[Openswan Users] vpn disconnected connection still up
Jean-Marc LE FEVRE
jm.lefevre at babel-services.com
Thu Jul 10 14:14:24 EDT 2008
Hello all,
I'm having a trouble with my openswan installation: when I disconect
or being disconnecting , the tunnel is still up ( ipsec setup --status
return ipsec setup --status
IPsec running - pluto pid 4048 1 tunnels up) and if I want to
reconnect, generally it failed, but sometime I get 4 or 5 tunnels for
1 VPN user.
I've tried to update xl2tp and openswan and the kernel with no success
Openswan: 2.4.6/K2.6.18.8-0.10 with netkey
xl2tpd: 1.1.12
OS: opensuse 10.2
thanks in advance for helping
Here are the logs:
reconnect failure:
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [RFC 3947] method set to=109
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 110
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 110
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Jul 10 17:28:43 mail pluto[4048]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [Dead Peer Detection]
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
responding to Main Mode from unknown peer INTERNETCLASSIP
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
STATE_MAIN_R1: sent MR1, expecting MI2
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
are NATed
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
STATE_MAIN_R2: sent MR2, expecting MI3
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
Main mode peer ID is ID_IPV4_ADDR: 'CLIENTLOCALIPINISNET'
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7: I
did not send a certificate because I do not have one.
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
Jul 10 17:28:43 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #7:
received and ignored informational message
Jul 10 17:28:44 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #8:
responding to Quick Mode {msgid:bd9fa4a1}
Jul 10 17:28:44 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #8:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jul 10 17:28:44 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #8:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jul 10 17:28:44 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #8:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 10 17:28:44 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP #8:
STATE_QUICK_R2: IPsec SA established {ESP/NAT=>0x0f3366a8 <0x05173ce3
xfrm=AES_128-HMAC_SHA1 NATD=INTERNETCLASSIP:4500 DPD=none}
Jul 10 17:28:44 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52957.
Jul 10 17:28:46 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52957.
Jul 10 17:28:46 mail xl2tpd[4669]: control_finish: Peer requested
tunnel 58 twice, ignoring second one.
Jul 10 17:28:46 mail xl2tpd[4669]: build_fdset: closing down tunnel
55621
Jul 10 17:28:47 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52957.
Jul 10 17:28:47 mail xl2tpd[4669]: control_finish: Peer requested
tunnel 58 twice, ignoring second one.
Jul 10 17:28:47 mail xl2tpd[4669]: build_fdset: closing down tunnel 8583
Jul 10 17:28:51 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52957.
Jul 10 17:28:51 mail xl2tpd[4669]: control_finish: Peer requested
tunnel 58 twice, ignoring second one.
Jul 10 17:28:51 mail xl2tpd[4669]: build_fdset: closing down tunnel 2830
Jul 10 17:28:51 mail xl2tpd[4669]: Maximum retries exceeded for tunnel
58723. Closing.
Jul 10 17:28:51 mail xl2tpd[4669]: build_fdset: closing down tunnel
58723
Jul 10 17:28:51 mail xl2tpd[4669]: Connection 58 closed to
INTERNETCLASSIP, port 52957 (Timeout)
Jul 10 17:28:56 mail xl2tpd[4669]: Unable to deliver closing message
for tunnel 58723. Destroying anyway.
Jul 10 17:28:56 mail xl2tpd[4669]: build_fdset: closing down tunnel
58723
Jul 10 17:28:59 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52957.
Jul 10 17:29:06 mail xl2tpd[4669]: Maximum retries exceeded for tunnel
1596. Closing.
Jul 10 17:29:06 mail xl2tpd[4669]: build_fdset: closing down tunnel 1596
Jul 10 17:29:06 mail xl2tpd[4669]: Connection 58 closed to
INTERNETCLASSIP, port 52957 (Timeout)
Jul 10 17:29:11 mail xl2tpd[4669]: Unable to deliver closing message
for tunnel 1596. Destroying anyway.
