[Openswan Users] (no subject)

pistoi at email.it pistoi at email.it
Thu Apr 17 04:00:27 EDT 2008


Hello,

I have a problem with openswan, I hope in your suggestion.I connect my
windows mobile 6, 5, windows vista an xp to vpn ipsec with debian box /
openswan.Now I must connect an macOS Tiger but i Have two problem:- the mac
not connect- the mobile not connect.My configuration is this:version
2.0config setup       
interfaces=%defaultroute       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!172.31.1.0/24       
klipsdebug=none       
plutodebug=noneconn %default       
keyingtries=3       
compress=no       
disablearrivalcheck=no       
authby=rsasig       
keyexchange=ike       
ikelifetime=240m        keylife=60mconn
roadwarrior       
left=123.123.123.123       
leftcert=/etc/ipsec.d/certs/serverCert.pem       
leftrsasigkey=%cert       
rightrsasigkey=%cert       
leftprotoport=17/1701       
leftnexthop=%defaultroute       
right=%any       
rightprotoport=17/1701       
rightsubnet=vhost:%priv,%no       
rightca=%same       
type=transport       
auto=add        pfs=noconn
roadwarrior-mac       
left=123.123.123.123       
leftid=123.123.123.123       
leftcert=/etc/ipsec.d/certs/servermacCert.pem       
leftrsasigkey=%cert       
rightrsasigkey=%cert       
leftprotoport=17/1701       
leftnexthop=%defaultroute       
right=%any       
rightprotoport=17/%any       
rightsubnet=vhost:%priv,%no       
rightca=%same       
type=transport       
auto=add        pfs=noconn
block        auto=ignoreconn
clear-or-private        auto=ignoreconn
clear        auto=ignoreconn
packetdefault        auto=ignoreThe
certificate are signed by same CA for both conn (roadwarrior and
roadwarrior-mac), but the serverCert.pem when I have create this in the
openssl.cnf i have put
this:extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuthSubjectAltName=IP:123.123.123.123and
for serverCert.pem, I have commented this.When i comment all conn
roadwarrior-mac the connection with mobile go up, but when i comment out
dont'work, in the log i see that It use only roadwarrior-mac.The
question: what are the modify that i could use windows mobile and mac in the
same configuration?When I try the connection with mac don't work and log
say this:Apr 16 17:06:49 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: responding to Main Mode
from unknown peer 123.155.255.11Apr 16 17:06:49 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1Apr 16 17:06:49 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: STATE_MAIN_R1: sent MR1,
expecting MI2Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: ignoring Vendor ID payload
[KAME/racoon]Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: STATE_MAIN_R2: sent MR2,
expecting MI3Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: Main mode peer ID is
ID_DER_ASN1_DN: 'C=IT, ST=Italia, O=Merlospa, OU=Merlospa, CN=ISILine
mac, E=noc at isiline.net'Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[1] 123.155.255.11 #1: switched from
"roadwarrior-mac" to "roadwarrior-mac"Apr 16 17:06:50
vpnserver pluto[4876]: "roadwarrior-mac"[2] 2123.155.255.11 #1:
deleting connection "roadwarrior-mac" instance with peer
123.155.255.11 {isakmp=#0/ipsec=#0}Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[2] 123.155.255.11 #1: I am sending my certApr 16
17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[2]
123.155.255.11 #1: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3Apr 16 17:06:50 vpnserver pluto[4876]:
"roadwarrior-mac"[2] 123.155.255.11 #1: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp1024}Apr 16 17:06:52 vpnserver pluto[4876]:
"roadwarrior-mac"[2] 123.155.255.11 #1: cannot respond to IPsec SA
request because no connection is known for
212.210.164.87:17/1701...123.155.255.11[C=IT, ST=Italia, O=Merlospa,
OU=Merlospa, CN=ISILine mac, E=noc at isiline.net]:17/%any===192.168.1.2/32Apr
16 17:06:52 vpnserver pluto[4876]: "roadwarrior-mac"[2]
123.155.255.11 #1: sending encrypted notification INVALID_ID_INFORMATION to
123.155.255.11:51071Apr 16 17:06:55 vpnserver pluto[4876]:
"roadwarrior-mac"[2] 123.155.255.11 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message ID 0x96aabc27
(perhaps this is a duplicated packet)Apr 16 17:06:55 vpnserver pluto[4876]:
"roadwarrior-mac"[2] 123.155.255.11 #1: sending encrypted
notification INVALID_MESSAGE_ID to 123.155.255.11:51071Apr 16 17:06:58
vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x96aabc27 (perhaps this is a duplicated packet)Apr 16 17:06:58
vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1:
sending encrypted notification INVALID_MESSAGE_ID to 123.155.255.11:51071Apr
16 17:07:01 vpnserver pluto[4876]: "roadwarrior-mac"[2]
123.155.255.11 #1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0x96aabc27 (perhaps this is a duplicated
packet)For mac, where is the problem? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080417/e5ca825d/attachment.html 


More information about the Users mailing list