[Openswan Users] Problem with openswan and l2tpd
Denis Beltramo
denis at denisio.net
Thu Feb 14 12:07:32 EST 2008
Hello to all,
i am an user of openswan, I have installed it on debian 4.0 from repository
with deb package. then i have installed l2tpd. I have tried the connection
net-to-net from linux and linux, the i have tried a connection with
certificate with linux and window but i have the problem: the tunnels go up
but during l2tpnd negotiation it kill the tunnel and doesn't work. I have
controllet ip forward and rp_reverse but it's all ok. this is my log:
ipsec barf:
Feb 14 19:09:57 testradiu2 pluto[30239]: "roadwarrior"[20] 172.31.1.192 #19:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Feb 14 19:09:57 testradiu2 pluto[30239]: "roadwarrior-l2tp"[10]
172.31.1.192#20: responding to Quick Mode {msgid:46a0bcab}
Feb 14 19:09:57 testradiu2 pluto[30239]: "roadwarrior-l2tp"[10]
172.31.1.192#20: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1
Feb 14 19:09:57 testradiu2 pluto[30239]: "roadwarrior-l2tp"[10]
172.31.1.192#20: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2
Feb 14 19:09:57 testradiu2 pluto[30239]: "roadwarrior-l2tp"[10]
172.31.1.192#20: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2
Feb 14 19:09:57 testradiu2 pluto[30239]: "roadwarrior-l2tp"[10]
172.31.1.192#20: STATE_QUICK_R2: IPsec SA established {ESP=>0xc80a638d
<0x7d6591a3
xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Feb 14 19:10:32 testradiu2 pluto[30239]: "roadwarrior"[20] 172.31.1.192 #19:
received Delete SA(0xc80a638d) payload: deleting IPSEC State #20
Feb 14 19:10:32 testradiu2 pluto[30239]: "roadwarrior"[20] 172.31.1.192 #19:
deleting connection "roadwarrior-l2tp" instance with peer
172.31.1.192{isakmp=#0/ipsec=#0}
Feb 14 19:10:32 testradiu2 pluto[30239]: "roadwarrior"[20] 172.31.1.192 #19:
received and ignored informational message
Feb 14 19:10:32 testradiu2 pluto[30239]: "roadwarrior"[20] 172.31.1.192 #19:
received Delete SA payload: deleting ISAKMP State #19
Feb 14 19:10:32 testradiu2 pluto[30239]: "roadwarrior"[20] 172.31.1.192:
deleting connection "roadwarrior" instance with peer
172.31.1.192{isakmp=#0/ipsec=#0}
Feb 14 19:10:32 testradiu2 pluto[30239]: packet from 172.31.1.192:500:
received and ignored informational message
and /var/log/daemon.log:
Feb 14 19:37:39 testradiu2 l2tpd[29852]: ourtid = 24188, entropy_buf = 5e7c
Feb 14 19:37:39 testradiu2 l2tpd[29852]: ourcid = 47579, entropy_buf = b9db
Feb 14 19:37:39 testradiu2 l2tpd[29852]: check_control: control, cid = 0, Ns
= 0, Nr = 0
Feb 14 19:37:39 testradiu2 l2tpd[29852]: handle_avps: handling avp's for
tunnel 24188, call 47579
Feb 14 19:37:39 testradiu2 l2tpd[29852]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 14 19:37:39 testradiu2 l2tpd[29852]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 14 19:37:39 testradiu2 l2tpd[29852]: framing_caps_avp: supported peer
frames: sync
Feb 14 19:37:39 testradiu2 l2tpd[29852]: bearer_caps_avp: supported peer
bearers:
Feb 14 19:37:39 testradiu2 l2tpd[29852]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)
Feb 14 19:37:39 testradiu2 l2tpd[29852]: hostname_avp: peer reports hostname
'admin-e5d20a8be'
Feb 14 19:37:39 testradiu2 l2tpd[29852]: vendor_avp: peer reports vendor
'Microsoft'
Feb 14 19:37:39 testradiu2 l2tpd[29852]: assigned_tunnel_avp: using peer's
tunnel 32
Feb 14 19:37:39 testradiu2 l2tpd[29852]: receive_window_size_avp: peer wants
RWS of 8. Will use flow control.
Feb 14 19:37:40 testradiu2 l2tpd[29852]: ourtid = 216, entropy_buf = d8
Feb 14 19:37:40 testradiu2 l2tpd[29852]: ourcid = 31780, entropy_buf = 7c24
Feb 14 19:37:40 testradiu2 l2tpd[29852]: check_control: control, cid = 0, Ns
= 0, Nr = 0
Feb 14 19:37:40 testradiu2 l2tpd[29852]: handle_avps: handling avp's for
tunnel 216, call 31780
Feb 14 19:37:40 testradiu2 l2tpd[29852]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 14 19:37:40 testradiu2 l2tpd[29852]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 14 19:37:40 testradiu2 l2tpd[29852]: framing_caps_avp: supported peer
frames: sync
Feb 14 19:37:40 testradiu2 l2tpd[29852]: bearer_caps_avp: supported peer
bearers:
Feb 14 19:37:40 testradiu2 l2tpd[29852]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)
Feb 14 19:37:40 testradiu2 l2tpd[29852]: hostname_avp: peer reports hostname
'admin-e5d20a8be'
Feb 14 19:37:40 testradiu2 l2tpd[29852]: vendor_avp: peer reports vendor
'Microsoft'
Feb 14 19:37:40 testradiu2 l2tpd[29852]: assigned_tunnel_avp: using peer's
tunnel 32
Feb 14 19:37:40 testradiu2 l2tpd[29852]: receive_window_size_avp: peer wants
RWS of 8. Will use flow control.