Jul 10 17:29:11 mail xl2tpd[4669]: build_fdset: closing down tunnel 1596
normal connection (from restart to disconnect)
Jul 10 17:31:13 mail pluto[4048]: shutting down
Jul 10 17:31:13 mail pluto[4048]: forgetting secrets
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK"[2] INTERNETCLASSIP:
deleting connection "L2TP-PSK" instance with peer INTERNETCLASSIP
{isakmp=#7/ipsec=#8}
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #8: deleting state
(STATE_QUICK_R2)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #7: deleting state
(STATE_MAIN_R3)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #6: deleting state
(STATE_QUICK_R2)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #5: deleting state
(STATE_MAIN_R3)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #4: deleting state
(STATE_QUICK_R2)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #3: deleting state
(STATE_MAIN_R3)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #2: deleting state
(STATE_QUICK_R2)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK" #1: deleting state
(STATE_MAIN_R3)
Jul 10 17:31:13 mail pluto[4048]: "L2TP-PSK": deleting connection
Jul 10 17:31:13 mail pluto[4048]: shutting down interface lo/lo
127.0.0.1:4500
Jul 10 17:31:13 mail pluto[4048]: shutting down interface lo/lo
127.0.0.1:500
Jul 10 17:31:13 mail pluto[4048]: shutting down interface eth0/eth0
10.91.130.1:4500
Jul 10 17:31:13 mail pluto[4048]: shutting down interface eth0/eth0
10.91.130.1:500
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec 2.4.11...
mail:~ # Jul 10 17:31:14 mail kernel: NET: Unregistered protocol
family 15
Jul 10 17:31:14 mail ipsec_setup: ...Openswan IPsec stopped
Jul 10 17:31:14 mail ipsec_setup: Stopping Openswan IPsec...
Jul 10 17:31:14 mail kernel: NET: Registered protocol family 15
Jul 10 17:31:14 mail kernel: padlock: VIA PadLock not detected.
Jul 10 17:31:15 mail kernel: Initializing IPsec netlink socket
Jul 10 17:31:15 mail ipsec_setup: NETKEY on eth0
10.91.130.1/255.255.255.0 broadcast 255.255.255.255
Jul 10 17:31:15 mail ipsec__plutorun: Starting Pluto subsystem...
Jul 10 17:31:15 mail pluto[5149]: Starting Pluto (Openswan Version
2.4.11 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE{dD^fJcUvk)
Jul 10 17:31:15 mail pluto[5149]: Setting NAT-Traversal port-4500
floating to on
Jul 10 17:31:15 mail pluto[5149]: port floating activation criteria
nat_t=1/port_fload=1
Jul 10 17:31:15 mail pluto[5149]: including NAT-Traversal patch
(Version 0.6c)
Jul 10 17:31:15 mail pluto[5149]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Jul 10 17:31:15 mail pluto[5149]: no helpers will be started, all
cryptographic operations will be done inline
Jul 10 17:31:15 mail pluto[5149]: Using NETKEY IPsec interface code on
2.6.18.8-0.10-default
Jul 10 17:31:15 mail pluto[5149]: Changing to directory '/etc/ipsec.d/
cacerts'
Jul 10 17:31:15 mail pluto[5149]: Changing to directory '/etc/ipsec.d/
aacerts'
Jul 10 17:31:15 mail pluto[5149]: Changing to directory '/etc/ipsec.d/
ocspcerts'
Jul 10 17:31:15 mail pluto[5149]: Changing to directory '/etc/ipsec.d/
crls'
Jul 10 17:31:15 mail pluto[5149]: Warning: empty directory
Jul 10 17:31:15 mail ipsec_setup: ...Openswan IPsec started
Jul 10 17:31:15 mail ipsec_setup: Starting Openswan IPsec 2.4.11...
Jul 10 17:31:15 mail pluto[5149]: added connection description "L2TP-
PSK"
Jul 10 17:31:15 mail pluto[5149]: listening for IKE messages
Jul 10 17:31:15 mail pluto[5149]: adding interface eth0/eth0
10.91.130.1:500
Jul 10 17:31:15 mail pluto[5149]: adding interface eth0/eth0
10.91.130.1:4500
Jul 10 17:31:15 mail pluto[5149]: adding interface lo/lo 127.0.0.1:500
Jul 10 17:31:15 mail pluto[5149]: adding interface lo/lo 127.0.0.1:4500
Jul 10 17:31:15 mail pluto[5149]: loading secrets from "/etc/
ipsec.secrets"
mail:~ #
mail:~ # Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:
500: received Vendor ID payload [RFC 3947] method set to=109
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 110
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 110
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Jul 10 17:31:36 mail pluto[5149]: packet from INTERNETCLASSIP:500:
received Vendor ID payload [Dead Peer Detection]
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
responding to Main Mode from unknown peer INTERNETCLASSIP
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
are NATed
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
Main mode peer ID is ID_IPV4_ADDR: '192.168.1.15'
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[1] INTERNETCLASSIP #1:
switched from "L2TP-PSK" to "L2TP-PSK"
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #1:
deleting connection "L2TP-PSK" instance with peer INTERNETCLASSIP
{isakmp=#0/ipsec=#0}
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #1: I
did not send a certificate because I do not have one.
