[Openswan Users] Problem with OpenSwan and windows mobile 6.0

Denis Beltramo denis at denisio.net
Thu Feb 28 08:51:35 EST 2008


now The tunnel beetwen server linux openswan and macOS tiger go up:
Feb 28 14:47:44 vpnserver pluto[9453]: "roadwarriormac2"[12]
172.31.1.22#12: responding to Quick Mode {msgid:a68358ba}
Feb 28 14:47:44 vpnserver pluto[9453]: "roadwarriormac2"[12]
172.31.1.22#12: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1
Feb 28 14:47:44 vpnserver pluto[9453]: "roadwarriormac2"[12]
172.31.1.22#12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2
Feb 28 14:47:45 vpnserver pluto[9453]: "roadwarriormac2"[12]
172.31.1.22#12: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2
Feb 28 14:47:45 vpnserver pluto[9453]: "roadwarriormac2"[12]
172.31.1.22#12: STATE_QUICK_R2: IPsec SA established {ESP=>0x0e85d6f0
<0x051fe45a
xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}

and /etc/init.d/ipsec status --> 1 tunnels up

but l2tpd don't work  into /var/log/daemon.log write:


Feb 28 14:49:54 vpnserver l2tpd[7432]: ourtid = 37849, entropy_buf = 93d9
Feb 28 14:49:54 vpnserver l2tpd[7432]: ourcid = 19972, entropy_buf = 4e04
Feb 28 14:49:54 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:49:54 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 37849, call 19972
Feb 28 14:49:54 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:49:54 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:49:54 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:49:54 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:49:54 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:49:54 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:49:55 vpnserver l2tpd[7432]: ourtid = 65108, entropy_buf = fe54
Feb 28 14:49:55 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:49:55 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 65108, call 0
Feb 28 14:49:55 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:49:55 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:49:55 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:49:55 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:49:55 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:49:55 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:49:55 vpnserver l2tpd[7432]: control_finish: Peer requested tunnel
15 twice, ignoring second one.
Feb 28 14:49:56 vpnserver l2tpd[7432]: ourtid = 54470, entropy_buf = d4c6
Feb 28 14:49:56 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:49:56 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 54470, call 2037411698
Feb 28 14:49:56 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:49:56 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:49:56 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:49:56 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:49:56 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:49:56 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:49:56 vpnserver l2tpd[7432]: control_finish: Peer requested tunnel
15 twice, ignoring second one.
Feb 28 14:49:57 vpnserver l2tpd[7432]: ourtid = 24705, entropy_buf = 6081
Feb 28 14:49:57 vpnserver l2tpd[7432]: ourcid = 62422, entropy_buf = f3d6
Feb 28 14:49:57 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:49:57 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 24705, call 62422
Feb 28 14:49:57 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:49:57 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:49:57 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:49:57 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:49:57 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:49:57 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:49:57 vpnserver l2tpd[7432]: control_finish: Peer requested tunnel
15 twice, ignoring second one.
Feb 28 14:49:58 vpnserver l2tpd[7432]: ourtid = 5989, entropy_buf = 1765
Feb 28 14:49:58 vpnserver l2tpd[7432]: ourcid = 48441, entropy_buf = bd39
Feb 28 14:49:58 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:49:58 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 5989, call 48441
Feb 28 14:49:58 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:49:58 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:49:58 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:49:58 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:49:58 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:49:58 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:49:58 vpnserver l2tpd[7432]: control_finish: Peer requested tunnel
15 twice, ignoring second one.
Feb 28 14:49:59 vpnserver l2tpd[7432]: ourtid = 15147, entropy_buf = 3b2b
Feb 28 14:49:59 vpnserver l2tpd[7432]: ourcid = 26471, entropy_buf = 6767
Feb 28 14:49:59 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:49:59 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 15147, call 26471
Feb 28 14:49:59 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:49:59 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:49:59 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:49:59 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:49:59 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:49:59 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:49:59 vpnserver l2tpd[7432]: control_finish: Peer requested tunnel
15 twice, ignoring second one.
Feb 28 14:49:59 vpnserver l2tpd[7432]: control_xmit: Maximum retries
exceeded for tunnel 37849.  Closing.
Feb 28 14:49:59 vpnserver l2tpd[7432]: call_close : Connection 15 closed to
172.31.1.22, port 49205 (Timeout)
Feb 28 14:50:00 vpnserver l2tpd[7432]: ourtid = 16060, entropy_buf = 3ebc
Feb 28 14:50:00 vpnserver l2tpd[7432]: ourcid = 42698, entropy_buf = a6ca
Feb 28 14:50:00 vpnserver l2tpd[7432]: check_control: control, cid = 0, Ns =
0, Nr = 0
Feb 28 14:50:00 vpnserver l2tpd[7432]: handle_avps: handling avp's for
tunnel 16060, call 42698
Feb 28 14:50:00 vpnserver l2tpd[7432]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 28 14:50:00 vpnserver l2tpd[7432]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 28 14:50:00 vpnserver l2tpd[7432]: framing_caps_avp: supported peer
frames: async sync
Feb 28 14:50:00 vpnserver l2tpd[7432]: hostname_avp: peer reports hostname
''
Feb 28 14:50:00 vpnserver l2tpd[7432]: assigned_tunnel_avp: using peer's
tunnel 15
Feb 28 14:50:00 vpnserver l2tpd[7432]: receive_window_size_avp: peer wants
RWS of 4.  Will use flow control.
Feb 28 14:50:00 vpnserver l2tpd[7432]: control_finish: Peer requested tunnel
15 twice, ignoring second one.

so, the authntication don't go up and l2tpd close the tunnel.

Suggestion?








On Thu, Feb 28, 2008 at 12:42 PM, Jacco de Leeuw <jacco2 at dds.nl> wrote:

>
> Denis Beltramo wrote:
>
> > for this case i have added at my openssl.cnf this line:
> >
> > extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth
> > subjectAltName=IP:172.31.1.192 <http://172.31.1.192>
> >
> > ignoring informational payload, type INVALID_CERT_AUTHORITY
>
> This error indicates that the Mac client does not find these EKUs
> in the certificate that the server sends. Are you sure they have
> been added to the server certificate?  Check with:
>
> openssl x509 -text -noout -in servercrt.pem
>
> It should list no EKU at all, or:
>
>  X509v3 Extended Key Usage:
>    1.3.6.1.5.5.8.2.2, TLS Web Server Authentication
>
> (The latter is actually the "serverAuth").
>
> Jacco
> --
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>



-- 
Denis Beltramo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080228/8e9d01a7/attachment-0001.html 


More information about the Users mailing list