[Openswan Users] error no conecting client windows 98 to openswan NAT

Walter Willis walterwn at gmail.com
Wed Jun 14 23:46:28 CEST 2006 

pppd 2.4.2
openswan-2.4.0-23.el4.at.i386.rpm
l2tpd-0.69-12jdl.i386.rpm
schema:
client win98 <==>nat<==>internet<==>openeswan(firrewall)<==>lan
192.168.0.182<==>nat<==>internet<==>openswan<==>192.168.150.0

with ip public work fine.
with ip private the problem is:

the problem is client win98 no conecting to openwan the log is:

/var/log/messages:
nothing!!!!
the pppd not log the conecction.


/var/log/secure:
Jun 14 22:31:26 vpn pluto[26141]: packet from 201.230.97.110:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jun 14 22:31:26 vpn pluto[26141]: packet from 201.230.97.110:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jun 14 22:31:26 vpn pluto[26141]: packet from 201.230.97.110:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
responding to Main Mode from unknown peer 201.230.97.110
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
STATE_MAIN_R1: sent MR1, expecting MI2
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
ignoring unknown Vendor ID payload
[47bbe7c993f1fc13b4e6d0db565c68e5010201010201010310382e312e302028...]
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
ignoring unknown Vendor ID payload
[3025dbd21062b9e53dc441c6aab5293600000000]
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
ignoring unknown Vendor ID payload [da8e937880010000]
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
received Vendor ID payload [XAUTH]
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 14 22:31:26 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
STATE_MAIN_R2: sent MR2, expecting MI3
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
Jun 14 22:31:27 vpn pluto[26141]: | protocol/port in Phase 1 ID
Payload is 17/4500. accepted with port_floating NAT-T
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
Main mode peer ID is ID_DER_ASN1_DN: 'C=PE, ST=Peru, L=Chiclayo,
O=EDPyme Alternativa, OU=Soporte Externo 1, CN=vpn.alternativa.com.pe,
E=walter at sorcier.com.pe'
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
I am sending my cert
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 14 22:31:27 vpn pluto[26141]: | NAT-T: new mapping 201.230.97.110:500/4500)
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
cannot respond to IPsec SA request because no connection is known for
200.121.57.187[C=PE, ST=Peru, L=Chiclayo, O=xxxxx, OU=Server Vpn,
CN=xxxxxx.com.pe,
E=postmaster at xxxxx.com.pe]:17/1701...201.230.97.110[C=PE, ST=Peru,
L=Chiclayo, O=xxxxx, OU=Soporte Externo 1, CN=vpn.xxxx.com.pe,
E=walter at sorcier.com.pe]:17/1701===192.168.0.182/32
Jun 14 22:31:27 vpn pluto[26141]: "roadwarrior"[2] 201.230.97.110 #4:
sending encrypted notification INVALID_ID_INFORMATION to
201.230.97.110:4500


the file ipsec.conf is:
version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        #uniqueids=yes
        klipsdebug=all
        plutodebug=none
        #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.0.0/24,%v4:!192.168.1.0/24

conn %default
        #keyingtries=1
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        ikelifetime=20m
        keylife=60m
        rekey=no
        authby=rsasig
        #authby=secret|rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.1.0/24
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=server.alternativa.com.pe.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        type=transport
        type=transport
        left=%defaultroute
        leftcert=server.alternativa.com.pe.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        #rightsubnet=vhost:%no,%priv  ##
        pfs=no
        auto=ignore

conn roadwarrior-l2tp-win
        left=%defaultroute
        leftcert=server.alternativa.com.pe.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add


thanks.


its bug???
what is the problem???

More information about the Users mailing list