[Openswan Users] openswan configuration needs help
Jean Marc Le Fevre
jm.lefevre at etatcritik.dyndns.org
Thu Apr 19 09:47:32 EDT 2007
Hello Paul and thanks for the answers
About the version, I use a 2.4.6 as it is in the suse 10.2 rpm.
About the comment you've done on the nated or not nated installation
as for the core dump, I hope It comes from the openswan version, I
'll be upgrading in the next hours and tell you about it.
I just found strange that once it is nated, once it is not. Both
messages come from the same log on the same try. (From a macos X
client from the internet to my firewalled vpn installation.
About gdb, I wish to give you information, but as I'n not familliar
with it.I'll keep the cores files and if you or anyone need to do
some test on it, please contect me.
I have no windows XP at home. None of my friends have one so It will
be very difficult for me to test from a windows intallation. (good
friends :) )
Thanks a lot for all :)
Hope my english os not too hard to understand
Le 18 avr. 07 à 20:36, Paul Wouters a écrit :
> On Wed, 18 Apr 2007, Jean Marc Le Fevre wrote:
>
>> dumpdir=/tmp
>
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: STATE_MAIN_R1:
>> sent MR1,
>> expecting MI2
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: ignoring Vendor
>> ID payload
>> [KAME/racoon]
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: NAT-Traversal:
>> Result using
>> 3: i am NATed
>
> So NAT'ed....
>
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: transition from
>> state
>> STATE_MAIN_R1 to state STATE_MAIN_R2
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: STATE_MAIN_R2:
>> sent MR2,
>> expecting MI3
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: Main mode peer
>> ID is
>> ID_IPV4_ADDR: 'IPFIXE'
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: I did not send a
>> certificate
>> because I do not have one.
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: transition from
>> state
>> STATE_MAIN_R2 to state STATE_MAIN_R3
>> Apr 18 18:04:16 Zpro pluto[11600]: | NAT-T: new mapping IPFIXE:
>> 500/4500)
>> Apr 18 18:04:16 Zpro pluto[11600]: "L2TP-PSK" #1: STATE_MAIN_R3:
>> sent MR3,
>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
>> cipher=oakley_3des_cbc_192
>> prf=oakley_sha group=modp1024}
>> Apr 18 18:04:17 Zpro pluto[11600]: "L2TP-PSK" #2: NAT-Traversal:
>> received 2
>> NAT-OA. ignored because peer is not NATed
>
> Not NAT'ed??
>
>> Apr 18 18:04:17 Zpro pluto[11600]: "L2TP-PSK" #2: responding to
>> Quick Mode
>> {msgid:99321c1d}
>> Apr 18 18:04:17 Zpro pluto[11600]: "L2TP-PSK" #2: ASSERTION FAILED at
>> kernel.c:2237: c->kind == CK_PERMANENT || c->kind == CK_INSTANCE
>
> Run gdb on the core in /tmp, and please give us some more information.
>
> Which version of openswan is this? If it is pre 2.4.7, please
> upgrade and try
> again.
>
>> newest ISAKMP; nodpd
>> Apr 18 18:04:17 Zpro pluto[11600]: "L2TP-PSK" #2:
>> Apr 18 18:04:17 Zpro ipsec__plutorun: /usr/lib/ipsec/_plutorun:
>> line 217:
>> 11600 Aborted (core dumped) /usr/lib/ipsec/pluto --
>> nofork
>> --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto
>> --uniqueids --nat_traversal --nhelpers 0
>> Apr 18 18:04:17 Zpro ipsec__plutorun: !pluto failure!: exited
>> with error
>> status 134 (signal 6)
>> Apr 18 18:04:17 Zpro ipsec__plutorun: restarting IPsec after pause...
>
> Same for this one.
>
> you might also want to try not using rightprotoport=17/%any, but
> 17/1701 and
> do a test with Windows XP (not OSX)
>
> Paul
> -
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?
> n=283155
>
>
>
>
>
!DSPAM:462772f750701440248084!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070419/38c9d513/attachment-0001.html
More information about the Users
mailing list