[Openswan Users] wrong "method="? was: Re: no connection is known for ...

Christian Huldt christian at solvare.se
Sun Jul 22 05:05:09 EDT 2007 

summary: openswan 2.4.8 (gentoo ~x86), PSK, l2tpd - XP clients work
fine, Mac OS X clients (10.4.10) not at all.

Would the macs problems to connect to the openswan l2tp/ipsec server be
that they include their nated address, or that they use method=110,
while the working XP clients go for method=106 straight a head?

Jul 22 10:39:46 static-213-115-27-195 pluto[15548]: packet from
81.231.248.185:500: received Vendor ID payload [RFC 3947] method set to=110
Jul 22 10:39:46 static-213-115-27-195 pluto[15548]: packet from
81.231.248.185:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike] meth=109, but already using method 110
Jul 22 10:39:46 static-213-115-27-195 pluto[15548]: packet from
81.231.248.185:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Jul 22 10:39:46 static-213-115-27-195 pluto[15548]: packet from
81.231.248.185:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Jul 22 10:39:46 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: responding to Main Mode from
unknown peer 81.231.248.185
Jul 22 10:39:46 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 22 10:39:46 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: STATE_MAIN_R1: sent MR1,
expecting MI2
Jul 22 10:39:47 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: ignoring Vendor ID payload
[KAME/racoon]
Jul 22 10:39:47 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: NAT-Traversal: Result using RFC
3947 (NAT-Traversal): peer is NATed
Jul 22 10:39:47 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 22 10:39:47 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: STATE_MAIN_R2: sent MR2,
expecting MI3
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: Main mode peer ID is
ID_IPV4_ADDR: '192.168.10.160'
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[1] 81.231.248.185 #1: switched from
"roadwarrior-l2tp" to "roadwarrior-l2tp"
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[2] 81.231.248.185 #1: deleting connection
"roadwarrior-l2tp" instance with peer 81.231.248.185 {isakmp=#0/ipsec=#0}
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[2] 81.231.248.185 #1: I did not send a certificate
because I do not have one.
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[2] 81.231.248.185 #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]: | NAT-T: new mapping
81.231.248.185:500/4500)
Jul 22 10:39:48 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[2] 81.231.248.185 #1: STATE_MAIN_R3: sent MR3, ISAKMP
SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp1024}
Jul 22 10:39:49 static-213-115-27-195 pluto[15548]:
"roadwarrior-l2tp"[2] 81.231.248.185 #1: cannot respond to IPsec SA
request because no connection is known for
213.115.27.195:17/1701...81.231.248.185[192.168.10.160]:17/%any===192.168.10.160/32


Christian Huldt skrev:
> Not entirely disconnected from the previous thread...
>
> I have a psk-setup on a linux host that is supposed to allow Windows XP and Mac OS X roadwarriors.
>
> It works great for windows, but macs get "no connection" and the log says:
>
> Jul 11 20:07:21 static-213-115-27-195 pluto[31939]: "roadwarrior-l2tp"[5] 81.231.248.185 #5: cannot respond to IPsec SA request because no connection is known for 213.115.27.195:17/1701...81.231.248.185[192.168.10.160]:17/%any===192.168.10.160/32
>
>
>
> config:
>
> config setup
>         nat_traversal=yes
>         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,,%v4:!192.168.79.0/24
>         #plutostderrlog=/var/log/pluto.log
>         #plutodebug=all
>         #plutodebug="parsing emitting control pfkey natt x509 private"
>         #nhelpers=0
>
> # Add connections here
>
> conn %default
>         keyingtries=3
>         rekey=no
>         authby=secret
>         left=%defaultroute
>         leftnexthop=213.115.27.193
>         
> conn roadwarrior-l2tp
>         left=%defaultroute
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/%any
>         #rightprotoport=17/1701
>         pfs=no
>         keyingtries=3
>         auto=add
>         rightsubnet=vhost:%no,%priv
>
>
>   

-- 
Christian Huldt
Solvare
+46 704612207
+46 86168307
christian at solvare.se



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20070722/f48511bb/attachment.bin

More information about the Users mailing list