[Openswan Users] openswan Linux client + Win2k3 Server

Bartel, Zack Zack.Bartel at Tectura.com
Fri Nov 3 12:47:32 EST 2006 

Hello,

 

I am trying to get a Fedora Core 4 client machine to connect to a Win
2k3 server with Openswan 2.4.4. The initial main mode connection seems
to be ok but I am getting the following errors during quick mode
negotiation:

 


Nov  3 09:35:34 localhost pluto[23675]: packet from 192.168.126.137:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

Nov  3 09:35:34 localhost pluto[23675]: packet from 192.168.126.137:500:
ignoring Vendor ID payload [FRAGMENTATION]

Nov  3 09:35:34 localhost pluto[23675]: packet from 192.168.126.137:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 

Nov  3 09:35:34 localhost pluto[23675]: packet from 192.168.126.137:500:
ignoring Vendor ID payload [Vid-Initial-Contact]

Nov  3 09:35:34 localhost pluto[23675]: "L2TP-PSK" #1: responding to
Main Mode

Nov  3 09:35:34 localhost pluto[23675]: "L2TP-PSK" #1: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1

Nov  3 09:35:34 localhost pluto[23675]: "L2TP-PSK" #1: STATE_MAIN_R1:
sent MR1, expecting MI2

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: STATE_MAIN_R2:
sent MR2, expecting MI3

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: Main mode peer ID
is ID_IPV4_ADDR: '192.168.126.137'

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: I did not send a
certificate because I do not have one.

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3

Nov  3 09:35:37 localhost pluto[23675]: "L2TP-PSK" #1: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}

Nov  3 09:35:38 localhost pluto[23675]: "L2TP-PSK" #1: cannot respond to
IPsec SA request because no connection is known for
192.168.131.128...192.168.126.137

Nov  3 09:35:38 localhost pluto[23675]: "L2TP-PSK" #1: sending encrypted
notification INVALID_ID_INFORMATION to 192.168.126.137:500

Nov  3 09:35:43 localhost pluto[23675]: "L2TP-PSK" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x58e93fd2 (perhaps this is a duplicated packet)

Nov  3 09:35:43 localhost pluto[23675]: "L2TP-PSK" #1: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.126.137:500

Nov  3 09:35:49 localhost pluto[23675]: "L2TP-PSK" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x58e93fd2 (perhaps this is a duplicated packet)

(last 2 messages repeated 8 times)

 

Here's the /etc/ipsec.d/L2TP-PSK.conf

conn L2TP-PSK

            authby=secret

            pfs=no

            rekey=no

            keyingtries=3

            type=transport

            esp=3des-sha1

            # Local Linux machine that connects as client

            left=%defaultroute

            leftprotoport=17/1701

            # The remote server

            right=192.168.126.137

            rightprotoport=17/1701

            # Change 'ignore' to 'add' to enable the configuration for
this user.

            auto=add

 

and the ipsec.secrets

192.168.131.128 192.168.126.137: PSK "presharedkey"

192.168.126.137 192.168.131.128: PSK "presharedkey"

 

 

 

If anyone has seen this before or know what may be going on I would very
much appreciate the help.

 

Thanks!

 

Zack Bartel

Software Engineer

 

Tectura

14205 SE 36th Street
Bellevue, WA 98006

Tel:       425-957-4237
Mobile:  503-320-1884
E-mail:  zack.bartel at tectura.com <mailto:zack.bartel at tectura.com>  

Web:       www.tectura.com <http://www.tectura.com/>  

This e-mail (and attachments, if any) is confidential and access by
anyone other than the addressee(s) is unauthorized.  If you are not the
intended recipient, any disclosure, copying, forwarding, or distribution
of this e-mail is prohibited and immediate deletion should be effected.
We would appreciate your notifying the sender immediately should you
become aware of any instances of such occurrence. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061103/8a304c40/attachment-0001.html

More information about the Users mailing list