[Openswan Users] Creating Win XP vpn connection
peters at exemplar-associates.com
peters at exemplar-associates.com
Wed May 3 15:39:09 CEST 2006
Sorry for the long post but I have tried to lay it out to make
it readable..
I suspect my current problems may be down to the ip addresses
being used. I am still not clear on this area.
The server is currently 192.168.1.13 and the rest of the network is
on 192,168.1.x It's not publically addressable yet.
In ipsec.conf I have:
version=092.0=09=23 conforms to second version of ipsec.conf specification
=23 basic configuration
config setup
=09interfaces=3D%defaultroute
=09nat_traversal=3Dno
=09virtual_private=3D%v4:10.0.0.0/8,
%v4:172.16.0.0/12,
%v4:192.168.0.0/16,
%v4:=21192.168.1.0/24
=23 the above line has been edited just for clarity in this mail
=23 Add connections here
conn %default
=09keyingtries=3D1
=09compress=3Dyes
=09disablearrivalcheck=3Dno
=09authby=3Drsasig
=09leftrsasigkey=3D%cert
=09rightrsasigkey=3D%cert
conn mobile
=09left=3D192.168.1.13
=09leftprotoport=3D17/1701
=09leftcert=3D/etc/ipsec.d/certs/xray.exemplarassociates.pem
=09right=3D%any
=09rightprotoport=3D17/%any
=09auto=3Dadd
=09authby=3Drsasig
=09pfs=3Dno
=09type=3Dtransport
conn block
=09auto=3Dignore
conn private
=09auto=3Dignore
conn private-or-clear
=09auto=3Dignore
conn clear-or-private
=09auto=3Dignore
conn clear
=09auto=3Dignore
conn packetdefault
=09auto=3Dignore
=23Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
This is the current auth.log:
May 3 14:56:39 localhost pluto=5B12509=5D: Starting Pluto (Openswan =
Version 2.4.0 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEr=40=60N=5C177X=5DmXi)
May 3 14:56:39 localhost pluto=5B12509=5D: Setting NAT-Traversal =
port-4500 floating to off
May 3 14:56:39 localhost pluto=5B12509=5D: port floating activation =
criteria nat_t=3D0/port_fload=3D1
May 3 14:56:40 localhost pluto=5B12509=5D: including NAT-Traversal =
patch (Version 0.6c) =5Bdisabled=5D
May 3 14:56:40 localhost pluto=5B12509=5D: ike_alg_register_enc(): =
Activating OAKLEY_AES_CBC: Ok (ret=3D0)
May 3 14:56:40 localhost pluto=5B12509=5D: starting up 1 cryptographic =
helpers
May 3 14:56:40 localhost pluto=5B12509=5D: started helper pid=3D12510 =
(fd:6)
May 3 14:56:40 localhost pluto=5B12509=5D: Using Linux 2.6 IPsec =
interface code on 2.6.12-9-386
May 3 14:56:40 localhost pluto=5B12509=5D: Changing to directory =
'/etc/ipsec.d/cacerts'
May 3 14:56:40 localhost pluto=5B12509=5D: loaded CA cert file =
'cacert.pem' (1285 bytes)
May 3 14:56:40 localhost pluto=5B12509=5D: Changing to directory =
'/etc/ipsec.d/aacerts'
May 3 14:56:40 localhost pluto=5B12509=5D: Changing to directory =
'/etc/ipsec.d/ocspcerts'
May 3 14:56:40 localhost pluto=5B12509=5D: Changing to directory =
'/etc/ipsec.d/crls'
May 3 14:56:40 localhost pluto=5B12509=5D: loaded crl file 'crl.pem' =
(568 bytes)
May 3 14:56:40 localhost pluto=5B12509=5D: loaded host cert file =
'/etc/ipsec.d/certs/xray.example.pem' (3733 bytes)
May 3 14:56:40 localhost pluto=5B12509=5D: added connection description =
=22mobile=22
May 3 14:56:40 localhost pluto=5B12509=5D: listening for IKE messages
May 3 14:56:40 localhost pluto=5B12509=5D: adding interface eth0/eth0 =
192.168.1.13:500
May 3 14:56:40 localhost pluto=5B12509=5D: adding interface lo/lo =
127.0.0.1:500
May 3 14:56:40 localhost pluto=5B12509=5D: adding interface lo/lo ::1:500
May 3 14:56:40 localhost pluto=5B12509=5D: loading secrets from =
=22/etc/ipsec.secrets=22
May 3 14:56:40 localhost pluto=5B12509=5D: =22/etc/ipsec.secrets=22 line =
10: enter a passphrase using ipsec auto --rereadsecrets
