[Openswan Users] openswan beging NAT with windows XP

Walter Willis walterwn at gmail.com
Fri Jul 21 13:25:03 CEST 2006 

I am install penes wan in one ip statick

server vpn <===>Zyxel 643 <===>internet<===>client winxp(roadwarrior)

the zyxel 643 forward por 500, 1701 and 4500

my ipsec.com is:
version 2.0

config setup
        interfaces=%defaultroute
        #interfaces="ipsec0=eth0"
        nat_traversal=no
        #uniqueids=yes
        klipsdebug=all
        plutodebug=none
        #plutoload=%search
        #plutostart=%search
        #plutodebug="control parsing"
        #virtual_private=%v4:
10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:192.168.3.0/24

conn %default
        #keyingtries=0
        keyingtries=3
        #compress=yes
        disablearrivalcheck=no
        ikelifetime=20m
        keylife=60m
        rekey=no
        #authby=rsasig
        authby=secret|rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-l2tp
        type=transport
        #type=tunnel
        left=192.168.1.2
        #leftnexthop=201.230.129.43
        leftcert=server.pem
        #leftprotoport=17/1701
        leftprotoport=17/%any
        right=%any
        #rightnexthop=%defaultroute
        #rightprotoport=17/1701
        rightprotoport=17/%any
        #rightsubnet=0.0.0.0/0
        pfs=no
        auto=add

i am probe of diferent shape but no work
with it is confiugration the error the ipsec:

Jul 21 10:58:47 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

Jul 21 10:58:47 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: ignoring
Vendor ID payload [FRAGMENTATION]

Jul 21 10:58:47 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port
floating is off

Jul 21 10:58:47 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: ignoring
Vendor ID payload [Vid-Initial-Contact]

Jul 21 10:58:47 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
responding to Main Mode from unknown peer xxx.xxx.xxx.xxx

Jul 21 10:58:47 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Jul 21 10:58:47 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
STATE_MAIN_R1: sent MR1, expecting MI2

Jul 21 10:58:48 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

Jul 21 10:58:48 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: ignoring
Vendor ID payload [FRAGMENTATION]

Jul 21 10:58:48 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port
floating is off

Jul 21 10:58:48 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: ignoring
Vendor ID payload [Vid-Initial-Contact]

Jul 21 10:58:48 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #2:
responding to Main Mode from unknown peer xxx.xxx.xxx.xxx

Jul 21 10:58:48 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #2:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Jul 21 10:58:48 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #2:
STATE_MAIN_R1: sent MR1, expecting MI2

Jul 21 10:58:49 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Jul 21 10:58:49 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
STATE_MAIN_R2: sent MR2, expecting MI3

Jul 21 10:58:49 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
discarding duplicate packet; already STATE_MAIN_R2

Jul 21 10:58:50 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
Main mode peer ID is ID_IPV4_ADDR: '192.168.1.2'

Jul 21 10:58:50 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #1:
switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"

Jul 21 10:58:50 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

Jul 21 10:58:50 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}

Jul 21 10:58:51 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
cannot respond to IPsec SA request because no connection is known for
201.230.129.43/32===192.168.1.2[C=PE, ST=xxxx, L=xxxxx, O=xxxxxx, OU=Server
Principal VPN, CN=xxxxxx.xxx, E=postmaster at costadelsolperu.com
]:17/%any...xxx.xxx.xxx.xxx[192.168.1.2]:17/%any===192.168.1.2/32

Jul 21 10:58:51 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:500

Jul 21 10:58:51 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x9c2cc2e5 (perhaps this is a duplicated packet)

Jul 21 10:58:51 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

Jul 21 10:58:53 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x9c2cc2e5 (perhaps this is a duplicated packet)

Jul 21 10:58:53 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

Jul 21 10:58:57 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x9c2cc2e5 (perhaps this is a duplicated packet)

Jul 21 10:58:57 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

Jul 21 10:59:05 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x9c2cc2e5 (perhaps this is a duplicated packet)

Jul 21 10:59:05 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

Jul 21 10:59:21 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x9c2cc2e5 (perhaps this is a duplicated packet)

Jul 21 10:59:21 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

Jul 21 10:59:53 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx #1:
received Delete SA payload: deleting ISAKMP State #1

Jul 21 10:59:53 fw pluto[2246]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.xxx:
deleting connection "roadwarrior-l2tp" instance with peer
xxx.xxx.xxx.xxx{isakmp=#0/ipsec=#0}

Jul 21 10:59:53 fw pluto[2246]: packet from xxx.xxx.xxx.xxx:500: received
and ignored informational message

Jul 21 10:59:58 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx #2:
max number of retransmissions (2) reached STATE_MAIN_R1

Jul 21 10:59:58 fw pluto[2246]: "roadwarrior-l2tp"[1] xxx.xxx.xxx.xxx:
deleting connection "roadwarrior-l2tp" instance with peer
xxx.xxx.xxx.xxx{isakmp=#0/ipsec=#0}
any help???
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060721/bcba7f14/attachment-0001.htm

More information about the Users mailing list