2.3.4:500/4500)
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: STATE_MAIN_R3: 
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #3: responding to 
Quick Mode {msgid:3a9ecc25}
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #3: transition from 
state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #3: STATE_QUICK_R1: 
sent QR1, inbound IPsec SA installed, expecting QI2
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #3: transition from 
state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  2 16:00:44 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #3: STATE_QUICK_R2: 
IPsec SA established {ESP=>0x9c98c4ef <0x86416762 xfrm=3DES_0-HMAC_MD5 
NATD=1.2.3.4:4500 DPD=none}
Jan  2 16:01:49 fw2 pluto[4172]: ERROR: asynchronous network error report on 
eth0 (sport=4500) for message to 1.2.3.4port 4500, complainant 5.6.7.8: No 
route to host [errno 113, origin ICMP type 11 code 1 (not authenticated)]
Jan  2 16:02:07 fw2 last message repeated 6 times
Jan  2 16:02:46 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: received Delete 
SA(0x9c98c4ef) payload: deleting IPSEC State #3
Jan  2 16:02:46 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: received and 
ignored informational message
Jan  2 16:02:46 fw2 pluto[4172]: "left-road"[2] 1.2.3.4 #2: received Delete 
SA payload: deleting ISAKMP State #2
Jan  2 16:02:46 fw2 pluto[4172]: "left-road"[2] 1.2.3.4: deleting connection 
"left-road" instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}

thanks again.

------
Salvatore. 