[Openswan Users] X.509 road warrior

Mon Jan 23 08:53:00 CET 2006

I am setting up a X.509 roadwarrior VPN on a LINUX router running openswan with a VPN client.  I can't get past phaseI.  I am sending a copy of my config with some log info any help would be greatly appreciated.

Regards,

Daren

config setup

     klipsdebug=all

         plutodebug="control parsing"

     interfaces=%defaultroute

         nat_traversal=yes

         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default

     keyingtries=1

         compress=no

         disablearrivalcheck=no

         authby=rsasig

         leftrsasigkey=%cert

         rightrsasigkey=%cert

conn roadwarrior-net

     leftsubnet=192.168.11.0/24

         rightsubnet=192.168.20.1/32

         also=roadwarrior

conn roadwarrior

     left=%defaultroute

         leftcert=router.pem

         right=%any

         auto=add

         type=tunnel

         pfs=yes

conn block

   auto=ignore

conn private

   auto=ignore

conn private

   auto=ignore

conn clear-or-private

   auto=ignore

conn private-or-clear

   auto=ignore

conn clear

   auto=ignore

conn packetdefault

   auto=ignore

Jan 23 08:45:36 localhost pluto[2460]: | ******parse ISAKMP Oakley attribute:
Jan 23 08:45:36 localhost pluto[2460]: |    af+type: OAKLEY_LIFE_TYPE
Jan 23 08:45:36 localhost pluto[2460]: |    length/value: 1
Jan 23 08:45:36 localhost pluto[2460]: |    [1 is OAKLEY_LIFE_SECONDS]
Jan 23 08:45:36 localhost pluto[2460]: | ******parse ISAKMP Oakley attribute:
Jan 23 08:45:36 localhost pluto[2460]: |    af+type: OAKLEY_LIFE_DURATION
Jan 23 08:45:36 localhost pluto[2460]: |    length/value: 1800
Jan 23 08:45:36 localhost pluto[2460]: | ******parse ISAKMP Oakley attribute:
Jan 23 08:45:36 localhost pluto[2460]: |    af+type: OAKLEY_KEY_LENGTH
Jan 23 08:45:36 localhost pluto[2460]: |    length/value: 192
Jan 23 08:45:36 localhost pluto[2460]: | Oakley Transform 0 accepted
Jan 23 08:45:36 localhost pluto[2460]: "roadwarrior"[362] 192.168.11.100 #509: transition from state (null) to state STATE_MAIN_R1
Jan 23 08:45:36 localhost pluto[2460]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #509
Jan 23 08:45:36 localhost pluto[2460]: | next event EVENT_RETRANSMIT in 10 seconds for #509
Jan 23 08:45:46 localhost pluto[2460]: |  
Jan 23 08:45:46 localhost pluto[2460]: | *time to handle event
Jan 23 08:45:46 localhost pluto[2460]: | event after this is EVENT_REINIT_SECRET in 3514 seconds
Jan 23 08:45:46 localhost pluto[2460]: | handling event EVENT_RETRANSMIT for 192.168.11.100 "roadwarrior" #509
Jan 23 08:45:46 localhost pluto[2460]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #509
Jan 23 08:45:46 localhost pluto[2460]: | next event EVENT_RETRANSMIT in 20 seconds for #509
Jan 23 08:46:06 localhost pluto[2460]: |  
Jan 23 08:46:06 localhost pluto[2460]: | *time to handle event
Jan 23 08:46:06 localhost pluto[2460]: | event after this is EVENT_REINIT_SECRET in 3494 seconds
Jan 23 08:46:06 localhost pluto[2460]: | handling event EVENT_RETRANSMIT for 192.168.11.100 "roadwarrior" #509
Jan 23 08:46:06 localhost pluto[2460]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #509
Jan 23 08:46:06 localhost pluto[2460]: | next event EVENT_RETRANSMIT in 40 seconds for #509
Jan 23 08:46:46 localhost pluto[2460]: |  
Jan 23 08:46:46 localhost pluto[2460]: | *time to handle event
Jan 23 08:46:46 localhost pluto[2460]: | event after this is EVENT_REINIT_SECRET in 3454 seconds
Jan 23 08:46:46 localhost pluto[2460]: | handling event EVENT_RETRANSMIT for 192.168.11.100 "roadwarrior" #509
Jan 23 08:46:46 localhost pluto[2460]: "roadwarrior"[362] 192.168.11.100 #509: max number of retransmissions (2) reached STATE_MAIN_R1
Jan 23 08:46:46 localhost pluto[2460]: | ICOOKIE:  1e 50 74 3f  b2 c8 69 ad
Jan 23 08:46:46 localhost pluto[2460]: | RCOOKIE:  ab 3e 43 87  29 20 40 70
Jan 23 08:46:46 localhost pluto[2460]: | peer:  c0 a8 0b 64
Jan 23 08:46:46 localhost pluto[2460]: | state hash entry 8
Jan 23 08:46:46 localhost pluto[2460]: "roadwarrior"[362] 192.168.11.100: deleting connection "roadwarrior" instance with peer 192.168.11.100 {isakmp=#0/ipsec=#0}
Jan 23 08:46:46 localhost pluto[2460]: | alg_info_delref(0x80ee090) 
Jan 23 08:46:46 localhost pluto[2460]: | alg_info_delref(0x80ee090) alg_info->ref_cnt=365
Jan 23 08:46:46 localhost pluto[2460]: | alg_info_delref(0x80ee4a8) 
Jan 23 08:46:46 localhost pluto[2460]: | alg_info_delref(0x80ee4a8) alg_info->ref_cnt=365
Jan 23 08:46:46 localhost pluto[2460]: | next event EVENT_REINIT_SECRET in 3454 seconds