[Openswan Users] roadwarrior setup with xl2tpd

Deepak Chopra deepak.chopra at mind-infotech.com
Tue Jan 30 08:17:40 EST 2007 

Hello all,

 

After making a successful VPN Connection ( i.e net-to-net) I want to connect
my laptop ( XP Professional) to my home network, but when my machine
connects to the gateway machine, I'm getting a error message KLIPS:
PFKEY_MSG_PARSE: EXT TYPE 30 ( null ) unknown, ignoring.

As per the document I've patched the kernel for NAT-T support but I don't
know how to check that it is installed ?

The openswan-2.4.7 on my gateway machine (home network) is running on RHEL 4
and kernel is 2.6.9-x. 

Ipsec version is : openswan-2.4.7 (klips)

 

But when my laptop connects the linux gateway machine it goes crashed and
the log is attached below:

 

 

Jan 30 15:11:50 eashdeep pluto[6170]: packet from 220.227.171.226:2:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

Jan 30 15:11:50 eashdeep pluto[6170]: packet from 220.227.171.226:2:
ignoring Vendor ID payload [FRAGMENTATION]

Jan 30 15:11:50 eashdeep pluto[6170]: packet from 220.227.171.226:2:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 

Jan 30 15:11:50 eashdeep pluto[6170]: packet from 220.227.171.226:2:
ignoring Vendor ID payload [Vid-Initial-Contact]

Jan 30 15:11:50 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:50 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: responding to Main Mode from unknown peer 220.227.171.226

Jan 30 15:11:50 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Jan 30 15:11:50 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: STATE_MAIN_R1: sent MR1, expecting MI2

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are
NATed

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: STATE_MAIN_R2: sent MR2, expecting MI3

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: Main mode peer ID is ID_FQDN: '@myvpc'

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: I did not send a certificate because I do not have one.

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

Jan 30 15:11:51 eashdeep pluto[6170]: | NAT-T: new mapping
220.227.171.226:2/5853)

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep last message repeated 9 times

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection helpline

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep last message repeated 24 times

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#57: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep last message repeated 2 times

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#58: responding to Quick Mode {msgid:6dd6e76b}

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#58: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#58: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#44: received Delete SA payload: deleting ISAKMP State #44

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: packet from 220.227.171.226:5853:
received and ignored informational message

Jan 30 15:11:51 eashdeep pluto[6170]: | processing connection
roadwarrior-l2tp[2] 220.227.171.226

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#58: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Jan 30 15:11:51 eashdeep pluto[6170]: "roadwarrior-l2tp"[2] 220.227.171.226
#58: STATE_QUICK_R2: IPsec SA established {ESP=>0x5464e2f2 <0xd8f3f9cb
xfrm=3DES_0-HMAC_MD5 NATD=220.227.171.226:5853 DPD=none}

 

 

I'm using PSK for roadwarrior setup and config file is :

 

/etc/ipsec.conf

 

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

 

version     2.0   # conforms to second version of ipsec.conf specification

 

# basic configuration

config setup

      plutodebug=dns

      interfaces=%defaultroute

      uniqueids=yes

      nat_traversal=yes

 

conn %default

      authby=secret

      keyexchange=ike

      esp=aes,3des

      keyingtries=%forever

      auth=esp

 

conn roadwarrior-l2tp

      left=%defaultroute

      leftsubnet=172.29.18.0/24

      leftid=@xyz.selfip.net

      leftprotoport=17/1701

      rightprotoport=17/%any

      right=%any

      authby=secret

      auto=add

      pfs=no

 

I don't know what is the exact problem but as per the openswan userlist it
is NAT-T patch problem. So I've installed the patch as per process given
below

 

export KERNELSRC=/lib/modules/`uname -r`/build

Make module26

Make minstall26

depmod -a

 

with thanks and regards

Deepak chopra

 

 


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus/trojan/worms/malicious code transmitted by this email.

www.mind-infotech.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070130/8ecc17bb/attachment-0001.html

More information about the Users mailing list