[Openswan Users] ERROR: netlink_get_spi for...

Tue Sep 25 23:25:36 EDT 2007

This is starting to drive me mad. I am trying to get openswan properly 
running for l2tp connections on my KuroBox NAS device. The original 
kernel was not configured for ipsec thus I have recompiled a new kernel 
and included net_key, ah, esp and ipcomp. That seems to work so far but 
I cannot get the ipsec connection working. I always get the

ERROR: netlink_get_spi for esp.0 at 192.168.2.96/4096/4294967295 failed 
with errno 22: Invalid argument

in the logs below, regardless whether I try to connect from a Mac or a 
Windows box. I did not really find any helping pointers with google.

Linux Openswan U2.4.6/K2.6.12.6-arm1 (netkey)

openswan is taken from the current stable debian packages.

Can anyone help me to locate this problem?

Thanks!

Gerald

Logs follow:

Sep 26 12:03:17 localhost pluto[683]: packet from 192.168.254.188:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 26 12:03:17 localhost pluto[683]: packet from 192.168.254.188:500: 
ignoring Vendor ID payload [FRAGMENTATION]
Sep 26 12:03:17 localhost pluto[683]: packet from 192.168.254.188:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set 
to=106
Sep 26 12:03:17 localhost pluto[683]: packet from 192.168.254.188:500: 
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: responding to Main Mode from unknown peer 192.168.254.188
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT 
detected
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: Main mode peer ID is ID_IPV4_ADDR: '192.168.254.188'
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: I did not send a certificate because I do not have one.
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp2048}
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-noNAT"[4] 
192.168.254.188 #7: ERROR: netlink_get_spi for 
esp.0 at 192.168.2.96/4096/4294967295 failed with errno 22: Invalid argument
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-noNAT"[4] 
192.168.254.188 #7: responding to Quick Mode {msgid:04e54805}
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-noNAT"[4] 
192.168.254.188 #7: ERROR: netlink response for Add SA 
esp.0 at 192.168.2.96 included errno 22: Invalid argument
Sep 26 12:03:17 localhost pluto[683]: "L2TP-PSK-noNAT"[4] 
192.168.254.188: deleting connection "L2TP-PSK-noNAT" instance with peer 
192.168.254.188 {isakmp=#0/ipsec=#0}
Sep 26 12:03:18 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: Quick Mode I1 message is unacceptable because it uses a previously 
used Message ID 0x04e54805 (perhaps this is a duplicated packet)
Sep 26 12:03:18 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: sending encrypted notification INVALID_MESSAGE_ID to 192.168.254.188:500
Sep 26 12:03:20 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: Quick Mode I1 message is unacceptable because it uses a previously 
used Message ID 0x04e54805 (perhaps this is a duplicated packet)
Sep 26 12:03:20 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: sending encrypted notification INVALID_MESSAGE_ID to 192.168.254.188:500
Sep 26 12:03:24 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: Quick Mode I1 message is unacceptable because it uses a previously 
used Message ID 0x04e54805 (perhaps this is a duplicated packet)
Sep 26 12:03:24 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: sending encrypted notification INVALID_MESSAGE_ID to 192.168.254.188:500
Sep 26 12:03:24 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188 
#6: received Delete SA payload: deleting ISAKMP State #6
Sep 26 12:03:24 localhost pluto[683]: "L2TP-PSK-NAT"[3] 192.168.254.188: 
deleting connection "L2TP-PSK-NAT" instance with peer 192.168.254.188 
{isakmp=#0/ipsec=#0}
Sep 26 12:03:24 localhost pluto[683]: packet from 192.168.254.188:500: 
received and ignored informational message