[Openswan Users] Error ”cannot install eroute” when reconnect from the same IP

Paul Wouters paul at xelerance.com
Thu Apr 29 15:01:20 EDT 2010


On Thu, 29 Apr 2010, yegle wrote:

This is a bug that needs fixing......

It somehow does not realise it should replace the existing (or just terminated) IPsec SA.

Paul

> Date: Thu, 29 Apr 2010 19:27:57 +0800
> From: yegle <cnyegle at gmail.com>
> To: users at openswan.org
> Subject: [Openswan Users] Error ”cannot install eroute” when reconnect from
>     the same IP
> 
> Hi list,
> 
> I found a strange problem and hope someone can give me a hint.
> When I connect from a client and then disconnect and reconnect again,I'll get a "cannot install eroute" error.
> 
> I'm using OpenSwan 2.6.25 with kernel 2.6.30.
> 
> My ipsec.conf file:
> version    2.0
> config setup
>      protostack=netkey
>      nat_traversal=yes
>      virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>      nhelpers=0
>      uniqueids=yes
>      keep_alive=10
>      force_keepalive=yes
> conn L2TP-PSK-NAT
>      rightsubnet=vhost:%priv
>      also=L2TP-PSK-noNAT
> conn L2TP-PSK-noNAT
>      authby=secret
>      pfs=no
>      auto=add
>      keyingtries=3
>      rekey=no
>      left=72.52.94.226
>      leftnexthop=%defaultroute
>      leftprotoport=17/1701
>      right=%any
>      rightprotoport=17/%any
>      #dpdaction=clean
> conn block
>      auto=ignore
> conn private
>      auto=ignore
> conn private-or-clear
>      auto=ignore
> conn clear-or-private
>      auto=ignore
> conn clear
>      auto=ignore
> conn packetdefault
>      auto=ignore
> 
> Here's the log file
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload [RFC 3947]
> method set to=109
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: ignoring Vendor ID payload [FRAGMENTATION
> 80000000]
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: responding to Main Mode from unknown
> peer 114.247.10.74
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: transition from state STATE_MAIN_R0 to
> state STATE_MAIN_R1
> Apr 29 19:20:02 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: STATE_MAIN_R1: sent MR1, expecting MI2
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: NAT-Traversal: Result using RFC 3947
> (NAT-Traversal): peer is NATed
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: transition from state STATE_MAIN_R1 to
> state STATE_MAIN_R2
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: STATE_MAIN_R2: sent MR2, expecting MI3
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: Main mode peer ID is ID_IPV4_ADDR:
> '172.19.99.97'
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[1] 114.247.10.74 #1: switched from "L2TP-PSK-NAT" to
> "L2TP-PSK-NAT"
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: deleting connection "L2TP-PSK-NAT"
> instance with peer 114.247.10.74 {isakmp=#0/ipsec=#0}
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: transition from state STATE_MAIN_R2 to
> state STATE_MAIN_R3
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: new NAT mapping for #1, was
> 114.247.10.74:41620, now 114.247.10.74:41621
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA
> established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: retransmitting in response to duplicate
> packet; already STATE_MAIN_R3
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: ignoring informational payload, type
> IPSEC_INITIAL_CONTACT msgid=00000000
> Apr 29 19:20:03 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: received and ignored informational
> message
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #1: the peer proposed: X.X.X.226/32:17/1701
> -> 172.19.99.97/32:17/0
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2: responding to Quick Mode proposal
> {msgid:870162ef}
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2:     us:
> X.X.X.226<X.X.X.226>[+S=C]:17/1701---X.X.X.225
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2:   them:
> 114.247.10.74[172.19.99.97,+S=C]:17/0===172.19.99.97/32
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: | NAT-OA: 32 tunnel: 1 
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2: transition from state STATE_QUICK_R0 to
> state STATE_QUICK_R1
> Apr 29 19:20:04 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2: STATE_QUICK_R1: sent QR1, inbound IPsec
> SA installed, expecting QI2
> Apr 29 19:20:05 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2: transition from state STATE_QUICK_R1 to
> state STATE_QUICK_R2
> Apr 29 19:20:05 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #2: STATE_QUICK_R2: IPsec SA established
> tunnel mode {ESP=>0x0940ec9b <0x4dee268e xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=114.247.10.74:41621 DPD=none}
> Apr 29 19:20:08 yegle-OPENVPN xl2tpd[11026]: control_finish: Peer requested tunnel 44319 twice, ignoring second one.
> Apr 29 19:20:08 yegle-OPENVPN xl2tpd[11026]: Connection established to 114.247.10.74, 45099.  Local: 14238, Remote:
> 44319 (ref=0/0).  LNS session is 'default'
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: start_pppd: I'm running:
