[Openswan Users] Time Out on road-warrior connection

Tue Jan 10 17:31:48 CET 2006

Hi, when the ipsec SA established with tcpdump on port  1701 I have:

6:39:40.642152 IP 1-2-3-4.f5.ngi.it.l2tp > 5-6-7-8.f5.ngi.it.l2tp: 
l2tp:[TLS](1/1)Ns=3,Nr=6 *MSGTYPE(CDN) *RESULT_CODE(3/0 Bad file descriptor) 
|...
16:39:41.642887 IP 1-2-3-4.f5.ngi.it.l2tp > 5-6-7-8.f5.ngi.it.l2tp: 
l2tp:[TLS](1/1)Ns=3,Nr=6 *MSGTYPE(CDN) *RESULT_CODE(3/0 Bad file descriptor) 
|...
16:39:42.643780 IP 1-2-3-4.f5.ngi.it.l2tp > 5-6-7-8.f5.ngi.it.l2tp: 
l2tp:[TLS](1/1)Ns=3,Nr=6 *MSGTYPE(CDN) *RESULT_CODE(3/0 Bad file descriptor) 
|...
16:39:43.644650 IP 1-2-3-4.f5.ngi.it.l2tp > 5-6-7-8.f5.ngi.it.l2tp: 
l2tp:[TLS](1/1)Ns=3,Nr=6 *MSGTYPE(CDN) *RESULT_CODE(3/0 Bad file descriptor) 
|...
16:39:44.645506 IP 1-2-3-4.f5.ngi.it.l2tp > 5-6-7-8.f5.ngi.it.l2tp: 
l2tp:[TLS](1/1)Ns=3,Nr=6 *MSGTYPE(CDN) *RESULT_CODE(3/0 Bad file descriptor) 
|...
16:39:45.646563 IP 1-2-3-4.f5.ngi.it.l2tp > 5-6-7-8.f5.ngi.it.l2tp: 
l2tp:[TLS](1/0)Ns=4,Nr=6 *MSGTYPE(StopCCN)*ASSND_TUN_ID(19107) 
*RESULT_CODE(6/0 Timeout)

..with 'ipsec eroute' I have:

81 1-2-3-4/32:1701 -> 5-6-7-8/32:1701 => esp0x2dc16a9c at 5-6-7-8/32:17

...and in the log file:

Jan 10 15:55:18 fw2 pluto[19093]: "left1-road1"[2] 5.6.7.8 #3: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jan 10 15:55:18 fw2 pluto[19093]: "left1-road1"[2] 5.6.7.8 #4: responding to 
Quick Mode {msgid:7a9e2749}
Jan 10 15:55:18 fw2 pluto[19093]: "left1-road1"[2] 5.6.7.8 #4: transition 
from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 10 15:55:18 fw2 pluto[19093]: "left1-road1"[2] 5.6.7.8 #4: 
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan 10 15:55:18 fw2 pluto[19093]: "left1-road1"[2] 5.6.7.8 #4: transition 
from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 10 15:55:18 fw2 pluto[19093]: "left1-road1"[2] 5.6.7.8 #4: 
STATE_QUICK_R2: IPsec SA established {ESP=>0x2dc16a9c <0x6bd9a801 
xfrm=3DES_0-HMAC_MD5 NATD=5.6.7.8:4500 DPD=none}
Jan 10 15:56:19 fw2 pluto[19093]: ERROR: asynchronous network error report 
on eth0 (sport=4500) for message to 5.6.7.8 port 4500, complainant 1.2.3.4: 
No route to host [errno 113, origin ICMP type 11 code 1 (not authenticated)]

thanks again.

------
Salvatore.

----- Original Message ----- 
From: "sasa" <sasa at shoponweb.it>
To: "Paul Wouters" <paul at xelerance.com>
Cc: <users at openswan.org>
Sent: Tuesday, January 10, 2006 2:58 PM
Subject: Re: [Openswan Users] Time Out on road-warrior connection

> Hi, this problem (timed out & l2tp) can to depende from l2tp version that 
> I have used (l2tpd-0.69-13.i386.rpm on fc3 ) ?
>
> I have find on ftp://ftp.openswan.org/l2tpd/binaries/fedora/4/SRPMS/:
>
> - l2tpd-0.69-0.1.20051030.i386.rpm
>
> .. perhaps to use this rpm version can be a solution for my problem ??
> thanks.
>
> ------
> Salvatore.
>
>
> ----- Original Message ----- 
> From: "sasa" <sasa at shoponweb.it>
> To: "Paul Wouters" <paul at xelerance.com>
> Cc: <users at openswan.org>
> Sent: Monday, January 02, 2006 6:32 PM
> Subject: Re: [Openswan Users] Time Out on road-warrior connection
>
>
>> "Paul Wouters" wrote:
>>
>>> Seems like Windows does not like the proposal for some reason. It is 
>>> probably a
>>> misconfigurtion of the windows system. What error code is it giving you? 
>>> And verify
>>> with Jacco's pages that you have the proper settings.
>>
>> I have tried with more Windows systems and the result is always 
>> identical, the same Windows are connected on other vpn (always with 
>> openswan and identical version) nobody problem.
>> I have verified on Jacco's pages and I suppose that the setting is well.
>> thanks.
>>
>> ------
>> Salvatore.
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 