[Openswan Users] Fedora9 xl2tpd+openswan ipsec+psk problems

Saso Tavcar fast at ais42.net
Sun Mar 15 04:33:17 EDT 2009


Hi,

I have a problem connecting Windows XP client vith Fedora 9 xl2tpd
(1.2.3) and openswan (2.6.19-1). IPsec tunnel is established, but
PPP connection does not start. Same configuration does work with
Vista 64 - l2tp and "Use certificate for authentication" in IPsec
settings. With PSK option there are the same symptoms - IPsec tunnel
is established, but PPP connection does not start.


1. Windows XP/Vista 64 with VPN client settings - l2tp+PSK

- /var/log/secure
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: responding to Main Mode from unknown peer  
186.161.166.72
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: transition from state STATE_MAIN_R0 to state  
STATE_MAIN_R1
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t- 
ike-02/03: peer is NATed
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: transition from state STATE_MAIN_R1 to state  
STATE_MAIN_R2
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: Main mode peer ID is ID_FQDN: '@marvin'
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[1]  
186.161.166.72 #1: switched from "roadwarrior-osx-xp" to "roadwarrior- 
osx-xp"
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: deleting connection "roadwarrior-osx-xp" instance  
with peer 186.161.166.72 {isakmp=#0/ipsec=#0}
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: transition from state STATE_MAIN_R2 to state  
STATE_MAIN_R3
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: new NAT mapping for #1, was 186.161.166.72:500, now  
186.161.166.72:4500
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established  
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha  
group=modp2048}
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: peer client type is FQDN
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: Applying workaround for MS-818043 NAT-T bug
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: IDci was FQDN: Y\217\013\032, using  
NAT_OA=192.168.70.11/32 as IDci
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #1: the peer proposed: 189.148.112.126/32:17/1701 ->  
192.168.70.11/32:17/0
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2: responding to Quick Mode proposal {msgid:6138c5f2}
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2:     us: 189.148.112.126<189.148.112.126>[+S=C]: 
17/1701---89.143.11.25
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2:   them: 186.161.166.72[@marvin,+S=C]:17/1701===?
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2: transition from state STATE_QUICK_R0 to state  
STATE_QUICK_R1
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA  
installed, expecting QI2
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2: transition from state STATE_QUICK_R1 to state  
STATE_QUICK_R2
Mar 15 09:03:20 mosquito pluto[3770]: "roadwarrior-osx-xp"[2]  
186.161.166.72 #2: STATE_QUICK_R2: IPsec SA established tunnel mode  
{ESP=>0xa4a55224 <0x5832f20f xfrm=3DES_0-HMAC_MD5 NATOA=192.168.70.11  
NATD=186.161.166.72:4500 DPD=none}

-var/log/messages
Mar 15 09:00:23 mosquito xl2tpd[1892]: death_handler: Fatal signal 15  
received
Mar 15 09:00:23 mosquito xl2tpd[3258]: setsockopt recvref[22]:  
Protocol not available
Mar 15 09:00:23 mosquito xl2tpd[3258]: This binary does not support  
kernel L2TP.
Mar 15 09:00:23 mosquito xl2tpd[3259]: xl2tpd version xl2tpd-1.2.3  
started on mosquito PID:3259
Mar 15 09:00:23 mosquito xl2tpd[3259]: Written by Mark Spencer,  
Copyright (C) 1998, Adtran, Inc.
Mar 15 09:00:23 mosquito xl2tpd[3259]: Forked by Scott Balmos and  
David Stipp, (C) 2001
Mar 15 09:00:23 mosquito xl2tpd[3259]: Inherited by Jeff McAdams, (C)  
2002
Mar 15 09:00:23 mosquito xl2tpd[3259]: Forked again by Xelerance (www.xelerance.com 
) (C) 2006
Mar 15 09:00:23 mosquito xl2tpd[3259]: Listening on IP address  
0.0.0.0, port 1701
...
Mar 15 09:03:27 mosquito xl2tpd[3259]: Maximum retries exceeded for  
tunnel 35406.  Closing.
Mar 15 09:03:27 mosquito xl2tpd[3259]: Connection 9 closed to  
186.161.166.72, port 1701 (Timeout)
Mar 15 09:03:53 mosquito xl2tpd[3259]: Maximum retries exceeded for  
tunnel 37321.  Closing.



