[Openswan Users] Installation/setup issues...

Mark Williams mwp at mwp.id.au
Fri Mar 7 02:57:09 EST 2008 

>  [root at linux sbin]# ./ipsec auto --up cf
>  104 "cf" #1: STATE_MAIN_I1: initiate
>  003 "cf" #1: ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
>  003 "cf" #1: received Vendor ID payload [Dead Peer Detection]
>  003 "cf" #1: received Vendor ID payload [RFC 3947] method set to=109
>  106 "cf" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>  003 "cf" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
>  108 "cf" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>  004 "cf" #1: STATE_MAIN_I4: ISAKMP SA established
>  {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
>
> group=modp1536}
>  117 "cf" #2: STATE_QUICK_I1: initiate
>  010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
>  010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
>  031 "cf" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
>
>  No acceptable response to our first Quick Mode message: perhaps peer
>  likes no proposal
>  000 "cf" #2: starting keying attempt 2 of at most 10, but releasing whack
>
>  Oh, ill add too that ipsec/l2tp connection from a windows XP box to
>  the VPN server from the same NAT'ed LAN as the linux box im trying to
>  setup the openswan client from, works perfectly.

and to continue this...
This is the what the openswan VPN server logs are saying when i try to connect:

Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
ignoring unknown Vendor ID payload [4f454b427a64597b774d5d40]
Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [Dead Peer Detection]
Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [RFC 3947] method set to=109
Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 109
Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 109
Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: responding to Main Mode from unknown peer
150.101.102.xxx
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: STATE_MAIN_R1: sent MR1, expecting MI2
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: NAT-Traversal: Result using 3: peer is NATed
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: STATE_MAIN_R2: sent MR2, expecting MI3
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
150.101.102.xxx #557: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.1'
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: I did not send a certificate because I do not
have one.
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3
Mar  6 23:00:53 vpn pluto[3379]: | NAT-T: new mapping 150.101.102.xxx:500/4500)
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: cannot respond to IPsec SA request because no
connection is known for
66.45.165.xx:17/1701...150.101.102.xxx[192.168.0.1]:17/%any===192.168.0.1/32
Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
150.101.102.xxx #557: sending encrypted notification
INVALID_ID_INFORMATION to 150.101.102.xxx:4500

More information about the Users mailing list