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
Jul 10 17:31:36 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #1:
received and ignored informational message
Jul 10 17:31:37 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #2:
responding to Quick Mode {msgid:27e96985}
Jul 10 17:31:37 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #2:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jul 10 17:31:37 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #2:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jul 10 17:31:37 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52960.
Jul 10 17:31:37 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 10 17:31:37 mail pluto[5149]: "L2TP-PSK"[2] INTERNETCLASSIP #2:
STATE_QUICK_R2: IPsec SA established {ESP/NAT=>0x03a0f59b <0x15b6c54b
xfrm=AES_128-HMAC_SHA1 NATD=INTERNETCLASSIP:4500 DPD=none}
Jul 10 17:31:39 mail xl2tpd[4669]: get_call: allocating new tunnel for
host INTERNETCLASSIP, port 52960.
Jul 10 17:31:39 mail xl2tpd[4669]: control_finish: Peer requested
tunnel 59 twice, ignoring second one.
Jul 10 17:31:39 mail xl2tpd[4669]: build_fdset: closing down tunnel
10696
Jul 10 17:31:39 mail xl2tpd[4669]: Connection established to
INTERNETCLASSIP, 52960. Local: 17187, Remote: 59 (ref=0/0). LNS
session is 'default'
Jul 10 17:31:39 mail xl2tpd[4669]: start_pppd: I'm running:
Jul 10 17:31:39 mail xl2tpd[4669]: "/usr/sbin/pppd"
Jul 10 17:31:39 mail xl2tpd[4669]: "passive"
Jul 10 17:31:39 mail xl2tpd[4669]: "-detach"
Jul 10 17:31:39 mail xl2tpd[4669]: "192.168.130.99:192.168.130.128"
Jul 10 17:31:39 mail xl2tpd[4669]: "refuse-pap"
Jul 10 17:31:39 mail xl2tpd[4669]: "auth"
Jul 10 17:31:39 mail xl2tpd[4669]: "require-chap"
Jul 10 17:31:39 mail xl2tpd[4669]: "name"
Jul 10 17:31:39 mail xl2tpd[4669]: "LinuxVPNserver"
Jul 10 17:31:39 mail xl2tpd[4669]: "debug"
Jul 10 17:31:39 mail xl2tpd[4669]: "file"
Jul 10 17:31:39 mail xl2tpd[4669]: "/etc/ppp/options.xl2tpd"
Jul 10 17:31:39 mail xl2tpd[4669]: "/dev/pts/1"
Jul 10 17:31:39 mail xl2tpd[4669]: Call established with
INTERNETCLASSIP, Local: 39427, Remote: 5155, Serial: 1
Jul 10 17:31:39 mail pppd[5250]: pppd 2.4.4 started by root, uid 0
Jul 10 17:31:39 mail pppd[5250]: using channel 10
Jul 10 17:31:39 mail pppd[5250]: Using interface ppp0
Jul 10 17:31:39 mail pppd[5250]: Connect: ppp0 <--> /dev/pts/1
Jul 10 17:31:39 mail pppd[5250]: sent [LCP ConfReq id=0x1 <mru 1410>
<asyncmap 0x0> <auth chap MD5> <magic 0xd24d9c78> <pcomp> <accomp>]
Jul 10 17:31:39 mail pppd[5250]: rcvd [LCP ConfReq id=0x1 <asyncmap
0x0> <magic 0xf5f2bb5e> <pcomp> <accomp>]
Jul 10 17:31:39 mail pppd[5250]: sent [LCP ConfAck id=0x1 <asyncmap
0x0> <magic 0xf5f2bb5e> <pcomp> <accomp>]
Jul 10 17:31:39 mail pppd[5250]: rcvd [LCP ConfAck id=0x1 <mru 1410>
<asyncmap 0x0> <auth chap MD5> <magic 0xd24d9c78> <pcomp> <accomp>]
Jul 10 17:31:39 mail pppd[5250]: sent [LCP EchoReq id=0x0
magic=0xd24d9c78]
Jul 10 17:31:39 mail pppd[5250]: sent [CHAP Challenge id=0xdd
<948bf2a38601f45c220a1336ae9260899d70f40446>, name = "LinuxVPNserver"]
Jul 10 17:31:39 mail pppd[5250]: rcvd [LCP EchoReq id=0x0
magic=0xf5f2bb5e]
