[Openswan Users] 2003 server cant connect
Herbert Zimbizi
herbert at afdis.co.zw
Wed Jun 27 11:27:32 EDT 2007
Iam trying to get dialin vpn running. I have installed openswan and l2tpd on
the vpn server. How can I solve this problem
The network is as below
Client
--------------------------------------------àinternet-----------------------
--àLinux Server(VPN)-----------------àinternal network
192.168.254.0/24 (tba through l2tpd)
1.1.1.99 192.168.0.251 192.168.0.0/24
(also isp assigned ip address )
Below is my ipsec.conf
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug="controlmore"
#interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:192.168.254.0/24,%v4:!192.168.0.0/24
conn %default
disablearrivalcheck=no
keyingtries=3
authby=secret
compress=no
keyexchange=ike
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-m
odp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1
024
esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
left=%defaultroute
rightnexthop=%defaultroute
leftsubnet=192.168.0.0/24
conn net
type=tunnel
pfs=no
right=%any
#rightsubnet=vhost:%no,%priv
auto=add
include /etc/ipsec.d/*.conf
result
un 27 17:24:15 yoafrica pluto[20957]: "net"[1] x.y.96.31 #2: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Jun 27 17:24:15 yoafrica pluto[20957]: "net"[1] x.y.96.31 #2: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Jun 27 17:24:15 yoafrica pluto[20957]: "net"[1] x.y.96.31 #2: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 27 17:24:15 yoafrica pluto[20957]: "net"[1] x.y.96.31 #2: STATE_MAIN_R1:
sent MR1, expecting MI2
Jun 27 17:24:17 yoafrica pluto[20957]: "net"[1] x.y.96.31 #1: NAT-Traversal:
Result using 3: peer is NATed
Jun 27 17:24:17 yoafrica pluto[20957]: "net"[1] x.y.96.31 #1: discarding
packet received during asynchronous work (DNS or crypto) in STATE_MAIN_R1
Jun 27 17:24:17 yoafrica pluto[20957]: "net"[1] x.y.96.31 #1: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 27 17:24:17 yoafrica pluto[20957]: "net"[1] x.y.96.31 #1: STATE_MAIN_R2:
sent MR2, expecting MI3
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[1] x.y.96.31 #1: Main mode peer
ID is ID_IPV4_ADDR: '192.168.0.25'
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: I did not send
a certificate because I do not have one.
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 27 17:24:19 yoafrica pluto[20957]: | NAT-T: new mapping
x.y.96.31:500/4500)
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: retransmitting
in response to duplicate packet; already STATE_MAIN_R3
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: cannot respond
to IPsec SA request because no connection is known for
1.1.1.99:17/1701...x.y.96.31[192.168.0.25]:17/1701===192.168.0.25/32
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: sending
encrypted notification INVALID_ID_INFORMATION to x.y.96.31:4500
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x01000000 (perhaps this is a duplicated packet)
Jun 27 17:24:19 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: sending
encrypted notification INVALID_MESSAGE_ID to x.y.96.31:4500
Jun 27 17:24:21 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x01000000 (perhaps this is a duplicated packet)
Jun 27 17:24:21 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: sending
encrypted notification INVALID_MESSAGE_ID to x.y.96.31:4500
Jun 27 17:24:21 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x01000000 (perhaps this is a duplicated packet)
Jun 27 17:24:21 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: sending
encrypted notification INVALID_MESSAGE_ID to x.y.96.31:4500
Jun 27 17:24:23 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x01000000 (perhaps this is a duplicated packet)
Jun 27 17:24:23 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: sending
encrypted notification INVALID_MESSAGE_ID to x.y.96.31:4500
Jun 27 17:24:23 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x01000000 (perhaps this is a duplicated packet)
Jun 27 17:24:23 yoafrica pluto[20957]: "net"[2] x.y.96.31 #1: sending
encrypted notification INVALID_MESSAGE_ID to x.y.96.31:4500
Jun 27 17:24:25 yoafrica pluto[20957]: "net"[1] x.y.96.31 #2: ERROR:
asynchronous network error report on eth1 (sport=500) for message to
x.y.96.31 port 4500, complainant x.y.96.31: No route to host [errno 113,
origin ICMP type 3 code 10 (not authenticated)]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070627/dfdfe32f/attachment-0001.html
More information about the Users
mailing list