[Openswan Users] Fwd: Re: please help, im new in this
victor nikiforenko
victorfrankenstein at yahoo.com
Wed Mar 8 15:02:13 CET 2006
Helo Jacco and ewery one
i fixit to connect to vpn whit rodwarrior whitout nat
but i try to conect from another network behind the
nat and i recive in windows i recive error 792 timeout
Mar 8 16:44:36 linux pluto[10586]: packet from
200.14.234.155:14263: ignoring Vendor ID payload [MS
NT5 ISAKMPOAKLEY 00000004]
Mar 8 16:44:36 linux pluto[10586]: packet from
200.14.234.155:14263: ignoring Vendor ID payload
[FRAGMENTATION]
Mar 8 16:44:36 linux pluto[10586]: packet from
200.14.234.155:14263: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 8 16:44:36 linux pluto[10586]: packet from
200.14.234.155:14263: ignoring Vendor ID payload
[Vid-Initial-Contact]
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: responding to
Main Mode from unknown peer 200.14.234.155
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8:
STATE_MAIN_R1: sent MR1, expecting MI2
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8:
NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8:
STATE_MAIN_R2: sent MR2, expecting MI3
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: Main mode
peer ID is ID_DER_ASN1_DN: 'C=Co, ST=Antioquia,
L=Medellin, O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: end
certificate with identical subject and issuer not
accepted
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: X.509
certificate rejected
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: no suitable
connection for peer 'C=Co, ST=Antioquia, L=Medellin,
O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:36 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: sending
encrypted notification INVALID_ID_INFORMATION to
200.14.234.155:14263
Mar 8 16:44:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: Main mode
peer ID is ID_DER_ASN1_DN: 'C=Co, ST=Antioquia,
L=Medellin, O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: end
certificate with identical subject and issuer not
accepted
Mar 8 16:44:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: X.509
certificate rejected
Mar 8 16:44:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: no suitable
connection for peer 'C=Co, ST=Antioquia, L=Medellin,
O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: sending
encrypted notification INVALID_ID_INFORMATION to
200.14.234.155:14263
Mar 8 16:44:43 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: Main mode
peer ID is ID_DER_ASN1_DN: 'C=Co, ST=Antioquia,
L=Medellin, O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:43 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: end
certificate with identical subject and issuer not
accepted
Mar 8 16:44:43 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: X.509
certificate rejected
Mar 8 16:44:43 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: no suitable
connection for peer 'C=Co, ST=Antioquia, L=Medellin,
O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:43 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: sending
encrypted notification INVALID_ID_INFORMATION to
200.14.234.155:14263
Mar 8 16:44:51 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: Main mode
peer ID is ID_DER_ASN1_DN: 'C=Co, ST=Antioquia,
L=Medellin, O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:44:51 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: end
certificate with identical subject and issuer not
accepted
Mar 8 16:44:51 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: X.509
certificate rejected
Mar 8 16:44:51 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: no suitable
connection for peer 'C=Co, ST=Antioquia, L=Medellin,
O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:45:07 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: end
certificate with identical subject and issuer not
accepted
Mar 8 16:45:07 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: X.509
certificate rejected
Mar 8 16:45:07 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: no suitable
connection for peer 'C=Co, ST=Antioquia, L=Medellin,
O=Agenciauto S.A., OU=AA, CN=AA,
E=Agenciauto at agenciauto.com.co'
Mar 8 16:45:07 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: sending
encrypted notification INVALID_ID_INFORMATION to
200.14.234.155:14263
Mar 8 16:45:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: next payload
type of ISAKMP Hash Payload has an unknown value: 28
Mar 8 16:45:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: malformed
payload in packet
Mar 8 16:45:39 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: sending
notification PAYLOAD_MALFORMED to 200.14.234.155:14263
Mar 8 16:45:46 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155 #8: max number of
retransmissions (2) reached STATE_MAIN_R2
Mar 8 16:45:46 linux pluto[10586]:
"roadwarrior-l2tp"[8] 200.14.234.155: deleting
connection "roadwarrior-l2tp" instance with peer
200.14.234.155 {isakmp=#0/ipsec=#0}
the changes i made are to ipsec.conf
version 2.0 # conforms to second version of
ipsec.conf specification
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=10.10.20.0/16
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=host.example.com.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
type=transport
left=%defaultroute
leftcert=host.example.com.pem
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
pfs=no
auto=add
conn roadwarrior-l2tp-oldwin
left=%defaultroute
leftcert=host.example.com.pem
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
pfs=no
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
coments
to the firewall i add
-A RH-Firewall-1-INPUT -i ppp0 -j ACCEPT
because when i join to my intranet i can access the
main server whit telnet whit this i solve this problem
thanks a lot
Victor
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Users
mailing list