[root at mosquito ~]# tcpdump -i eth1 -n -p ip host 186.161.166.72 and  
not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol  
decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:21:41.530331 IP 186.161.166.72.isakmp > 189.148.112.126.isakmp:  
isakmp: phase 1 I ident
09:21:41.530765 IP 189.148.112.126.isakmp > 186.161.166.72.isakmp:  
isakmp: phase 1 R ident
09:21:42.004368 IP 186.161.166.72.isakmp > 189.148.112.126.isakmp:  
isakmp: phase 1 I ident
09:21:42.010671 IP 189.148.112.126.isakmp > 186.161.166.72.isakmp:  
isakmp: phase 1 R ident
09:21:42.378487 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 1 I ident[E]
09:21:42.379076 IP 189.148.112.126.ipsec-nat-t > 186.161.166.72.ipsec- 
nat-t: NONESP-encap: isakmp: phase 1 R ident[E]
09:21:42.652957 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
09:21:42.655190 IP 189.148.112.126.ipsec-nat-t > 186.161.166.72.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
09:21:42.950195 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
09:21:42.953386 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x0999d072,seq=0x1), length 140
09:21:43.975919 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x0999d072,seq=0x2), length 140
09:21:44.955592 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:21:44.956355 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 ZLB
09:21:45.245217 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:21:45.247166 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 48
09:21:45.956895 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:21:45.964776 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x0999d072,seq=0x3), length 140
09:21:45.965144 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 ZLB
09:21:46.222044 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:21:46.227007 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 48
09:21:46.957915 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:21:47.192954 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:21:47.958891 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:21:48.175859 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:21:48.959931 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:21:49.261386 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:21:49.933030 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x0999d072,seq=0x4), length 140
09:21:49.933446 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 ZLB
09:21:50.247350 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 48
09:21:58.082267 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x0999d072,seq=0x5), length 140
09:21:58.082657 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 ZLB
09:21:58.082674 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(5412)  
*RESULT_CODE(1/0 Timeout)
09:21:58.278774 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 48
09:21:58.281751 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:21:59.083883 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(5412)  
*RESULT_CODE(1/0 Timeout)
09:21:59.430229 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:22:00.083929 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(5412)  
*RESULT_CODE(1/0 Timeout)
09:22:01.083934 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(5412)  
*RESULT_CODE(1/0 Timeout)
09:22:01.388012 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:22:02.084956 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(5412)  
*RESULT_CODE(1/0 Timeout)
09:22:02.364852 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:22:02.373828 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: isakmp-nat-keep-alive
09:22:07.922730 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x0999d072,seq=0x6), length 140
09:22:07.923314 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](13/0)Ns=0,Nr=1 ZLB
09:22:17.808181 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others I inf[E]
09:22:17.808607 IP 189.148.112.126.ipsec-nat-t > 186.161.166.72.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others R inf[E]
09:22:17.811223 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others I inf[E]
09:22:17.835248 IP 189.148.112.126.ipsec-nat-t > 186.161.166.72.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others R inf[E]
09:22:22.491037 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: isakmp-nat-keep-alive




2. Vista 64 bit with VPN client settings - l2tp+ "Use certificate for  
authentication"

- /var/log/messages

Mar 15 09:25:26 mosquito kernel: PPP generic driver version 2.4.2
Mar 15 09:25:26 mosquito pppd[4742]: pppd 2.4.4 started by root, uid 0
Mar 15 09:25:26 mosquito pppd[4742]: Using interface ppp0
Mar 15 09:25:26 mosquito pppd[4742]: Connect: ppp0 <--> /dev/pts/4
Mar 15 09:25:31 mosquito pppd[4742]: Unsupported protocol 'IPv6  
Control Protovol' (0x8057) received
Mar 15 09:25:31 mosquito pppd[4742]: Unsupported protocol 'Compression  
Control Protocol' (0x80fd) received
Mar 15 09:25:32 mosquito pppd[4742]: Cannot determine ethernet address  
for proxy ARP
Mar 15 09:25:32 mosquito pppd[4742]: local  IP address 192.168.2.1
Mar 15 09:25:32 mosquito pppd[4742]: remote IP address 192.168.2.3
Mar 15 09:25:33 mosquito ntpd[1908]: Listening on interface #9 ppp0,  
192.168.2.1#123 Enabled
Mar 15 09:25:39 mosquito pppd[4742]: LCP terminated by peer ( ^@E9^@<M- 
Mt^@^@^@^@)
Mar 15 09:25:39 mosquito pppd[4742]: Connect time 0.2 minutes.
Mar 15 09:25:39 mosquito pppd[4742]: Sent 132 bytes, received 6083  
bytes.
Mar 15 09:25:39 mosquito xl2tpd[3259]: control_finish: Connection  
closed to 186.161.166.72, serial 0 ()
Mar 15 09:25:39 mosquito pppd[4742]: Modem hangup
Mar 15 09:25:39 mosquito pppd[4742]: Connection terminated.



