[Openswan Users] Nokia VPN client vs openswan problem
Pavol Luptak
wilder at hq.alert.sk
Thu May 1 11:18:02 EDT 2008
Hello,
I try to use my integrated Nokia VPN client (from my Nokia E61i)
with openswan (I try versions 2.5.17 also 2.4.6 from Debian/Etch)
I strictly follow these HOW-TOs :
http://www.linuxjournal.com/article/9646
http://www.thorsten-knabe.de/linux/e61.jsp
I sucessfully authenticate with openswan server (I tried to use PAMs also
/etc/ipsec.d/passwd - everything works without problems).
But after typing correct login and password, the openswan server stops at:
May 1 17:11:03 penetrak pluto[4404]: | next event EVENT_SHUNT_SCAN in 0 seconds
May 1 17:11:03 penetrak pluto[4404]: |
May 1 17:11:03 penetrak pluto[4404]: | *time to handle event
May 1 17:11:03 penetrak pluto[4404]: | handling event EVENT_SHUNT_SCAN
May 1 17:11:03 penetrak pluto[4404]: | event after this is EVENT_PENDING_PHASE2 in 120 seconds
May 1 17:11:03 penetrak pluto[4404]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds
May 1 17:11:03 penetrak pluto[4404]: | scanning for shunt eroutes
May 1 17:11:03 penetrak pluto[4404]: | next event EVENT_SHUNT_SCAN in 120 seconds
and after 39 seconds my Nokia E61i shows "Server not found" a the connection
crashes with the message (see the attachment error.txt for full debug log):
May 1 17:11:42 penetrak pluto[4404]: ERROR: asynchronous network error report on eth1 (sport=500) for message to 85.216.205.135 port 500, complainant 85.216.205.135: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Do you have any idea what is wrong with my configuration?
I attached also my openswan configuration.
I use Nokia E61i (Symbian 9.1, firmware version 2.0633.65.01 03-10-07 RM-227)
Thanks a lot for any information.
Regards,
Pavol
--
-------------- next part --------------
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
-------------- next part --------------
conn e61
# Key exchange
ike=aes256-sha1-modp1536
# Data exchange
esp=aes256-sha1
# Authentication method PSK
authby=secret
auto=add
keyingtries=10
rekey=no
pfs=no
# Modeconfig setting
modecfgpull=yes
# local endpoint
left=MY_VPN_GATEWAY_IP
leftxauthserver=yes
leftmodecfgserver=yes
leftsourceip=192.168.1.1
leftsubnet=0.0.0.0/0
# remote endpoint
right=%any
rightxauthclient=yes
rightmodecfgclient=yes
rightsourceip=192.168.1.2
rightsubnet=192.168.1.2/32
-------------- next part --------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug=all
#
# Only enable *debug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
OE=off
include /etc/ipsec.d/examples/no_oe.conf
include /etc/ipsec.d/e61.conf
-------------- next part --------------
May 1 17:11:42 penetrak pluto[4404]: |
May 1 17:11:42 penetrak pluto[4404]: | *received 92 bytes from 85.216.205.135:500 on eth1 (port=500)
May 1 17:11:42 penetrak pluto[4404]: | c7 4d fa 6b 54 d6 03 ca 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | 08 10 05 01 29 17 fe 2c 00 00 00 5c 21 90 c7 42
May 1 17:11:42 penetrak pluto[4404]: | 38 cd 0d 35 4b 2b 48 ab c8 0e a8 80 d5 3a fb a1
May 1 17:11:42 penetrak pluto[4404]: | ad 5a 2f 0e a4 fc ea 1c f4 11 95 30 17 af 8b 06
May 1 17:11:42 penetrak pluto[4404]: | d4 8d 0a 1e f1 47 5a 63 44 1f 60 59 ec 77 27 cb
May 1 17:11:42 penetrak pluto[4404]: | b2 12 77 df 3c 4a a5 94 03 da 94 bb
