[Openswan Users] Problem with OpenSwan and l2tpd
vkirichenko
vkirichenko at tmu.com.ua
Wed Sep 9 10:22:32 EDT 2009
Server OS
CentOS release 5.3 (Final)
Linux mail.gardena.ua 2.6.18-128.el5 #1 SMP Wed Jan 21 10:41:14 EST 2009
x86_64 x86_64 x86_64 GNU/Linux
Linux Openswan U2.6.14/K2.6.18-128.el5 (netkey)
l2tpd - 0.69 with patch l2tpd-0.69.sysv.patch
Client OS
Windows 2003 Server SP2
When I try connect to l2tp server on linux I get in my logs
secure log
------------------------
Sep 9 17:13:02 mail pluto[31305]: packet from 62.64.75.14:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 9 17:13:02 mail pluto[31305]: packet from 62.64.75.14:500: ignoring
Vendor ID payload [FRAGMENTATION]
Sep 9 17:13:02 mail pluto[31305]: packet from 62.64.75.14:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 9 17:13:02 mail pluto[31305]: packet from 62.64.75.14:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
Sep 9 17:13:02 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
responding to Main Mode from unknown peer 62.64.75.14
Sep 9 17:13:02 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 9 17:13:02 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
STATE_MAIN_R1: sent MR1, expecting MI2
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19: NAT-
Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
STATE_MAIN_R2: sent MR2, expecting MI3
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
Main mode peer ID is ID_FQDN: '@vms'
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19: new
NAT mapping for #19, was 62.64.75.14:500, now 62.64.75.14:4500
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
peer client type is FQDN
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
Applying workaround for MS-818043 NAT-T bug
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
IDci was FQDN: Y\242\244\242, using NAT_OA=192.168.250.251/32 as IDci
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19: the
peer proposed: 89.162.164.162/32:17/0 -> 192.168.250.251/32:17/1701
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in
duplicate_state, please report to dev at openswan.org
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in
duplicate_state, please report to dev at openswan.org
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in
duplicate_state, please report to dev at openswan.org
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in
duplicate_state, please report to dev at openswan.org
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
responding to Quick Mode proposal {msgid:2b2b89b6}
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
us: 89.162.164.162<89.162.164.162>[+S=C]:17/0---89.162.164.161
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
them: 62.64.75.14[@vms,+S=C]:17/1701===192.168.250.251/32
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 9 17:13:03 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xf66fb121 <0x790ec3d2
xfrm=3DES_0-HMAC_MD5 NATOA=192.168.250.251 NATD=62.64.75.14:4500 DPD=none}
-------------------------------
may be OK - but then waiting
and last
-------------------------------
Sep 9 17:13:38 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
received Delete SA(0xf66fb121) payload: deleting IPSEC State #20
Sep 9 17:13:38 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #20:
request to replace with shunt a prospective erouted policy with netkey kernel
--- experimental
Sep 9 17:13:38 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
received and ignored informational message
Sep 9 17:13:38 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #19:
received Delete SA payload: deleting ISAKMP State #19
Sep 9 17:13:38 mail pluto[31305]: packet from 62.64.75.14:4500: received and
ignored informational message
Sep 9 17:13:47 mail pluto[31305]: "roadwarrior-l2tp"[8] 62.64.75.14 #21:
initiating Main Mode
--------------------------------
in message log
--------------------------------
Sep 9 17:13:09 mail l2tpd[1857]: my configured LNS hostname:
Sep 9 17:13:09 mail l2tpd[1857]: no configured LAC/LNS hostname found, using
network hostname mail.gardena.ua
Sep 9 17:13:11 mail l2tpd[1857]: call_close : Connection closed with peer
(null), reason: Timeout
Sep 9 17:13:18 mail l2tpd[1857]: my configured LNS hostname:
Sep 9 17:13:18 mail l2tpd[1857]: no configured LAC/LNS hostname found, using
network hostname mail.gardena.ua
Sep 9 17:13:27 mail l2tpd[1857]: my configured LNS hostname:
Sep 9 17:13:27 mail l2tpd[1857]: no configured LAC/LNS hostname found, using
network hostname mail.gardena.ua
Sep 9 17:13:35 mail l2tpd[1857]: call_close : Connection closed with peer
(null), reason: Timeout
-------------------------------
MY L2TPD config
-------------------------------
[global]
port = 1701
[lns default]
ip range = 192.168.1.101-192.168.1.254
local ip = 192.168.1.100
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
--------------------------------
Whats wrong???
Why l2tpd connection is not established???
More information about the Users
mailing list