- tcpdump

09:25:21.612549 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: UDP-encap: ESP(spi=0x2cf7ccf0,seq=0x6), length 140
09:25:21.693369 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S)  
*BEARER_CAP() |...
09:25:22.510547 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: isakmp-nat-keep-alive
09:25:23.612928 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:25:23.796061 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:25:24.827545 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S)  
*BEARER_CAP() |...
09:25:25.613406 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:25:25.613512 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:25:25.613961 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/0)Ns=0,Nr=1 ZLB
09:25:25.936253 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/0)Ns=1,Nr=1 *MSGTYPE(SCCCN)
09:25:25.936525 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/0)Ns=1,Nr=2 ZLB
09:25:25.939212 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/0)Ns=3,Nr=1 ZLB
09:25:25.941158 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/0)Ns=2,Nr=1 *MSGTYPE(ICRQ) *ASSND_SESS_ID(1)  
*CALL_SER_NUM(0) *BEARER_TYPE(A)
09:25:25.941401 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/1)Ns=1,Nr=3 *MSGTYPE(ICRP) *ASSND_SESS_ID(34679)
09:25:25.941469 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/0)Ns=2,Nr=3 ZLB
09:25:25.945281 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:25:26.181580 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/34679)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000)  
*FRAMING_TYPE(S) PROXY_AUTH_TYPE(No Auth)
09:25:26.181593 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/0)Ns=4,Nr=2 ZLB
09:25:26.184646 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/1)Ns=2,Nr=4 ZLB
09:25:26.187572 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {LCP, Conf-Request (0x01), id 0, length 23}
09:25:26.363329 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {LCP, Conf-Request (0x01), id 1, length 31}
09:25:26.612641 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {LCP, Conf-Ack (0x02), id 1, length 31}
09:25:26.614876 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:25:27.615887 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:25:27.822016 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 141
09:25:28.281981 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {LCP, Conf-Request (0x01), id 1, length 23}
09:25:28.282317 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {LCP, Conf-Reject (0x04), id 1, length 9}
09:25:28.616922 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)  
*BEARER_CAP() |...
09:25:28.707080 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {LCP, Conf-Request (0x01), id 2, length 20}
09:25:28.707302 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {LCP, Conf-Ack (0x02), id 2, length 20}
09:25:28.707313 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {CHAP, Challenge (0x01), id 6, Value  
ef4390ba3391a951eebadd71a070cc79, Name sip}
09:25:31.376411 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {CHAP, Response (0x02), id 6, Value  
f1298bdb3c47ffbf6034e7f80628d73a00000000000000000effd668ce9ac74fa0a2fa430f7159 
[|chap]}
09:25:31.376490 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60838)  
*RESULT_CODE(1/0 Timeout)
09:25:31.377503 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {CHAP, Success (0x03), id 6, Msg  
S=1E0F0FF8FD6146880BE441ECC084D74F58F2BA[|chap]}
09:25:31.377610 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IPCP, Conf-Request (0x01), id 1, length 18}
09:25:31.621796 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:25:31.624829 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP6CP, Conf-Request (0x01), id 5, length 16}
09:25:31.625038 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {LCP, Prot-Reject (0x08), id 2, length 22}
09:25:31.627766 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {unknown ctrl-proto (0x80fd), Conf-Request (0x01), id  
6, length 12}
09:25:31.627968 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {LCP, Prot-Reject (0x08), id 3, length 18}
09:25:31.630764 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IPCP, Conf-Request (0x01), id 7, length 36}
09:25:31.630777 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IPCP, Conf-Reject (0x04), id 1, length 12}
09:25:31.631030 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IPCP, Conf-Reject (0x04), id 7, length 18}
09:25:31.631045 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IPCP, Conf-Request (0x01), id 2, length 12}
09:25:31.759473 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others I inf[E]
09:25:31.759847 IP 189.148.112.126.ipsec-nat-t > 186.161.166.72.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others R inf[E]
09:25:31.761453 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others I inf[E]
09:25:31.785742 IP 189.148.112.126.ipsec-nat-t > 186.161.166.72.ipsec- 
nat-t: NONESP-encap: isakmp: phase 2/others R inf[E]
09:25:31.945020 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IPCP, Conf-Request (0x01), id 8, length 24}
09:25:31.945254 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IPCP, Conf-Nack (0x03), id 8, length 24}
09:25:31.947018 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IPCP, Conf-Ack (0x02), id 2, length 12}
09:25:32.256410 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IPCP, Conf-Request (0x01), id 9, length 24}
09:25:32.256614 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IPCP, Conf-Ack (0x02), id 9, length 24}
09:25:32.377866 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60838)  
*RESULT_CODE(1/0 Timeout)
09:25:32.613561 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:25:33.356000 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3 > 224.0.0.22: igmp v3 report, 1 group  
record(s)}