May 1 17:11:42 penetrak pluto[4404]: | **parse ISAKMP Message:
May 1 17:11:42 penetrak pluto[4404]: | initiator cookie:
May 1 17:11:42 penetrak pluto[4404]: | c7 4d fa 6b 54 d6 03 ca
May 1 17:11:42 penetrak pluto[4404]: | responder cookie:
May 1 17:11:42 penetrak pluto[4404]: | 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | next payload type: ISAKMP_NEXT_HASH
May 1 17:11:42 penetrak pluto[4404]: | ISAKMP version: ISAKMP Version 1.0
May 1 17:11:42 penetrak pluto[4404]: | exchange type: ISAKMP_XCHG_INFO
May 1 17:11:42 penetrak pluto[4404]: | flags: ISAKMP_FLAG_ENCRYPTION
May 1 17:11:42 penetrak pluto[4404]: | message ID: 29 17 fe 2c
May 1 17:11:42 penetrak pluto[4404]: | length: 92
May 1 17:11:42 penetrak pluto[4404]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5)
May 1 17:11:42 penetrak pluto[4404]: | ICOOKIE: c7 4d fa 6b 54 d6 03 ca
May 1 17:11:42 penetrak pluto[4404]: | RCOOKIE: 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | state hash entry 11
May 1 17:11:42 penetrak pluto[4404]: | peer and cookies match on #2, provided msgid 00000000 vs 00000000/00000000
May 1 17:11:42 penetrak pluto[4404]: | p15 state object #2 found, in STATE_MODE_CFG_R1
May 1 17:11:42 penetrak pluto[4404]: | processing connection e61[4] 85.216.205.135
May 1 17:11:42 penetrak pluto[4404]: | last Phase 1 IV: 83 4a b1 7e 66 6c 4f 67 e8 28 06 18 68 d4 dd 53
May 1 17:11:42 penetrak pluto[4404]: | current Phase 1 IV: 10 c3 30 f9 97 90 ed 85 8c 1a 50 2f df d3 44 ff
May 1 17:11:42 penetrak pluto[4404]: | computed Phase 2 IV:
May 1 17:11:42 penetrak pluto[4404]: | 43 fd 9f 9d e7 00 0d 78 b5 8a b2 2b dd 50 c5 b0
May 1 17:11:42 penetrak pluto[4404]: | a5 0d 0d c5
May 1 17:11:42 penetrak pluto[4404]: | received encrypted packet from 85.216.205.135:500
May 1 17:11:42 penetrak pluto[4404]: | decrypting 64 bytes using algorithm OAKLEY_AES_CBC
May 1 17:11:42 penetrak pluto[4404]: | decrypted:
May 1 17:11:42 penetrak pluto[4404]: | 0c 00 00 18 bb 77 95 93 84 3c a8 61 73 7d de 30
May 1 17:11:42 penetrak pluto[4404]: | cc b1 9b 5c e7 6a 5a 4a 00 00 00 1c 00 00 00 01
May 1 17:11:42 penetrak pluto[4404]: | 01 10 00 01 c7 4d fa 6b 54 d6 03 ca 23 f7 f0 a6
May 1 17:11:42 penetrak pluto[4404]: | d4 46 d4 1b 00 00 00 00 00 00 00 00 00 00 00 00
May 1 17:11:42 penetrak pluto[4404]: | next IV: ec 77 27 cb b2 12 77 df 3c 4a a5 94 03 da 94 bb
May 1 17:11:42 penetrak pluto[4404]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
May 1 17:11:42 penetrak pluto[4404]: | ***parse ISAKMP Hash Payload:
May 1 17:11:42 penetrak pluto[4404]: | next payload type: ISAKMP_NEXT_D
May 1 17:11:42 penetrak pluto[4404]: | length: 24
May 1 17:11:42 penetrak pluto[4404]: | got payload 0x1000(ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
May 1 17:11:42 penetrak pluto[4404]: | ***parse ISAKMP Delete Payload:
May 1 17:11:42 penetrak pluto[4404]: | next payload type: ISAKMP_NEXT_NONE
May 1 17:11:42 penetrak pluto[4404]: | length: 28
May 1 17:11:42 penetrak pluto[4404]: | DOI: ISAKMP_DOI_IPSEC
May 1 17:11:42 penetrak pluto[4404]: | protocol ID: 1
May 1 17:11:42 penetrak pluto[4404]: | SPI size: 16
May 1 17:11:42 penetrak pluto[4404]: | number of SPIs: 1
May 1 17:11:42 penetrak pluto[4404]: | removing 12 bytes of padding
May 1 17:11:42 penetrak pluto[4404]: | ICOOKIE: c7 4d fa 6b 54 d6 03 ca