Jul 10 17:31:39 mail pppd[5250]: sent [LCP EchoRep id=0x0
magic=0xd24d9c78]
Jul 10 17:31:39 mail pppd[5250]: rcvd [LCP EchoRep id=0x0
magic=0xf5f2bb5e]
Jul 10 17:31:39 mail pppd[5250]: rcvd [CHAP Response id=0xdd
<bdd5640072e65d7d4c80ffeaddc463dd>, name = "maubertin"]
Jul 10 17:31:39 mail pppd[5250]: sent [CHAP Success id=0xdd "Access
granted"]
Jul 10 17:31:39 mail pppd[5250]: Script /etc/ppp/auth-up started (pid
5260)
Jul 10 17:31:39 mail pppd[5250]: sent [IPCP ConfReq id=0x1 <compress
VJ 0f 01> <addr 192.168.130.99>]
Jul 10 17:31:39 mail pppd[5250]: Script /etc/ppp/auth-up finished (pid
5260), status = 0x0
Jul 10 17:31:39 mail pppd[5250]: rcvd [IPCP ConfReq id=0x1 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Jul 10 17:31:39 mail pppd[5250]: sent [IPCP ConfNak id=0x1 <addr
192.168.130.128> <ms-dns1 10.91.130.1> <ms-dns3 10.91.130.2>]
Jul 10 17:31:39 mail pppd[5250]: rcvd [IPV6CP ConfReq id=0x1 <addr
fe80::0216:cbff:fe89:a59a>]
Jul 10 17:31:39 mail pppd[5250]: Unsupported protocol 'IPv6 Control
Protovol' (0x8057) received
Jul 10 17:31:39 mail pppd[5250]: sent [LCP ProtRej id=0x2 80 57 01 01
00 0e 01 0a 02 16 cb ff fe 89 a5 9a]
Jul 10 17:31:39 mail pppd[5250]: rcvd [proto=0x8235] 01 01 00 10 01 06
00 00 00 01 02 06 00 00 00 01
Jul 10 17:31:39 mail pppd[5250]: Unsupported protocol 'Apple Client
Server Protocol Control' (0x8235) received
Jul 10 17:31:39 mail pppd[5250]: sent [LCP ProtRej id=0x3 82 35 01 01
00 10 01 06 00 00 00 01 02 06 00 00 00 01]
Jul 10 17:31:39 mail pppd[5250]: rcvd [IPCP ConfRej id=0x1 <compress
VJ 0f 01>]
Jul 10 17:31:39 mail pppd[5250]: sent [IPCP ConfReq id=0x2 <addr
192.168.130.99>]
Jul 10 17:31:39 mail pppd[5250]: rcvd [IPCP ConfReq id=0x2 <addr
192.168.130.128> <ms-dns1 10.91.130.1> <ms-dns3 10.91.130.2>]
Jul 10 17:31:39 mail pppd[5250]: sent [IPCP ConfAck id=0x2 <addr
192.168.130.128> <ms-dns1 10.91.130.1> <ms-dns3 10.91.130.2>]
Jul 10 17:31:39 mail pppd[5250]: rcvd [IPCP ConfAck id=0x2 <addr
192.168.130.99>]
Jul 10 17:31:39 mail pppd[5250]: Cannot determine ethernet address for
proxy ARP
Jul 10 17:31:39 mail pppd[5250]: local IP address 192.168.130.99
Jul 10 17:31:39 mail pppd[5250]: remote IP address 192.168.130.128
Jul 10 17:31:39 mail pppd[5250]: Script /etc/ppp/ip-up started (pid
5263)
Jul 10 17:31:40 mail pppd[5250]: Script /etc/ppp/ip-up finished (pid
5263), status = 0x0
Jul 10 17:31:40 mail /etc/ppp/ip-up.d/freeswan: this script needs to
be run from ip-up or ip-down
Jul 10 17:31:44 mail pppd[5250]: sent [LCP EchoReq id=0x1
magic=0xd24d9c78]
Jul 10 17:31:44 mail pppd[5250]: rcvd [LCP EchoRep id=0x1
magic=0xf5f2bb5e]
Jul 10 17:31:46 mail ip-up: postqueue: fatal: Cannot flush mail queue
- mail system is down
Jul 10 17:31:49 mail pppd[5250]: sent [LCP EchoReq id=0x2
magic=0xd24d9c78]
Jul 10 17:31:49 mail pppd[5250]: rcvd [LCP EchoRep id=0x2
magic=0xf5f2bb5e]
Jul 10 17:31:52 mail pppd[5250]: rcvd [LCP TermReq id=0x2 "User
request"]
Jul 10 17:31:52 mail pppd[5250]: LCP terminated by peer (User request)
Jul 10 17:31:52 mail pppd[5250]: Script /etc/ppp/auth-down started
(pid 5307)
Jul 10 17:31:52 mail pppd[5250]: Connect time 0.3 minutes.
