[Openswan Users] Linux IPsec client

Xunhua Wang wangxx at jmu.edu
Sun Sep 24 21:06:20 EDT 2006

Hi all,

We have a VPN server running Linux Openswan U2.4.5/K2.6.9-5.ELsmp (netkey)
and l2tpd. The server's configuration is attached as ipsec.conf

With Windows XP/2000 clients, we can connect to this VPN server (with the
roadwarrior connection). 

However, when we try to use a Linux Openswan 2.4.5 client (the client's
configuration is attached as ipsec-client.conf) to connect to the same
server, we got the following error:

----- ERROR BEGINS -----
[root at shannon ~]# ipsec auto --up l2tpclient
104 "l2tpclient" #1: STATE_MAIN_I1: initiate
003 "l2tpclient" #1: received Vendor ID payload [Dead Peer Detection]
106 "l2tpclient" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "l2tpclient" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "l2tpclient" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
117 "l2tpclient" #2: STATE_QUICK_I1: initiate
010 "l2tpclient" #2: STATE_QUICK_I1: retransmission; will wait 20s for
010 "l2tpclient" #2: STATE_QUICK_I1: retransmission; will wait 40s for
031 "l2tpclient" #2: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal
000 "l2tpclient" #2: starting keying attempt 2 of at most 3, but releasing
[root at shannon ~]#

-----ERROR ENDS -----

What's the reason that caused the quick mode failure? Any suggestions about
how to find the reason?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec-client.conf
Type: application/octet-stream
Size: 796 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060924/cb34d608/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 883 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060924/cb34d608/attachment-0001.obj 

More information about the Users mailing list