09:25:33.376054 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.52974 > 224.0.0.252.hostmon: UDP,  
length 23}
09:25:33.377915 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60838)  
*RESULT_CODE(1/0 Timeout)
09:25:33.386985 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:33.392830 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3 > 224.0.0.22: igmp v3 report, 1 group  
record(s)}
09:25:33.415907 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:25:33.453160 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.60591 > 239.255.255.250.ws-discovery:  
UDP, length 992}
09:25:33.461799 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.bootpc > 255.255.255.255.bootps:  
BOOTP/DHCP, Request, length 300}
09:25:33.478676 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.52974 > 224.0.0.252.hostmon: UDP,  
length 23}
09:25:33.555653 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3 > 224.0.0.22: igmp v3 report, 2 group  
record(s)}
09:25:33.685647 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.60591 > 239.255.255.250.ws-discovery:  
UDP, length 992}
09:25:33.687404 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 125}
09:25:33.690266 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.52374 > 224.0.0.252.hostmon: UDP,  
length 23}
09:25:33.699275 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:33.733143 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:33.790043 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.52374 > 224.0.0.252.hostmon: UDP,  
length 23}
09:25:34.153232 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:34.378870 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60838)  
*RESULT_CODE(1/0 Timeout)
09:25:34.415649 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:25:34.915601 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:35.378921 IP 189.148.112.126.l2tp > 186.161.166.72.l2tp:  l2tp: 
[TLS](15/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60838)  
*RESULT_CODE(1/0 Timeout)
09:25:35.416499 IP 186.161.166.72 > 189.148.112.126: ICMP  
186.161.166.72 udp port l2tp unreachable, length 81
09:25:35.681913 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:35.727937 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:35.913429 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.59530 > 24.232.153.15.57855: S  
1830634201:1830634201(0) win 8192 <mss 1360,nop,[|tcp]>}
09:25:36.399338 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:36.445288 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:36.465321 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.bootpc > 255.255.255.255.bootps:  
BOOTP/DHCP, Request, length 300}
09:25:36.713427 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IP 24.232.153.15.57855 > 192.168.2.3.59530: S  
3161806658:3161806658(0) ack 1830634202 win 65535 <mss 1460,nop,[|tcp]>}
09:25:36.721705 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:36.741605 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 125}
09:25:36.750538 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.59530 > 24.232.153.15.57855: . ack 1  
win 260}
09:25:36.753469 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.59530 > 24.232.153.15.57855: . ack 1  
win 4096}
09:25:36.756553 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.59530 > 24.232.153.15.57855: P  
1:69(68) ack 1 win 4096}
09:25:36.773516 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:36.804473 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56095 > 239.255.255.250.ssdp: UDP,  
length 133}
09:25:37.210577 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:37.458350 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IP 24.232.153.15.57855 > 192.168.2.3.59530: F 1:1(0) ack 69  
win 65467}
09:25:37.495961 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.59530 > 24.232.153.15.57855: . ack 2  
win 4096}
09:25:37.498889 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.59530 > 24.232.153.15.57855: F  
69:69(0) ack 2 win 4096}
09:25:37.973046 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:38.487810 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.58840 > 192.168.1.18.domain: 44871+[| 
domain]}
09:25:38.504803 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.54571 > 192.168.1.18.domain: 65332+[| 
domain]}
09:25:38.518700 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.52307 > 192.168.1.18.domain: 13589+[| 
domain]}
09:25:38.535782 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.56999 > 192.168.1.18.domain: 33337+[| 
domain]}
09:25:38.550626 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.58846 > 192.168.1.18.domain: 31676+[| 
domain]}
09:25:38.567603 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.62722 > 192.168.1.18.domain: 50836+[| 
domain]}
09:25:38.715378 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {IP 24.232.153.15.57855 > 192.168.2.3.59530: . ack 70 win  
65467}
09:25:38.739254 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {IP 192.168.2.3.netbios-ns > 255.255.255.255.netbios- 
ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST}
09:25:39.308021 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[L](26145/34679) {LCP, Term-Request (0x05), id 10, length 18}
09:25:39.327094 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[L](16/1) {LCP, Term-Ack (0x06), id 10, length 6}
09:25:39.747989 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/34679)Ns=4,Nr=2 *MSGTYPE(CDN) *RESULT_CODE(3/0)  
*ASSND_SESS_ID(1)
09:25:39.748819 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/1)Ns=2,Nr=5 ZLB
09:25:39.785000 IP 186.161.166.72.1024 > 189.148.112.126.l2tp:  l2tp: 
[TLS](26145/0)Ns=5,Nr=2 *MSGTYPE(StopCCN) *ASSND_TUN_ID(16)  
*RESULT_CODE(6/0)
09:25:39.785126 IP 189.148.112.126.l2tp > 186.161.166.72.1024:  l2tp: 
[TLS](16/0)Ns=2,Nr=6 ZLB
09:25:42.419207 IP 186.161.166.72.ipsec-nat-t > 189.148.112.126.ipsec- 
nat-t: isakmp-nat-keep-alive


Regards,
saso



More information about the Users mailing list