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "/usr/sbin/pppd"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "passive"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "-detach"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "10.10.0.1:10.10.0.2"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "refuse-pap"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "auth"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "require-chap"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "name"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "LinuxVPNserver"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "debug"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "file"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "/etc/ppp/options.xl2tpd"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: "/dev/pts/3"
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: Call established with 114.247.10.74, Local: 18093, Remote: 51911, Serial:
> 379304230
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: Plugin /usr/lib64/pppd/2.4.4/radius.so loaded.
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: RADIUS plugin initialized.
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: pppd 2.4.4 started by root, uid 0
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: using channel 89
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: Using interface ppp0
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: Connect: ppp0 <--> /dev/pts/3
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic
> 0xe3d3d7f> <pcomp> <accomp>]
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x423abd5d> <pcomp>
> <accomp>]
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x423abd5d> <pcomp>
> <accomp>]
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: rcvd [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic
> 0xe3d3d7f> <pcomp> <accomp>]
> Apr 29 19:20:09 yegle-OPENVPN pppd[27839]: sent [CHAP Challenge id=0x31
> <e16176ad752ff4d96ef727e34b41f3f6b4da049041c02f>, name = "LinuxVPNserver"]
> Apr 29 19:20:09 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: rcvd [CHAP Response id=0x31 <66dc5356ec0b167cf8f29752b77c3f68>, name =
> "yegle"]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: sent [CHAP Success id=0x31 ""]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 10.10.0.1>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: sent [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1
> 0.0.0.0> <ms-dns3 0.0.0.0>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: sent [IPCP ConfNak id=0x1 <addr 10.10.0.2> <ms-dns1 74.82.42.42> <ms-dns3
> 74.82.42.42>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: rcvd [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 10.10.0.1>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 10.10.0.2> <ms-dns1
> 74.82.42.42> <ms-dns3 74.82.42.42>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: sent [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 10.10.0.2> <ms-dns1
> 74.82.42.42> <ms-dns3 74.82.42.42>]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: not replacing existing default route to eth0 [X.X.X.225]
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: Cannot determine ethernet address for proxy ARP
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: local  IP address 10.10.0.1
> Apr 29 19:20:10 yegle-OPENVPN pppd[27839]: remote IP address 10.10.0.2
> Apr 29 19:20:11 yegle-OPENVPN pppd[27839]: Script /etc/ppp/ip-up started (pid 27841)
> Apr 29 19:20:11 yegle-OPENVPN pppd[27839]: Script /etc/ppp/ip-up finished (pid 27841), status = 0x0
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: rcvd [LCP TermReq id=0x2 "User request"]
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: LCP terminated by peer (User request)
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Connect time 0.2 minutes.
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Sent 2170 bytes, received 4764 bytes.
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Script /etc/ppp/ip-down started (pid 27842)
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: sent [LCP TermAck id=0x2]
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Script /etc/ppp/ip-down finished (pid 27842), status = 0x0
> Apr 29 19:20:17 yegle-OPENVPN xl2tpd[11026]: result_code_avp: avp is incorrect size.  8 < 10
> Apr 29 19:20:17 yegle-OPENVPN xl2tpd[11026]: handle_avps: Bad exit status handling attribute 1 (Result Code) on
> mandatory packet.
> Apr 29 19:20:17 yegle-OPENVPN xl2tpd[11026]: Trustingly terminating pppd: sending TERM signal to pid 27839
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Modem hangup
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Connection terminated.
> Apr 29 19:20:17 yegle-OPENVPN pppd[27839]: Exit.
> Apr 29 19:20:17 yegle-OPENVPN xl2tpd[11026]: pppd 27839 successfully terminated
> Apr 29 19:20:17 yegle-OPENVPN xl2tpd[11026]: Connection 44319 closed to 114.247.10.74, port 45099 (Result Code: expected
> at least 10, got 8)
> Apr 29 19:20:17 yegle-OPENVPN xl2tpd[11026]: network_thread: select returned error 9 (Bad file descriptor)
> Apr 29 19:20:18 yegle-OPENVPN pluto[27509]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> 114.247.10.74 port 41621, complainant 114.247.10.74: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Apr 29 19:20:18 yegle-OPENVPN pluto[27509]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> 114.247.10.74 port 41621, complainant 114.247.10.74: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Apr 29 19:20:18 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:19 yegle-OPENVPN pluto[27509]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> 114.247.10.74 port 41621, complainant 114.247.10.74: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Apr 29 19:20:19 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:20 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:21 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:22 yegle-OPENVPN pluto[27509]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> 114.247.10.74 port 41621, complainant 114.247.10.74: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Apr 29 19:20:22 yegle-OPENVPN xl2tpd[11026]: network_thread: select timeout
