[Openswan Users] Problem with OpenSwan and windows mobile 6.0

Denis Beltramo denis at denisio.net
Tue Feb 19 04:01:23 EST 2008 

This is all that i could say, windows mobile say only that is impossibile to
connect to network:

10:24:13.581013 IP 172.31.1.194.isakmp > 172.31.1.190.isakmp: isakmp: phase
1 I ident
10:24:13.582465 IP 172.31.1.190.isakmp > 172.31.1.194.isakmp: isakmp: phase
1 R ident
10:24:18.582216 arp who-has 172.31.1.194 tell 172.31.1.190
10:24:18.904019 arp reply 172.31.1.194 is-at 00:09:2d:da:cb:cc (oui Unknown)
10:24:22.587450 IP 172.31.1.194.isakmp > 172.31.1.190.isakmp: isakmp: phase
1 I ident
10:24:22.671162 IP 172.31.1.190.isakmp > 172.31.1.194.isakmp: isakmp: phase
1 R ident
10:24:26.014066 IP 172.31.1.194.isakmp > 172.31.1.190.isakmp: isakmp: phase
2/others I inf[E]
10:24:26.015237 IP 172.31.1.190.isakmp > 172.31.1.194.isakmp: isakmp: phase
2/others R inf
10:24:26.387174 IP 172.31.1.194.isakmp > 172.31.1.190.isakmp: isakmp: phase
2/others I inf[E]
10:24:26.686534 IP 172.31.1.194 > 172.31.1.190: ICMP 172.31.1.194 udp port
isakmp unreachable, length 76
10:24:32.686003 IP 172.31.1.190.isakmp > 172.31.1.194.isakmp: isakmp: phase
1 R ident
10:24:32.830541 IP 172.31.1.194 > 172.31.1.190: ICMP 172.31.1.194 udp port
isakmp unreachable, length 156
10:24:52.829565 IP 172.31.1.190.isakmp > 172.31.1.194.isakmp: isakmp: phase
1 R ident
10:24:52.899268 IP 172.31.1.194 > 172.31.1.190: ICMP 172.31.1.194 udp port
isakmp unreachable, length 156

ipsec.conf
version 2.0

config setup
        interfaces=%defaultroute
        virtual_private=%v4:
10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!172.31.1.0/24
        klipsdebug=none
        plutodebug=none

conn %default
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyexchange=ike
        ikelifetime=240m
        keylife=60m

conn roadwarrior-l2tp
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        left=172.31.1.190
        leftcert=pubblica.pem
        right=%any
        auto=add
        pfs=no

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore




On Feb 18, 2008 9:35 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Mon, 18 Feb 2008, Denis Beltramo wrote:
>
> The best you can hope for is a misconfiguration. Do you have any logs on
> the mobile device?
>
> Paul
>
> > Date: Mon, 18 Feb 2008 17:44:59 +0100
> > From: Denis Beltramo <denis at denisio.net>
> > To:  <users at openswan.org>
> > Subject: [Openswan Users] Problem with OpenSwan and windows mobile 6.0
>  >
> > Hello,
> >
> > I havve this problem, i have a server with openswan and l2tpd, i have
> > configured and tested: between linux and linux work, between linux
> openswan
> > and windows xp home sp2 work, but between linux openswan server and
> windows
> > mobile 6 don't work.
> > this is ipsec barf output:
> > Feb 18 19:01:08 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > responding to Main Mode from unknown peer 172.31.1.194
> > Feb 18 19:01:08 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> > Feb 18 19:01:08 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > STATE_MAIN_R1: sent MR1, expecting MI2
> > Feb 18 19:01:17 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
> > detected
> > Feb 18 19:01:17 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> > Feb 18 19:01:17 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > STATE_MAIN_R2: sent MR2, expecting MI3
> > Feb 18 19:01:20 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > next payload type of ISAKMP Hash Payload has an unknown value: 76
> > Feb 18 19:01:20 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > malformed payload in packet
> > Feb 18 19:01:20 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > sending notification PAYLOAD_MALFORMED to 172.31.1.194:500
> > Feb 18 19:01:20 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > next payload type of ISAKMP Hash Payload has an unknown value: 125
> > Feb 18 19:01:20 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > malformed payload in packet
> > Feb 18 19:01:27 testradiu2 pluto[31465]: ERROR: asynchronous network
> error
> > report on eth0 (sport=500) for message to 172.31.1.194 port 500,
> complainant
> > 172.31.1.194: Connection refused [errno 111, origin ICMP type 3 code 3
> (not
> > authenticated)]
> > Feb 18 19:01:47 testradiu2 pluto[31465]: ERROR: asynchronous network
> error
> > report on eth0 (sport=500) for message to 172.31.1.194 port 500,
> complainant
> > 172.31.1.194: Connection refused [errno 111, origin ICMP type 3 code 3
> (not
> > authenticated)]
> > Feb 18 19:02:27 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194#2:
> > max number of retransmissions (2) reached STATE_MAIN_R2
> > Feb 18 19:02:27 testradiu2 pluto[31465]: "roadwarrior"[2] 172.31.1.194:
> > deleting connection "roadwarrior" instance with peer
> > 172.31.1.194{isakmp=#0/ipsec=#0}
> >
> > Do you have any suggenstion?
> >
> > Thanks!
> >
> >
>
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>



-- 
Denis Beltramo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080219/83721af5/attachment-0001.html

More information about the Users mailing list