May 1 17:11:42 penetrak pluto[4404]: | RCOOKIE: 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | state hash entry 11
May 1 17:11:42 penetrak pluto[4404]: | peer and cookies match on #2, provided msgid 00000000 vs 00000000
May 1 17:11:42 penetrak pluto[4404]: | state object #2 found, in STATE_MODE_CFG_R1
May 1 17:11:42 penetrak pluto[4404]: | processing connection e61[4] 85.216.205.135
May 1 17:11:42 penetrak pluto[4404]: "e61"[4] 85.216.205.135 #2: received Delete SA payload: deleting ISAKMP State #2
May 1 17:11:42 penetrak pluto[4404]: | deleting state #2
May 1 17:11:42 penetrak pluto[4404]: | processing connection e61[4] 85.216.205.135
May 1 17:11:42 penetrak pluto[4404]: | **emit ISAKMP Message:
May 1 17:11:42 penetrak pluto[4404]: | initiator cookie:
May 1 17:11:42 penetrak pluto[4404]: | c7 4d fa 6b 54 d6 03 ca
May 1 17:11:42 penetrak pluto[4404]: | responder cookie:
May 1 17:11:42 penetrak pluto[4404]: | 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | next payload type: ISAKMP_NEXT_HASH
May 1 17:11:42 penetrak pluto[4404]: | ISAKMP version: ISAKMP Version 1.0
May 1 17:11:42 penetrak pluto[4404]: | exchange type: ISAKMP_XCHG_INFO
May 1 17:11:42 penetrak pluto[4404]: | flags: ISAKMP_FLAG_ENCRYPTION
May 1 17:11:42 penetrak pluto[4404]: | message ID: 8c 63 19 d2
May 1 17:11:42 penetrak pluto[4404]: | ***emit ISAKMP Hash Payload:
May 1 17:11:42 penetrak pluto[4404]: | next payload type: ISAKMP_NEXT_D
May 1 17:11:42 penetrak pluto[4404]: | emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
May 1 17:11:42 penetrak pluto[4404]: | emitting length of ISAKMP Hash Payload: 24
May 1 17:11:42 penetrak pluto[4404]: | ***emit ISAKMP Delete Payload:
May 1 17:11:42 penetrak pluto[4404]: | next payload type: ISAKMP_NEXT_NONE
May 1 17:11:42 penetrak pluto[4404]: | DOI: ISAKMP_DOI_IPSEC
May 1 17:11:42 penetrak pluto[4404]: | protocol ID: 1
May 1 17:11:42 penetrak pluto[4404]: | SPI size: 16
May 1 17:11:42 penetrak pluto[4404]: | number of SPIs: 1
May 1 17:11:42 penetrak pluto[4404]: | emitting 16 raw bytes of delete payload into ISAKMP Delete Payload
May 1 17:11:42 penetrak pluto[4404]: | delete payload c7 4d fa 6b 54 d6 03 ca 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | emitting length of ISAKMP Delete Payload: 28
May 1 17:11:42 penetrak pluto[4404]: | HASH(1) computed:
May 1 17:11:42 penetrak pluto[4404]: | 70 63 43 3c 0f d4 aa 7d 55 53 f5 37 22 96 47 45
May 1 17:11:42 penetrak pluto[4404]: | 9b 7d 89 67
May 1 17:11:42 penetrak pluto[4404]: | last Phase 1 IV: 83 4a b1 7e 66 6c 4f 67 e8 28 06 18 68 d4 dd 53
May 1 17:11:42 penetrak pluto[4404]: | current Phase 1 IV: 10 c3 30 f9 97 90 ed 85 8c 1a 50 2f df d3 44 ff
May 1 17:11:42 penetrak pluto[4404]: | computed Phase 2 IV:
May 1 17:11:42 penetrak pluto[4404]: | 05 67 4a 19 83 25 ca 83 f1 ef 5a 35 20 22 6f d1
May 1 17:11:42 penetrak pluto[4404]: | a8 6c de 3e
May 1 17:11:42 penetrak pluto[4404]: | encrypting:
May 1 17:11:42 penetrak pluto[4404]: | 0c 00 00 18 70 63 43 3c 0f d4 aa 7d 55 53 f5 37
May 1 17:11:42 penetrak pluto[4404]: | 22 96 47 45 9b 7d 89 67 00 00 00 1c 00 00 00 01
May 1 17:11:42 penetrak pluto[4404]: | 01 10 00 01 c7 4d fa 6b 54 d6 03 ca 23 f7 f0 a6
May 1 17:11:42 penetrak pluto[4404]: | d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | IV:
May 1 17:11:42 penetrak pluto[4404]: | 05 67 4a 19 83 25 ca 83 f1 ef 5a 35 20 22 6f d1