> Apr 29 19:20:22 yegle-OPENVPN xl2tpd[11026]: Unable to deliver closing message for tunnel 14238. Destroying anyway.
> Apr 29 19:20:23 yegle-OPENVPN pluto[27509]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> 114.247.10.74 port 41621, complainant 114.247.10.74: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Apr 29 19:20:23 yegle-OPENVPN pluto[27509]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> 114.247.10.74 port 41621, complainant 114.247.10.74: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload [RFC 3947]
> method set to=109
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: packet from 114.247.10.74:41620: ignoring Vendor ID payload [FRAGMENTATION
> 80000000]
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: responding to Main Mode from unknown
> peer 114.247.10.74
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: transition from state STATE_MAIN_R0 to
> state STATE_MAIN_R1
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: STATE_MAIN_R1: sent MR1, expecting MI2
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: NAT-Traversal: Result using RFC 3947
> (NAT-Traversal): peer is NATed
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: transition from state STATE_MAIN_R1 to
> state STATE_MAIN_R2
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: STATE_MAIN_R2: sent MR2, expecting MI3
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: Main mode peer ID is ID_IPV4_ADDR:
> '172.19.99.97'
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: transition from state STATE_MAIN_R2 to
> state STATE_MAIN_R3
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: new NAT mapping for #3, was
> 114.247.10.74:41620, now 114.247.10.74:41621
> Apr 29 19:21:14 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA
> established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Apr 29 19:21:15 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: ignoring informational payload, type
> IPSEC_INITIAL_CONTACT msgid=00000000
> Apr 29 19:21:15 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: received and ignored informational
> message
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: the peer proposed: X.X.X.226/32:17/1701
> -> 172.19.99.97/32:17/0
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[3] 114.247.10.74 #4: responding to Quick Mode proposal
> {msgid:ac7829cf}
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[3] 114.247.10.74 #4:     us:
> X.X.X.226<X.X.X.226>[+S=C]:17/1701---X.X.X.225
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[3] 114.247.10.74 #4:   them:
> 114.247.10.74[172.19.99.97,+S=C]:17/0===172.19.99.97/32
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: | NAT-OA: 32 tunnel: 1 
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[3] 114.247.10.74 #4: cannot install eroute -- it is in use
> for "L2TP-PSK-NAT"[2] 114.247.10.74 #2
> Apr 29 19:21:16 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[3] 114.247.10.74: deleting connection "L2TP-PSK-NAT" instance
> with peer 114.247.10.74 {isakmp=#0/ipsec=#0}
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: the peer proposed: X.X.X.226/32:17/1701
> -> 172.19.99.97/32:17/0
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[4] 114.247.10.74 #5: responding to Quick Mode proposal
> {msgid:ac7829cf}
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[4] 114.247.10.74 #5:     us:
> X.X.X.226<X.X.X.226>[+S=C]:17/1701---X.X.X.225
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[4] 114.247.10.74 #5:   them:
> 114.247.10.74[172.19.99.97,+S=C]:17/0===172.19.99.97/32
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: | NAT-OA: 32 tunnel: 1 
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[4] 114.247.10.74 #5: cannot install eroute -- it is in use
> for "L2TP-PSK-NAT"[2] 114.247.10.74 #2
> Apr 29 19:21:26 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[4] 114.247.10.74: deleting connection "L2TP-PSK-NAT" instance
> with peer 114.247.10.74 {isakmp=#0/ipsec=#0}
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[2] 114.247.10.74 #3: the peer proposed: X.X.X.226/32:17/1701
> -> 172.19.99.97/32:17/0
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[5] 114.247.10.74 #6: responding to Quick Mode proposal
> {msgid:ac7829cf}
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[5] 114.247.10.74 #6:     us:
> X.X.X.226<X.X.X.226>[+S=C]:17/1701---X.X.X.225
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[5] 114.247.10.74 #6:   them:
> 114.247.10.74[172.19.99.97,+S=C]:17/0===172.19.99.97/32
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: | NAT-OA: 32 tunnel: 1 
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[5] 114.247.10.74 #6: cannot install eroute -- it is in use
> for "L2TP-PSK-NAT"[2] 114.247.10.74 #2
> Apr 29 19:21:36 yegle-OPENVPN pluto[27509]: "L2TP-PSK-NAT"[5] 114.247.10.74: deleting connection "L2TP-PSK-NAT" instance
> with peer 114.247.10.74 {isakmp=#0/ipsec=#0}
> 
> 
> 
> 
>


More information about the Users mailing list