[Openswan Users] L2TP / IPSEC shows problem while connecting from Windows XP(Maximum retries exceeded for tunnel 40334. Closing)!!!!

No Body is Perfect news.listener at gmail.com
Wed Dec 10 09:50:12 EST 2008


I am interessed to if you are resolved this issue ?

Shiva Raman schrieb:
> Dear all
> 
>  i am trying to setup a L2TP/IPSEC vpn server with Linux as server and
> windows as clients.
> I am facing a problem in which the clients are not able to connect to
> openswan server. I tried
> with different configuration and also referred to postings in the
> openswan list. but i was not able to fix the problem. Let me the
> explains the details of my installation.
> 
>   I am using the following version of OS and openswan /l2tp.
> 
> 
> OS Version
> -----------------
> 
> Centos 5.2 (64 bit )  as L2TP/IPSEC server
> Windows xp sp2 as L2TP/IPSEC client
> 
> openswan version
> ----------------------------
> openswan-2.6.12-2.el5
> 
> l2tpd version
> -----------------
> l2tpd-0.69-0.2.20051030.fc4.x86_64.rpm
> 
> Kernel version of Centos 5.2 - > 2.6.18-92.el5
> 
> Following are the configuration files
> 
> Configuartion of  ipsec.conf
> ----------------------------------------
> 
> version 2.0
> 
> config setup
>         interfaces="ipsec0=ppp0"
>         klipsdebug=none
>         plutodebug=none
>         protostack=netkey
>         nat_traversal=yes
>         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.10.0/24
> 
> conn %default
>         keyingtries=3
>         compress=yes
>         disablearrivalcheck=no
>         authby=secret
>         type=tunnel
>         keyexchange=ike
>         ikelifetime=240m
>         keylife=60m
> 
> conn roadwarrior
>         pfs=no
>         left=219.64.78.98
>         leftprotoport=17/0
>         right=%any
>         rightprotoport=17/1701
>         rightsubnet=vhost:%no,%priv
>         auto=add
> 
> Configuration of ipsec.secrets
> --------------------------------------------
> : PSK "theconnectionissecure"
> 
> 
> Configuration of  l2tpd.conf
> ------------------------------------------
> [global]
> ; listen-addr = 192.168.1.98
> [lns default]
> ip range = 192.168.10.138-192.168.10.254
> local ip = 224.64.77.97
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = LinuxVPNserver
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd
> length bit = yes
> 
> Configuration of  option.l2tpd
> ------------------------------------------
> ipcp-accept-local
> ipcp-accept-remote
> #ms-dns 192.168.10.1
> #ms-wins 192.168.10.1
> auth
> crtscts
> idle 1800
> mtu 1200
> mru 1200
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
> nologfd
> #check this noccp
> 
> 
> ------------------------------------------------------------------------------
> 
> 
> Following are the Output of Log messages
> 
> 
> tail -f /var/log/secure
> ------------------------------------
> 
> Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #2: STATE_MAIN_R1: sent MR1, expecting MI2
> Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #1: NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #1: transition from state STATE_MAIN_R1 to state
> STATE_MAIN_R2
> Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #1: STATE_MAIN_R2: sent MR2, expecting MI3
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #1: discarding duplicate packet; already STATE_MAIN_R2
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #1: Main mode peer ID is ID_FQDN: '@FAMILY'
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #1: switched from "roadwarrior" to "roadwarrior"
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: transition from state STATE_MAIN_R2 to state
> STATE_MAIN_R3
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
> 211.77.124.191 #2: new NAT mapping for #2, was 211.77.124.191:500, now
> 211.77.124.191:4500
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: new NAT mapping for #1, was 211.77.124.191:500, now
> 211.77.124.191:4500
> Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
> group=modp2048}
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: peer client type is FQDN
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: Applying workaround for MS-818043 NAT-T bug
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: IDci was FQDN: \333 at Nb, using
> NAT_OA=192.168.10.125/32 as IDci
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #1: the peer proposed: 219.64.78.98/32:17/0 ->
> 192.168.10.125/32:17/1701
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #3: responding to Quick Mode {msgid:9e3dce79}
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #3: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA
> installed, expecting QI2
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #3: transition from state STATE_QUICK_R1 to state
> STATE_QUICK_R2
> Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
> 211.77.124.191 #3: STATE_QUICK_R2: IPsec SA established tunnel mode
> {ESP=>0x9504a6c5 <0x7e0a887f xfrm=3DES_0-HMAC_MD5 NATOA=192.168.10.125
> NATD=211.77.124.191:4500 DPD=none}
> 
> 
> tail -f /var/log/message
> -----------------------------------
> 
> 
> Sep 22 19:03:10 localhost l2tpd[10033]: Maximum retries exceeded for
> tunnel 40334.  Closing.
> Sep 22 19:03:10 localhost l2tpd[10033]: Connection 94 closed to
> 211.77.124.191, port 1701
> 
> 
> kindly guide me how to resolve this issue.
> 
> 
> Regards
> 
> Shiva Raman
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 



More information about the Users mailing list