May 1 17:11:42 penetrak pluto[4404]: | a8 6c de 3e
May 1 17:11:42 penetrak pluto[4404]: | unpadded size is: 52
May 1 17:11:42 penetrak pluto[4404]: | emitting 12 zero bytes of encryption padding into ISAKMP Message
May 1 17:11:42 penetrak pluto[4404]: | encrypting 64 using OAKLEY_AES_CBC
May 1 17:11:42 penetrak pluto[4404]: | next IV: 2c b4 51 1c bb e0 b9 52 fc 8a 5b 63 2f a8 9d b5
May 1 17:11:42 penetrak pluto[4404]: | emitting length of ISAKMP Message: 92
May 1 17:11:42 penetrak pluto[4404]: | sending 92 bytes for delete notify through eth1:500 to 85.216.205.135:500 (using #2)
May 1 17:11:42 penetrak pluto[4404]: | c7 4d fa 6b 54 d6 03 ca 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | 08 10 05 01 8c 63 19 d2 00 00 00 5c 64 aa ef 4d
May 1 17:11:42 penetrak pluto[4404]: | 62 4a 4f fa 38 fc 66 42 3e 70 39 a2 ec 55 5c d8
May 1 17:11:42 penetrak pluto[4404]: | b6 cd 78 c4 82 dd 66 c5 0a 3e 5f 6f 91 96 eb 34
May 1 17:11:42 penetrak pluto[4404]: | e0 7d 37 58 bd c0 bc 78 d1 ba d9 27 2c b4 51 1c
May 1 17:11:42 penetrak pluto[4404]: | bb e0 b9 52 fc 8a 5b 63 2f a8 9d b5
May 1 17:11:42 penetrak pluto[4404]: | no suspended cryptographic state for 2
May 1 17:11:42 penetrak pluto[4404]: | ICOOKIE: c7 4d fa 6b 54 d6 03 ca
May 1 17:11:42 penetrak pluto[4404]: | RCOOKIE: 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: | state hash entry 11
May 1 17:11:42 penetrak pluto[4404]: | processing connection e61[4] 85.216.205.135
May 1 17:11:42 penetrak pluto[4404]: "e61"[4] 85.216.205.135: deleting connection "e61" instance with peer 85.216.205.135 {isakmp=#0/ipsec=#0}
May 1 17:11:42 penetrak pluto[4404]: | alg_info_delref(0x603c10) alg_info->ref_cnt=7
May 1 17:11:42 penetrak pluto[4404]: | alg_info_delref(0x602fb0) alg_info->ref_cnt=7
May 1 17:11:42 penetrak pluto[4404]: | del: c7 4d fa 6b 54 d6 03 ca 23 f7 f0 a6 d4 46 d4 1b
May 1 17:11:42 penetrak pluto[4404]: packet from 85.216.205.135:500: received and ignored informational message
May 1 17:11:42 penetrak pluto[4404]: | complete state transition with STF_IGNORE
May 1 17:11:42 penetrak pluto[4404]: | * processed 0 messages from cryptographic helpers
May 1 17:11:42 penetrak pluto[4404]: | next event EVENT_SHUNT_SCAN in 81 seconds
May 1 17:11:42 penetrak pluto[4404]: |
May 1 17:11:42 penetrak pluto[4404]: | rejected packet:
May 1 17:11:42 penetrak pluto[4404]: |
May 1 17:11:42 penetrak pluto[4404]: | control:
May 1 17:11:42 penetrak pluto[4404]: | 1c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00
May 1 17:11:42 penetrak pluto[4404]: | 02 00 00 00 4e 1f 1b f4 4e 1f 1b f4 00 00 00 00
May 1 17:11:42 penetrak pluto[4404]: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00
May 1 17:11:42 penetrak pluto[4404]: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00
May 1 17:11:42 penetrak pluto[4404]: | 02 00 00 00 55 d8 cd 87 00 00 00 00 00 00 00 00
May 1 17:11:42 penetrak pluto[4404]: | name:
May 1 17:11:42 penetrak pluto[4404]: | 02 00 01 f4 55 d8 cd 87 00 00 00 00 00 00 00 00
May 1 17:11:42 penetrak pluto[4404]: ERROR: asynchronous network error report on eth1 (sport=500) for message to 85.216.205.135 port 500, complainant 85.216.205.135: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20080501/6f75089f/attachment.bin
More information about the Users
mailing list