May 3 14:56:51 localhost sudo: exemplar : TTY=3Dpts/0 ; PWD=3D/etc ; =
USER=3Droot ; COMMAND=3D/usr/sbin/ipsec secrets
May 3 14:56:51 localhost pluto=5B12509=5D: loading secrets from =
=22/etc/ipsec.secrets=22
May 3 14:56:51 localhost pluto=5B12509=5D: loaded private key file =
'/etc/ipsec.d/private/xray.example.key' (1724 bytes)
May 3 14:57:18 localhost pluto=5B12509=5D: packet from 192.168.1.6:500: =
ignoring Vendor ID payload
=5BMS NT5 ISAKMPOAKLEY 00000003=5D
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B1=5D =
192.168.1.6 =231:
responding to Main Mode from unknown peer 192.168.1.6
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B1=5D =
192.168.1.6 =231:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B1=5D =
192.168.1.6 =231:
STATE_MAIN_R1: sent MR1, expecting MI2
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B1=5D =
192.168.1.6 =231:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B1=5D =
192.168.1.6 =231:
STATE_MAIN_R2: sent MR2, expecting MI3
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B1=5D =
192.168.1.6 =231:
Main mode peer ID is ID_DER_ASN1_DN: 'C=3DUK, ST=3DBeds, L=3DHome, =
O=3DOffice, CN=3Dfoxtrot.example.com, E=3Dinfo=40mail.com'
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
deleting connection =22mobile=22 instance with peer 192.168.1.6 =
=7Bisakmp=3D=230/ipsec=3D=230=7D
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
I am sending my cert
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
STATE_MAIN_R3: sent MR3, ISAKMP SA established =7Bauth=3DOAKLEY_RSA_SIG
cipher=3Doakley_3des_cbc_192 prf=3Doakley_sha group=3Dmodp1024=7D
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
cannot respond to IPsec SA request because no connection is known for
192.168.1.13=5BC=3DUK, ST=3DBeds, L=3DHome, O=3DOffice, =
CN=3Dxray.example.com, E=3Dinfo=40mail.com=5D:17/0...
192.168.1.6=5BC=3DUK, ST=3DBeds, L=3DHome, O=3DOffice, =
CN=3Dfoxtrot.example.com, E=3Dinfo=40mail.com=5D:17/%any
May 3 14:57:18 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
sending encrypted notification INVALID_ID_INFORMATION to 192.168.1.6:500
May 3 14:57:19 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
Quick Mode I1 message is unacceptable because it uses a previously used =
Message ID 0x18a55fe1
(perhaps this is a duplicated packet)
May 3 14:57:19 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.6:500
May 3 14:57:21 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
Quick Mode I1 message is unacceptable because it uses a previously used =
Message ID 0x18a55fe1
(perhaps this is a duplicated packet)
May 3 14:57:21 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.6:500
May 3 14:57:28 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
Quick Mode I1 message is unacceptable because it uses a previously used =
Message ID 0x18a55fe1
(perhaps this is a duplicated packet)
May 3 14:57:28 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.6:500
May 3 14:57:33 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
Quick Mode I1 message is unacceptable because it uses a previously used =
Message ID 0x18a55fe1
(perhaps this is a duplicated packet)
May 3 14:57:33 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.6:500
May 3 14:57:49 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
Quick Mode I1 message is unacceptable because it uses a previously used =
Message ID 0x18a55fe1
(perhaps this is a duplicated packet)
May 3 14:57:49 localhost pluto=5B12509=5D: =22mobile=22=5B2=5D =
192.168.1.6 =231:
sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.6:500
More information about the Users
mailing list