[Openswan Users] L2TP / IPSEC (certificate) with Cisco Systems, Inc./VPN 3000 Concentrator
Dick
dm at chello.nl
Mon Oct 9 11:35:54 EDT 2006
Hi all,
I'm using openswan-2.4.4 on Gentoo Linux with a 2.6.17-gentoo-r8 kernel.
I'd like to connect to our Cisco Systems, Inc./VPN 3000 Concentrator at
our office (version 4.7.2.I Aug 03 2006 18:52:24) by using L2TP / IPSEC
(certificate).
I've setup ipsec.conf by using
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#client
ipsec auto --listcerts tells me:
000 pubkey: 512 RSA Key HIDEHIDEH, has private key
000 validity: not before Feb 18 10:54:20 2006 ok
000 not after Feb 18 11:04:20 2007 ok
And the same certificate/key are working properly on Windows XP (VPN)
When I start the ipsec connection:
# ipsec auto --up L2TP-CERT-CLIENT
I get the following messages:
104 "L2TP-CERT-CLIENT" #1: STATE_MAIN_I1: initiate
003 "L2TP-CERT-CLIENT" #1: ignoring unknown Vendor ID payload
[4048b7d56ebce88525e7de7f00d6c2d3c0000000]
106 "L2TP-CERT-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "L2TP-CERT-CLIENT" #1: received Vendor ID payload [Cisco-Unity]
003 "L2TP-CERT-CLIENT" #1: received Vendor ID payload [XAUTH]
003 "L2TP-CERT-CLIENT" #1: ignoring unknown Vendor ID payload
[e84b8a5d5c6a714369520b9879dea040]
003 "L2TP-CERT-CLIENT" #1: ignoring Vendor ID payload [Cisco VPN 3000
Series]
108 "L2TP-CERT-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "L2TP-CERT-CLIENT" #1: discarding duplicate packet; already
STATE_MAIN_I3
010 "L2TP-CERT-CLIENT" #1: STATE_MAIN_I3: retransmission; will wait 20s
for response
003 "L2TP-CERT-CLIENT" #1: discarding duplicate packet; already
STATE_MAIN_I3
003 "L2TP-CERT-CLIENT" #1: discarding duplicate packet; already
STATE_MAIN_I3
003 "L2TP-CERT-CLIENT" #1: next payload type of ISAKMP Hash Payload has
an unknown value: 49
003 "L2TP-CERT-CLIENT" #1: malformed payload in packet
010 "L2TP-CERT-CLIENT" #1: STATE_MAIN_I3: retransmission; will wait 40s
for response
For who is interested I can send my auth.log with debug="all"
Who knows what's going on?
Thanks in advance,
Dick
More information about the Users
mailing list