[Openswan Users] Installation/setup issues...

Mark Williams mwp at mwp.id.au
Fri Mar 7 04:44:01 EST 2008 

> your IPsec session is not established thats why .

Ok... any idea why that is?

>  On Fri, Mar 7, 2008 at 1:27 PM, Mark Williams <mwp at mwp.id.au> wrote:
>  > >  [root at linux sbin]# ./ipsec auto --up cf
>  >  >  104 "cf" #1: STATE_MAIN_I1: initiate
>  >  >  003 "cf" #1: ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
>  >  >  003 "cf" #1: received Vendor ID payload [Dead Peer Detection]
>  >  >  003 "cf" #1: received Vendor ID payload [RFC 3947] method set to=109
>  >  >  106 "cf" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>  >  >  003 "cf" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
>  >  >  108 "cf" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>  >  >  004 "cf" #1: STATE_MAIN_I4: ISAKMP SA established
>  >  >  {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
>  >  >
>  >  > group=modp1536}
>  >  >  117 "cf" #2: STATE_QUICK_I1: initiate
>  >  >  010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
>  >  >  010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
>  >  >  031 "cf" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
>  >  >
>  >  >  No acceptable response to our first Quick Mode message: perhaps peer
>  >  >  likes no proposal
>  >  >  000 "cf" #2: starting keying attempt 2 of at most 10, but releasing whack
>  >  >
>  >  >  Oh, ill add too that ipsec/l2tp connection from a windows XP box to
>  >  >  the VPN server from the same NAT'ed LAN as the linux box im trying to
>  >  >  setup the openswan client from, works perfectly.
>  >
>  >  and to continue this...
>  >  This is the what the openswan VPN server logs are saying when i try to connect:
>  >
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  ignoring unknown Vendor ID payload [4f454b427a64597b774d5d40]
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  received Vendor ID payload [Dead Peer Detection]
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  received Vendor ID payload [RFC 3947] method set to=109
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
>  >  but already using method 109
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
>  >  but already using method 109
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
>  >  but already using method 109
>  >  Mar  6 23:00:53 vpn pluto[3379]: packet from 150.101.102.xxx:500:
>  >  received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: responding to Main Mode from unknown peer
>  >  150.101.102.xxx
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: transition from state STATE_MAIN_R0 to state
>  >  STATE_MAIN_R1
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: STATE_MAIN_R1: sent MR1, expecting MI2
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: NAT-Traversal: Result using 3: peer is NATed
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: transition from state STATE_MAIN_R1 to state
>  >  STATE_MAIN_R2
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: STATE_MAIN_R2: sent MR2, expecting MI3
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[31]
>  >  150.101.102.xxx #557: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.1'
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
>  >  150.101.102.xxx #557: I did not send a certificate because I do not
>  >  have one.
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
>  >  150.101.102.xxx #557: transition from state STATE_MAIN_R2 to state
>  >  STATE_MAIN_R3
>  >  Mar  6 23:00:53 vpn pluto[3379]: | NAT-T: new mapping 150.101.102.xxx:500/4500)
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
>  >  150.101.102.xxx #557: STATE_MAIN_R3: sent MR3, ISAKMP SA established
>  >  {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
>  >  group=modp1536}
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
>  >  150.101.102.xxx #557: cannot respond to IPsec SA request because no
>  >  connection is known for
>  >  66.45.165.xx:17/1701...150.101.102.xxx[192.168.0.1]:17/%any===192.168.0.1/32
>  >  Mar  6 23:00:53 vpn pluto[3379]: "L2TP-PSK-orgWIN2KXP"[33]
>  >  150.101.102.xxx #557: sending encrypted notification
>  >  INVALID_ID_INFORMATION to 150.101.102.xxx:4500
>
>
> >  _______________________________________________
>  >  Users at openswan.org
>  >  http://lists.openswan.org/mailman/listinfo/users
>  >  Building and Integrating Virtual Private Networks with Openswan:
>  >  http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>  >
>

More information about the Users mailing list