Jul 10 17:31:52 mail pppd[5250]: Sent 9322 bytes, received 6931 bytes.
Jul 10 17:31:52 mail pppd[5250]: Script /etc/ppp/ip-down started (pid
5310)
Jul 10 17:31:52 mail pppd[5250]: sent [LCP TermAck id=0x2]
Jul 10 17:31:52 mail pppd[5250]: Script /etc/ppp/auth-down finished
(pid 5307), status = 0x0
Jul 10 17:31:52 mail /etc/ppp/ip-down.d/freeswan: this script needs to
be run from ip-up or ip-down
Jul 10 17:31:52 mail pppd[5250]: Script /etc/ppp/ip-down finished (pid
5310), status = 0x1
Jul 10 17:31:52 mail xl2tpd[4669]: result_code_avp: result code out of
range (768 0 14). Ignoring.
Jul 10 17:31:52 mail xl2tpd[4669]: control_finish: Peer tried to
disconnect without specifying result code.
Jul 10 17:31:52 mail xl2tpd[4669]: network_thread: bad packet
Jul 10 17:31:52 mail xl2tpd[4669]: result_code_avp: result code out of
range (256 0 14). Ignoring.
Jul 10 17:31:52 mail xl2tpd[4669]: control_finish: Peer tried to
disconnect without specifying result code.
Jul 10 17:31:52 mail xl2tpd[4669]: network_thread: bad packet
Jul 10 17:31:54 mail pppd[5250]: Connection terminated.
Jul 10 17:31:54 mail pppd[5250]: Modem hangup
Jul 10 17:31:54 mail pppd[5250]: Exit.
Jul 10 17:31:56 mail xl2tpd[4669]: child_handler : pppd exited for
call 5155 with code 16
Jul 10 17:31:56 mail xl2tpd[4669]: call_close: Call 39427 to
INTERNETCLASSIP disconnected
Jul 10 17:32:01 mail xl2tpd[4669]: Maximum retries exceeded for tunnel
17187. Closing.
Jul 10 17:32:01 mail xl2tpd[4669]: build_fdset: closing down tunnel
17187
Jul 10 17:32:01 mail xl2tpd[4669]: Untrustingly terminating pppd:
sending KILL signal to pid 5250
Jul 10 17:32:01 mail xl2tpd[4669]: pppd 5250 successfully terminated
Jul 10 17:32:01 mail xl2tpd[4669]: Connection 59 closed to
INTERNETCLASSIP, port 52960 (Timeout)
Jul 10 17:32:06 mail xl2tpd[4669]: Unable to deliver closing message
for tunnel 17187. Destroyin
ipsec.conf:
config setup
nat_traversal=yes
virtual_private=
%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!10.91.130.0/24
forwardcontrol=yes
interfaces="ipsec0=eth0"
plutowait=yes
nhelpers=0
conn %default
include /etc/ipsec.d/examples/no_oe.conf
include /etc/ipsec.d/foo.conf
foo.conf
conn L2TP-PSK
type=transport
authby=secret
pfs=no
left=10.91.130.1# vpn server addr
leftsubnet=10.91.130.0/24 # internal ips
leftnexthop=10.91.130.2# vpn server default route
leftprotoport=0/%any# tried 17/%any also
right=%any
rightprotoport=0/%any# tried 17/%any also
auto=add
ikelifetime=20m
keylife=1m#tried 1h also
rekey=no
forceencaps=yes
More information about the Users
mailing list