[Openswan Users] L2TP/IPsec doesn't work

Turbo Fredriksson turbo at bayour.com
Fri Nov 3 06:35:44 EST 2006 

Quoting Turbo Fredriksson <turbo at bayour.com>:

I now get a slightly different result:

----- s n i p -----
==> /var/log/auth.log <==
Nov  3 12:28:22 workfw pluto[13493]: packet from <HOMEFW_IP>:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]
Nov  3 12:28:22 workfw pluto[13493]: packet from <HOMEFW_IP>:500: ignoring Vendor ID payload [FRAGMENTATION]
Nov  3 12:28:22 workfw pluto[13493]: packet from <HOMEFW_IP>:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov  3 12:28:22 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: responding to Main Mode from unknown peer <HOMEFW_IP>
Nov  3 12:28:22 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov  3 12:28:22 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: STATE_MAIN_R1: sent MR1, expecting MI2
Nov  3 12:28:24 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Nov  3 12:28:24 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov  3 12:28:24 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: STATE_MAIN_R2: sent MR2, expecting MI3
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: Main mode peer ID is ID_DER_ASN1_DN: '<MY_PRIVATE_CERT_DN>'
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[7] <HOMEFW_IP> #7: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: deleting connection "roadwarrior-l2tp" instance with peer <HOMEFW_IP> {isakmp=#0/ipsec=#0}
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: I am sending my cert
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov  3 12:28:25 workfw pluto[13493]: | NAT-T: new mapping <HOMEFW_IP>:500/4500)
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #8: responding to Quick Mode {msgid:815c9d9c}
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

==> /var/log/syslog <==
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 27(X-NAT-T-sport) unknown, ignoring.
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 28(X-NAT-T-dport) unknown, ignoring.
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 29(X-NAT-T-OA) unknown, ignoring.
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 30(<NULL>) unknown, ignoring.

==> /var/log/auth.log <==
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov  3 12:28:25 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #8: STATE_QUICK_R2: IPsec SA established {ESP=>0x2006872a <0x60d62e80 xfrm=3DES_0-HMAC_MD5 NATD=<HOMEFW_IP>:4500 DPD=none}

==> /var/log/syslog <==
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 27(X-NAT-T-sport) unknown, ignoring.
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 28(X-NAT-T-dport) unknown, ignoring.
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 29(X-NAT-T-OA) unknown, ignoring.
Nov  3 12:28:25 workfw kernel: klips:pfkey_msg_parse: ext type 30(<NULL>) unknown, ignoring.

==> /var/log/auth.log <==
Nov  3 12:29:00 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: received Delete SA(0x2006872a) payload: deleting IPSEC State #8
Nov  3 12:29:00 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: received and ignored informational message
Nov  3 12:29:00 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP> #7: received Delete SA payload: deleting ISAKMP State #7
Nov  3 12:29:00 workfw pluto[13493]: "roadwarrior-l2tp"[8] <HOMEFW_IP>: deleting connection "roadwarrior-l2tp" instance with peer <HOMEFW_IP> {isakmp=#0/ipsec=#0}
Nov  3 12:29:00 workfw pluto[13493]: packet from <HOMEFW_IP>:4500: received and ignored informational message
----- s n i p -----

>From what I can see (comparing with the previous mail from me in the
thread), I now get 'transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2' in addition to the previous.

This is my (now shortened) ipsec.conf:

----- s n i p -----
version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24

conn %default
        keyingtries=1
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        pfs=no

conn roadwarrior-l2tp
        type=transport
        left=%defaultroute
        leftcert=workfw.domain.tld.pem
        leftprotoport=17/1701
        right=%any
        rightca=%same
        rightrsasigkey=%cert
        rightprotoport=17/%any
        rightsubnet=vhost:%priv,%no
        rekey=no
        auto=add

# Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
----- s n i p -----


Any idea of why I can't get it to work?!?  Is there anyone in
Gothenburg, Sweden that can help me out with this (with normal
consulting fee)?

More information about the Users mailing list