[Openswan Users] Leopard IPsec initial test - failed

Alan Whinery whinery at hawaii.edu
Mon Oct 29 03:30:44 EDT 2007


My first Leopard user (very capable techie) just installed his new cert
on Leopard and used it without pain, apparently. It's Sunday night here,
and we're going to compare notes in the morning. His screenshot and the
fact that his email header says the client was at one of my VPN
addresses suggests that it was in fact a working Leopard connection.

Server is Openswan 2.4.9 Netkey in 2.6.21.5 (yeah, I know, but on a
recent upgrade, I accidentally discovered that it worked while trying to
fix my (stupid) USB keyboard support for 2.6.18.8).

I'm sorry I am not using EKU's.

Yes, on AES, I had to compile the AES module to get Tiger Macs working...

Somebody remind me to complain about Vista in another thread...

This is through a NAT from at his residence:
( "Switching from roadwarrior to roadwarrior, etc is pretty amusing...)

Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: received
Vendor ID payload [RFC 3947] method set to=110
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=109, but already
using method 110
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: ignoring
unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: ignoring
unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: ignoring
unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: ignoring
unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: ignoring
unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
using method 110
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using method 110
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using method 110
Oct 28 20:53:21 vpn pluto[6476]: packet from a.b.c.d:500: received
Vendor ID payload [Dead Peer Detection]
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
responding to Main Mode from unknown peer a.b.c.d
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
STATE_MAIN_R2: sent MR2, expecting MI3
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422: Main
mode peer ID is ID_DER_ASN1_DN: 'C=US, ST=HI, L=UH, O=UH,
CN=czane at hawaii.edu'
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422: crl
update for "C=US, ST=HI, L=UH, O=UH, OU=ITS, CN=Telecom,
E=networks at hawaii.edu" is overdue since Oct 10 17:34:00 UTC 2007
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[109] a.b.c.d #422:
switched from "roadwarrior" to "roadwarrior"
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[110] a.b.c.d #422:
deleting connection "roadwarrior" instance with peer a.b.c.d
{isakmp=#0/ipsec=#0}
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[110] a.b.c.d #422: I am
sending my cert
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[110] a.b.c.d #422:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[110] a.b.c.d #422:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[110] a.b.c.d #422:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
Oct 28 20:53:21 vpn pluto[6476]: "roadwarrior"[110] a.b.c.d #422:
received and ignored informational message
Oct 28 20:53:22 vpn pluto[6476]: "roadwarrior-l2tp-main"[75] a.b.c.d
#423: responding to Quick Mode {msgid:331f1db7}
Oct 28 20:53:22 vpn pluto[6476]: "roadwarrior-l2tp-main"[75] a.b.c.d
#423: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 28 20:53:22 vpn pluto[6476]: "roadwarrior-l2tp-main"[75] a.b.c.d
#423: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 28 20:53:23 vpn pluto[6476]: "roadwarrior-l2tp-main"[75] a.b.c.d
#423: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 28 20:53:23 vpn pluto[6476]: "roadwarrior-l2tp-main"[75] a.b.c.d
#423: STATE_QUICK_R2: IPsec SA established {ESP=>0x09509563 <0xc6035339
xfrm=AES_128-HMAC_SHA1 NATD=a.b.c.d:4500 DPD=none}



More information about the Users mailing list