[Openswan Users] Creating Win XP vpn connection

peters at exemplar-associates.com peters at exemplar-associates.com
Tue May 2 10:31:11 CEST 2006


I think I have made some progress with the VPN, at least I have
messages in the auth.log that I haven't seen before:

May  2 09:56:20 localhost pluto=5B9120=5D: Using Linux 2.6 IPsec interface =
code on 2.6.12-9-386
May  2 09:56:20 localhost pluto=5B9120=5D: Changing to directory =
'/etc/ipsec.d/cacerts'
May  2 09:56:20 localhost pluto=5B9120=5D:   loaded CA cert file =
'cacert.pem' (1285 bytes)
May  2 09:56:20 localhost pluto=5B9120=5D: Changing to directory =
'/etc/ipsec.d/aacerts'
May  2 09:56:20 localhost pluto=5B9120=5D: Changing to directory =
'/etc/ipsec.d/ocspcerts'
May  2 09:56:20 localhost pluto=5B9120=5D: Changing to directory =
'/etc/ipsec.d/crls'
May  2 09:56:20 localhost pluto=5B9120=5D:   loaded crl file 'crl.pem' =
(568 bytes)
May  2 09:56:20 localhost pluto=5B9120=5D:   loaded host cert file =
'/etc/ipsec.d/certs/xray.exemplarassociates.pem' (3733 bytes)
May  2 09:56:20 localhost pluto=5B9120=5D: added connection description =
=22roadwarrior=22
May  2 09:56:20 localhost pluto=5B9120=5D: listening for IKE messages
May  2 09:56:20 localhost pluto=5B9120=5D: adding interface eth0/eth0 =
192.168.1.13:500
May  2 09:56:21 localhost pluto=5B9120=5D: adding interface lo/lo =
127.0.0.1:500
May  2 09:56:21 localhost pluto=5B9120=5D: adding interface lo/lo ::1:500
May  2 09:56:21 localhost pluto=5B9120=5D: loading secrets from =
=22/etc/ipsec.secrets=22
May  2 09:56:21 localhost pluto=5B9120=5D: =22/etc/ipsec.secrets=22 line =
10: enter a passphrase using ipsec auto --rereadsecrets
May  2 09:56:23 localhost sudo: exemplar : TTY=3Dpts/0 ; PWD=3D/etc ; =
USER=3Droot ; COMMAND=3D/usr/sbin/ipsec secrets
May  2 09:56:23 localhost pluto=5B9120=5D: loading secrets from =
=22/etc/ipsec.secrets=22
May  2 09:56:23 localhost pluto=5B9120=5D:   loaded private key file =
'/etc/ipsec.d/private/xray.exemplarassociates.key' (1724 bytes)
May  2 09:56:58 localhost pluto=5B9120=5D: packet from 192.168.1.6:500: =
ignoring Vendor ID payload =5BMS NT5 ISAKMPOAKLEY 00000003=5D
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B1=5D =
192.168.1.6 =231: responding to Main Mode from unknown peer 192.168.1.6
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B1=5D =
192.168.1.6 =231: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B1=5D =
192.168.1.6 =231: STATE_MAIN_R1: sent MR1, expecting MI2
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B1=5D =
192.168.1.6 =231: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B1=5D =
192.168.1.6 =231: STATE_MAIN_R2: sent MR2, expecting MI3
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B1=5D =
192.168.1.6 =231: Main mode peer ID is ID_DER_ASN1_DN: 'C=3DUK, ST=3DBeds, =
L=3DBiggleswade, O=3DExemplar Associates, =
CN=3Dfoxtrot.exemplarassociates.com, E=3Dinfo=40exemplar-associates.com'
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: deleting connection =22roadwarrior=22 instance with peer =
192.168.1.6 =7Bisakmp=3D=230/ipsec=3D=230=7D
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: I am sending my cert
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: STATE_MAIN_R3: sent MR3, ISAKMP SA established =
=7Bauth=3DOAKLEY_RSA_SIG cipher=3Doakley_3des_cbc_192 prf=3Doakley_sha =
group=3Dmodp1024=7D
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: cannot respond to IPsec SA request because no connection =
is known for 192.168.1.13=5BC=3DUK, ST=3DBeds, L=3DBiggleswade, =
O=3DExemplar Associates, CN=3Dxray.exemplarassociates.com, =
E=3Dinfo=40exemplar-associates.com=5D:17/0...192.168.1.6=5BC=3DUK, =
ST=3DBeds, L=3DBiggleswade, O=3DExemplar Associates, =
CN=3Dfoxtrot.exemplarassociates.com, =
E=3Dinfo=40exemplar-associates.com=5D:17/%any
May  2 09:56:58 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: sending encrypted notification INVALID_ID_INFORMATION to =
192.168.1.6:500
May  2 09:56:59 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: Quick Mode I1 message is unacceptable because it uses a =
previously used Message ID 0x6de81384 (perhaps this is a duplicated packet)
May  2 09:56:59 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: sending encrypted notification INVALID_MESSAGE_ID to =
192.168.1.6:500
May  2 09:57:01 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: Quick Mode I1 message is unacceptable because it uses a =
previously used Message ID 0x6de81384 (perhaps this is a duplicated packet)
May  2 09:57:01 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: sending encrypted notification INVALID_MESSAGE_ID to =
192.168.1.6:500
May  2 09:57:05 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: Quick Mode I1 message is unacceptable because it uses a =
previously used Message ID 0x6de81384 (perhaps this is a duplicated packet)
May  2 09:57:05 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: sending encrypted notification INVALID_MESSAGE_ID to =
192.168.1.6:500
May  2 09:57:13 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: Quick Mode I1 message is unacceptable because it uses a =
previously used Message ID 0x6de81384 (perhaps this is a duplicated packet)
May  2 09:57:13 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: sending encrypted notification INVALID_MESSAGE_ID to =
192.168.1.6:500
May  2 09:57:29 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: Quick Mode I1 message is unacceptable because it uses a =
previously used Message ID 0x6de81384 (perhaps this is a duplicated packet)
May  2 09:57:29 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: sending encrypted notification INVALID_MESSAGE_ID to =
192.168.1.6:500
May  2 09:58:01 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6 =231: received Delete SA payload: deleting ISAKMP State =231
May  2 09:58:01 localhost pluto=5B9120=5D: =22roadwarrior=22=5B2=5D =
192.168.1.6: deleting connection =22roadwarrior=22 instance with peer =
192.168.1.6 =7Bisakmp=3D=230/ipsec=3D=230=7D
May  2 09:58:01 localhost pluto=5B9120=5D: packet from 192.168.1.6:500: =
received and ignored informational message


Previously I hadn't seen this message:

transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

but the line that follows suggests it is still not right:

192.168.1.6 =231: cannot respond to IPsec SA request because no connection =
is known for 192.168.1.13=5BC=3DUK, ST=3DBeds, L=3DBiggleswade, =
O=3DExemplar Associates, CN=3Dxray.exemplarassociates.com, =
E=3Dinfo=40exemplar-associates.com=5D:17/0...192.168.1.6=5BC=3DUK, =
ST=3DBeds, L=3DBiggleswade, O=3DExemplar Associates, =
CN=3Dfoxtrot.exemplarassociates.com, =
E=3Dinfo=40exemplar-associates.com=5D:17/%any

Regards,

Peter



More information about the Users mailing list