[Openswan Users] Installation/setup issues...
Mark Williams
mwp at mwp.id.au
Fri Mar 7 02:57:09 EST 2008
> [root at linux sbin]# ./ipsec auto --up cf
> 104 "cf" #1: STATE_MAIN_I1: initiate
> 003 "cf" #1: ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
> 003 "cf" #1: received Vendor ID payload [Dead Peer Detection]
> 003 "cf" #1: received Vendor ID payload [RFC 3947] method set to=109
> 106 "cf" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "cf" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
> 108 "cf" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "cf" #1: STATE_MAIN_I4: ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
>
> group=modp1536}
> 117 "cf" #2: STATE_QUICK_I1: initiate
> 010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
> 031 "cf" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
>
> No acceptable response to our first Quick Mode message: perhaps peer
> likes no proposal
> 000 "cf" #2: starting keying attempt 2 of at most 10, but releasing whack
>
> Oh, ill add too that ipsec/l2tp connection from a windows XP box to
> the VPN server from the same NAT'ed LAN as the linux box im trying to
> setup the openswan client from, works perfectly.
and to continue this...
This is the what the openswan VPN server logs are saying when i try to connect:
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
ignoring unknown Vendor ID payload [4f454b427a64597b774d5d40]
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [Dead Peer Detection]
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [RFC 3947] method set to=109
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 109
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 109
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Mar 6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: responding to Main Mode from unknown peer
150.101.102.xxx
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: NAT-Traversal: Result using 3: peer is NATed
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.1'
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: I did not send a certificate because I do not
have one.
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3
Mar 6 23:00:53 vpn pluto[3379]: | NAT-T: new mapping 150.101.102.xxx:500/4500)
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: cannot respond to IPsec SA request because no
connection is known for
66.45.165.xx:17/1701...150.101.102.xxx[192.168.0.1]:17/%any===192.168.0.1/32
Mar 6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: sending encrypted notification
INVALID_ID_INFORMATION to 150.101.102.xxx:4500
More information about the Users
mailing list