Feb 14 19:37:40 testradiu2 l2tpd[29852]: control_finish: Peer requested
tunnel 32 twice, ignoring second one.
Feb 14 19:37:42 testradiu2 l2tpd[29852]: ourtid = 9445, entropy_buf = 24e5
Feb 14 19:37:42 testradiu2 l2tpd[29852]: ourcid = 41286, entropy_buf = a146
Feb 14 19:37:42 testradiu2 l2tpd[29852]: check_control: control, cid = 0, Ns
= 0, Nr = 0
Feb 14 19:37:42 testradiu2 l2tpd[29852]: handle_avps: handling avp's for
tunnel 9445, call 41286
Feb 14 19:37:42 testradiu2 l2tpd[29852]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 14 19:37:42 testradiu2 l2tpd[29852]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 14 19:37:42 testradiu2 l2tpd[29852]: framing_caps_avp: supported peer
frames: sync
Feb 14 19:37:42 testradiu2 l2tpd[29852]: bearer_caps_avp: supported peer
bearers:
Feb 14 19:37:42 testradiu2 l2tpd[29852]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)
Feb 14 19:37:42 testradiu2 l2tpd[29852]: hostname_avp: peer reports hostname
'admin-e5d20a8be'
Feb 14 19:37:42 testradiu2 l2tpd[29852]: vendor_avp: peer reports vendor
'Microsoft'
Feb 14 19:37:42 testradiu2 l2tpd[29852]: assigned_tunnel_avp: using peer's
tunnel 32
Feb 14 19:37:42 testradiu2 l2tpd[29852]: receive_window_size_avp: peer wants
RWS of 8. Will use flow control.
Feb 14 19:37:42 testradiu2 l2tpd[29852]: control_finish: Peer requested
tunnel 32 twice, ignoring second one.
and tcpdump:
19:37:39.324723 IP 172.31.1.192.isakmp > 172.31.1.190.isakmp: isakmp: phase
2/others I oakley-quick[E]
19:37:39.330324 IP 172.31.1.190.isakmp > 172.31.1.192.isakmp: isakmp: phase
2/others R oakley-quick[E]
19:37:39.331714 IP 172.31.1.192.isakmp > 172.31.1.190.isakmp: isakmp: phase
2/others I oakley-quick[E]
19:37:39.332620 IP 172.31.1.192 > 172.31.1.190: ESP(spi=0xcef51c62,seq=0x1),
length 148
19:37:39.369614 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:40.319704 IP 172.31.1.192 > 172.31.1.190: ESP(spi=0xcef51c62,seq=0x2),
length 148
19:37:40.323999 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 ZLB
19:37:40.371747 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:41.375720 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:42.319557 IP 172.31.1.192 > 172.31.1.190: ESP(spi=0xcef51c62,seq=0x3),
length 148
19:37:42.325942 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 ZLB
19:37:42.379704 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:43.051593 arp who-has 172.31.1.192 tell 172.31.1.190
19:37:43.051937 arp reply 172.31.1.192 is-at 00:0f:b0:bc:1d:92 (oui Unknown)
19:37:43.383678 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:44.387892 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(24188)
*RESULT_CODE(1/0 Timeout)
19:37:45.391641 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(24188)
*RESULT_CODE(1/0 Timeout)
19:37:46.319304 IP 172.31.1.192 > 172.31.1.190: ESP(spi=0xcef51c62,seq=0x4),
length 148
19:37:46.325648 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 ZLB
19:37:46.399610 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(24188)
*RESULT_CODE(1/0 Timeout)
19:37:47.403588 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(24188)
*RESULT_CODE(1/0 Timeout)
19:37:48.407564 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(24188)
*RESULT_CODE(1/0 Timeout)
19:37:54.318773 IP 172.31.1.192 > 172.31.1.190: ESP(spi=0xcef51c62,seq=0x5),
length 148
19:37:54.325420 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:55.331432 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:56.335393 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:57.339364 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:58.343349 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
19:37:59.347561 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34515)
*RESULT_CODE(1/0 Timeout)
19:38:00.351321 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34515)
*RESULT_CODE(1/0 Timeout)
19:38:01.355280 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34515)
*RESULT_CODE(1/0 Timeout)
19:38:02.359260 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34515)
*RESULT_CODE(1/0 Timeout)
19:38:03.363235 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34515)
*RESULT_CODE(1/0 Timeout)
19:38:04.318148 IP 172.31.1.192 > 172.31.1.190: ESP(spi=0xcef51c62,seq=0x6),
length 148
19:38:04.324785 IP 172.31.1.190.l2f > 172.31.1.192.l2f:
l2tp:[TLS](32/0)Ns=0,Nr=1 ZLB
19:38:14.329490 IP 172.31.1.192.isakmp > 172.31.1.190.isakmp: isakmp: phase
2/others I inf[E]
19:38:14.331766 IP 172.31.1.190.isakmp > 172.31.1.192.isakmp: isakmp: phase
2/others R inf[E]
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080214/423e6251/attachment.html
More information about the Users
mailing list