[Openswan Users] Openswan Vista Client through l2tp can't finish connection

James james at nttmcl.com
Mon Dec 10 14:05:24 EST 2007 

Jacco de Leeuw wrote:
> Difficult to say what's special about this particular client.
> Does it happen to have the same subnet as the remote network?
>   
Different Subnets the server and client are on.
> Might have to see more of that log. E.g., which side decides to disconnect
> and why.
>
>   

Is there a way to troubleshoot without the client because my client user 
is extremely busy and it's hard to get my hands on access to his computer.
And yeah i need to update my crl file.

Thanks in Advance
-James

Here's more of the log:

Dec  7 14:21:28 tunnel pluto[2172]: "roadwarrior-l2tp"[454] 
xxx.xxx.xxx.8: deleting connection "roadwarrior-l2tp" instance with peer 
xxx.xxx.xxx.8 {isakmp=#0/ipsec=#0}
Dec  7 14:21:28 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
received and ignored informational message
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000005]
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
received Vendor ID payload [RFC 3947] method set to=110
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but already using method 110
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring Vendor ID payload [FRAGMENTATION]
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring Vendor ID payload [Vid-Initial-Contact]
Dec  7 14:23:01 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: responding to Main Mode from unknown peer xxx.xxx.xxx.8
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 
supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 
supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: transition from state STATE_MAIN_R0 to state 
STATE_MAIN_R1
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: STATE_MAIN_R1: sent MR1, expecting MI2
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: NAT-Traversal: Result using 3: no NAT detected
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: transition from state STATE_MAIN_R1 to state 
STATE_MAIN_R2
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: STATE_MAIN_R2: sent MR2, expecting MI3
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, 
ST=California, L=Location, O=example, CN=user, E=user at example.com'
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: crl update for "C=US, ST=California, O=example, 
CN=vpnca, E=auth at example.com" is overdue since Sep 26 19:03:55 UTC 2007
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[455] 
xxx.xxx.xxx.8 #559: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: deleting connection "roadwarrior-l2tp" instance with 
peer xxx.xxx.xxx.8 {isakmp=#0/ipsec=#0}
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: I am sending my cert
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: transition from state STATE_MAIN_R2 to state 
STATE_MAIN_R3
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp2048}
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #560: responding to Quick Mode {msgid:01000000}
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #560: transition from state STATE_QUICK_R0 to state 
STATE_QUICK_R1
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #560: STATE_QUICK_R1: sent QR1, inbound IPsec SA 
installed, expecting QI2
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #560: transition from state STATE_QUICK_R1 to state 
STATE_QUICK_R2
Dec  7 14:23:01 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #560: STATE_QUICK_R2: IPsec SA established 
{ESP=>0x0e3593a5 <0x6e231842 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
Dec  7 14:23:05 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: received Delete SA(0x0e3593a5) payload: deleting 
IPSEC State #560
Dec  7 14:23:05 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: received and ignored informational message
Dec  7 14:23:05 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8 #559: received Delete SA payload: deleting ISAKMP State #559
Dec  7 14:23:05 tunnel pluto[2172]: "roadwarrior-l2tp"[456] 
xxx.xxx.xxx.8: deleting connection "roadwarrior-l2tp" instance with peer 
xxx.xxx.xxx.8 {isakmp=#0/ipsec=#0}
Dec  7 14:23:05 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
received and ignored informational message
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000005]
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
received Vendor ID payload [RFC 3947] method set to=110
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but already using method 110
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring Vendor ID payload [FRAGMENTATION]
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring Vendor ID payload [Vid-Initial-Contact]
Dec  7 14:23:47 tunnel pluto[2172]: packet from xxx.xxx.xxx.8:500: 
ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: responding to Main Mode from unknown peer xxx.xxx.xxx.8
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 
supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 
supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: transition from state STATE_MAIN_R0 to state 
STATE_MAIN_R1
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: STATE_MAIN_R1: sent MR1, expecting MI2
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: NAT-Traversal: Result using 3: no NAT detected
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: transition from state STATE_MAIN_R1 to state 
STATE_MAIN_R2
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: STATE_MAIN_R2: sent MR2, expecting MI3
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, 
ST=California, L=Location, O=example, CN=user, E=user at example.com'
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: crl update for "C=US, ST=California, O=example, 
CN=vpnca, E=auth at example.com" is overdue since Sep 26 19:03:55 UTC 2007
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[457] 
xxx.xxx.xxx.8 #561: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: deleting connection "roadwarrior-l2tp" instance with 
peer xxx.xxx.xxx.8 {isakmp=#0/ipsec=#0}
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: I am sending my cert
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: transition from state STATE_MAIN_R2 to state 
STATE_MAIN_R3
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp2048}
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #562: responding to Quick Mode {msgid:01000000}
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #562: transition from state STATE_QUICK_R0 to state 
STATE_QUICK_R1
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #562: STATE_QUICK_R1: sent QR1, inbound IPsec SA 
installed, expecting QI2
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #562: transition from state STATE_QUICK_R1 to state 
STATE_QUICK_R2
Dec  7 14:23:47 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #562: STATE_QUICK_R2: IPsec SA established 
{ESP=>0x87847874 <0x594c9324 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
Dec  7 14:23:54 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: received Delete SA(0x87847874) payload: deleting 
IPSEC State #562
Dec  7 14:23:54 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: received and ignored informational message
Dec  7 14:23:54 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8 #561: received Delete SA payload: deleting ISAKMP State #561
Dec  7 14:23:54 tunnel pluto[2172]: "roadwarrior-l2tp"[458] 
xxx.xxx.xxx.8: deleting connection "roadwarrior-l2tp" instance with peer 
xxx.xxx.xxx.8 {isakmp=#0/ipsec=#0}

More information about the Users mailing list