[Openswan Users] Error -no configured LAC/LNS hostname, using network hostname testserver !!! found
Shiva Raman
raman.shivag at gmail.com
Thu Sep 25 02:52:45 EDT 2008
Dear all
with reference to my previous mail, i made the modification of localip
in l2tpd as the local ip of my private network. Now i am getting
different error log.
The hostname of the machine is testserver .
tail -f /var/log/secure
-----------------------------
Sep 24 19:27:25 localhost pluto[10949]: "vpn"[3] 211.77.124.191 #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Sep 24 19:27:26 localhost pluto[10949]: "vpn"[3] 211.77.124.191 #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Sep 24 19:27:26 localhost pluto[10949]: "vpn"[3] 211.77.124.191 #3:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 24 19:27:26 localhost pluto[10949]: "vpn"[3] 211.77.124.191 #3:
STATE_MAIN_R2: sent MR2, expecting MI3
Sep 24 19:27:27 localhost pluto[10949]: "vpn"[3] 211.77.124.191 #3: Main
mode peer ID is ID_FQDN: '@FAMILY'
Sep 24 19:27:27 localhost pluto[10949]: "vpn"[3] 211.77.124.191 #3:
switched from "vpn" to "vpn"
Sep 24 19:27:27 localhost pluto[10949]: "vpn"[4] 211.77.124.191 #3:
deleting connection "vpn" instance with peer 211.77.124.191
{isakmp=#0/ipsec=#0}
Sep 24 19:27:27 localhost pluto[10949]: "vpn"[4] 211.77.124.191 #3:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 24 19:27:27 localhost pluto[10949]: "vpn"[4] 211.77.124.191 #3: new
NAT mapping for #3, was 211.77.124.191:500, now 211.77.124.191:4500
Sep 24 19:27:27 localhost pluto[10949]: "vpn"[4] 211.77.124.191 #3:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}
tail -f /var/log/message
---------------------------------
Sep 22 13:23:42 testserver l2tpd[5682]: my configured LNS hostname:
Sep 22 13:23:42 testserver l2tpd[5682]: no configured LAC/LNS hostname
found, using network hostname testserver
Sep 22 13:23:43 testserver l2tpd[5682]: my configured LNS hostname:
Sep 22 13:23:43 testserver l2tpd[5682]: no configured LAC/LNS hostname
found, using network hostname testserver
Sep 22 13:23:45 testserver l2tpd[5682]: my configured LNS hostname:
Sep 22 13:23:45 testserver l2tpd[5682]: no configured LAC/LNS hostname
found, using network hostname testserver
Kindly let me know your suggestions to fix this issue.
Regards
Shiva Raman
---------- Forwarded message ----------
From: Shiva Raman <raman.shivag at gmail.com>
Date: Tue, 23 Sep 2008 10:21:18 +0530
Subject: L2TP / IPSEC shows problem while connecting from Windows
XP(Maximum retries exceeded for tunnel 40334. Closing)!!!!
To: users at openswan.org
Dear all
i am trying to setup a L2TP/IPSEC vpn server with Linux as server and
windows as clients.
I am facing a problem in which the clients are not able to connect to
openswan server. I tried
with different configuration and also referred to postings in the
openswan list. but i was not able to fix the problem. Let me the
explains the details of my installation.
I am using the following version of OS and openswan /l2tp.
OS Version
-----------------
Centos 5.2 (64 bit ) as L2TP/IPSEC server
Windows xp sp2 as L2TP/IPSEC client
openswan version
----------------------------
openswan-2.6.12-2.el5
l2tpd version
-----------------
l2tpd-0.69-0.2.20051030.fc4.x86_64.rpm
Kernel version of Centos 5.2 - > 2.6.18-92.el5
Following are the configuration files
Configuartion of ipsec.conf
----------------------------------------
version 2.0
config setup
interfaces="ipsec0=ppp0"
klipsdebug=none
plutodebug=none
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.10.0/24
conn %default
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
conn roadwarrior
pfs=no
left=219.64.78.98
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
auto=add
Configuration of ipsec.secrets
--------------------------------------------
: PSK "theconnectionissecure"
Configuration of l2tpd.conf
------------------------------------------
[global]
; listen-addr = 192.168.1.98
[lns default]
ip range = 192.168.10.138-192.168.10.254
local ip = 224.64.77.97
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
Configuration of option.l2tpd
------------------------------------------
ipcp-accept-local
ipcp-accept-remote
#ms-dns 192.168.10.1
#ms-wins 192.168.10.1
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
nologfd
#check this noccp
------------------------------------------------------------------------------
Following are the Output of Log messages
tail -f /var/log/secure
------------------------------------
Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #1: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Sep 22 19:03:00 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #1: discarding duplicate packet; already STATE_MAIN_R2
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #1: Main mode peer ID is ID_FQDN: '@FAMILY'
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #1: switched from "roadwarrior" to "roadwarrior"
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[1]
211.77.124.191 #2: new NAT mapping for #2, was 211.77.124.191:500, now
211.77.124.191:4500
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: new NAT mapping for #1, was 211.77.124.191:500, now
211.77.124.191:4500
Sep 22 19:03:01 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: peer client type is FQDN
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: Applying workaround for MS-818043 NAT-T bug
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: IDci was FQDN: \333 at Nb, using
NAT_OA=192.168.10.125/32 as IDci
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #1: the peer proposed: 219.64.78.98/32:17/0 ->
192.168.10.125/32:17/1701
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #3: responding to Quick Mode {msgid:9e3dce79}
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #3: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA
installed, expecting QI2
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #3: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2
Sep 22 19:03:02 localhost pluto[10196]: "roadwarrior"[2]
211.77.124.191 #3: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0x9504a6c5 <0x7e0a887f xfrm=3DES_0-HMAC_MD5 NATOA=192.168.10.125
NATD=211.77.124.191:4500 DPD=none}
tail -f /var/log/message
-----------------------------------
Sep 22 19:03:10 localhost l2tpd[10033]: Maximum retries exceeded for
tunnel 40334. Closing.
Sep 22 19:03:10 localhost l2tpd[10033]: Connection 94 closed to
211.77.124.191, port 1701
kindly guide me how to resolve this issue.
Regards
Shiva Raman
More information about the Users
mailing list