[Openswan Users] windows xp:connection problems with openswan
Dannysius Naim
danny71395 at gmail.com
Wed Nov 12 01:32:53 EST 2008
this error log when i tried to connect winxp client to the Linux VPN
server...
Nov 12 14:19:45 vpnserver pluto[6284]: packet from 219.93.36.194:31764:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000 004]
Nov 12 14:19:45 vpnserver pluto[6284]: packet from 219.93.36.194:31764:
ignoring Vendor ID payload [FRAGMENTATION]
Nov 12 14:19:45 vpnserver pluto[6284]: packet from 219.93.36.194:31764:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ik e-02_n] method set
to=106
Nov 12 14:19:45 vpnserver pluto[6284]: packet from 219.93.36.194:31764:
ignoring Vendor ID payload [Vid-Initial-Contact]
Nov 12 14:19:45 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: responding to Main Mode from unknown peer 219.
93.36.194
Nov 12 14:19:45 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: transition from state STATE_MAIN_R0 to state S
TATE_MAIN_R1
Nov 12 14:19:45 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 14:19:46 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: NAT-Traversal: Result using draft-ietf-ipsec-n
at-t-ike-02/03: peer is
NATed
Nov 12 14:19:46 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: transition from state STATE_MAIN_R1 to state S
TATE_MAIN_R2
Nov 12 14:19:46 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: STATE_MAIN_R2: sent MR2, expecting MI3
Result using draft-ietf-ipsec-n at-t-ike-02/03: peer is NATed
Nov 12 14:20:56 vpnserver pluto[6284]: "roadwarrior-l2tp"[2]
219.93.36.194#2: max number of retransmissions (2) reached
STATE_MAIN_R2
Nov 12 14:20:56 vpnserver pluto[6284]: "roadwarrior-l2tp"[2] 219.93.36.194:
deleting connection "roadwarrior-l2tp" instance with peer
219.93.36.194{isakmp=#0/ipsec=#0}
this is my ipsec.conf configuration..
# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg: plutodebug="control parsing"
#
# ONLY enable plutodebug=all or klipsdebug=all if you are a
developer !!
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
#
# enable this if you see "failed to find any available worker"
nhelpers=0
# Add connections here
conn %default
keyingtries=5
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
#conn roadwarrior
# left=%defaultroute
# leftcert=host.example.com.pem
# right=60.51.211.53
# rightsubnet=vhost:%no,%priv
# rightsubnet=0.0.0.0/0
# auto=add
# pfs=yes
conn roadwarrior-l2tp
type=transport
left=219.93.36.214
leftcert=host.example.com.pem
leftprotoport=17/1701
right=%any
rightsubnet=192.168.1.0/24
rightprotoport=17/1701
pfs=no
auto=add
#conn roadwarrior-l2tp-oldwin
# left=%defaultroute
# leftcert=host.example.com.pem
# leftprotoport=17/0
# right=60.51.211.51
# rightprotoport=17/1701
# rightsubnet=vhost:%no,%priv
# rightsubnet=0.0.0.0/0
# pfs=no
# auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
# sample VPN connections, see /etc/ipsec.d/examples/
#Disable Opportunistic Encryption
#include /etc/ipsec.d/examples/no_oe.conf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081112/3e735fdf/attachment.html
More information about the Users
mailing list