[Openswan Users] home router with ipsec/l2tp server and PPPoE WAN mode
Murat Sezgin
sezginmurat at gmail.com
Fri Feb 19 20:43:03 EST 2010
Hi all,
I am running the ipsec/l2tp in an openwrt based home router. With the
DHCP and Static WAN mode, I can connect to the router from my iphone
behind a router. Then I tried to run PPPoE for the WAN mode and got a
public IP address. I am trying to connect from my iphone again over
3G, but I get the following errors.
I am new on openswan. Can someone shed a light for this error? What
configuration parameters should I change, if I switch to pppoe WAN
mode.
Regards,
Murat
packet from 166.205.139.100:42184: received Vendor ID payload [RFC
3947] method set to=109
packet from 166.205.139.100:42184: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike] method set to=110
packet from 166.205.139.100:42184: ignoring unknown Vendor ID payload
[8f8d83826d246b6fc7a8a6a428c11de8]
packet from 166.205.139.100:42184: ignoring unknown Vendor ID payload
[439b59f8ba676c4c7737ae22eab8f582]
packet from 166.205.139.100:42184: ignoring unknown Vendor ID payload
[4d1e0e136deafa34c4f3ea9f02ec7285]
packet from 166.205.139.100:42184: ignoring unknown Vendor ID payload
[80d0bb3def54565ee84645d4c85ce3ee]
packet from 166.205.139.100:42184: ignoring unknown Vendor ID payload
[9909b64eed937c6573de52ace952fa6b]
packet from 166.205.139.100:42184: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
packet from 166.205.139.100:42184: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
packet from 166.205.139.100:42184: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method
110
packet from 166.205.139.100:42184: received Vendor ID payload [Dead
Peer Detection]
| nat-t detected, sending nat-t VID
| find_host_connection2 called from main_inI1_outR1,
me=99.142.205.196:500 him=166.205.139.100:42184 policy=none
| find_host_pair: comparing to 99.142.205.196:500 166.205.139.100:500
| find_host_pair_conn (find_host_connection2): 99.142.205.196:500
166.205.139.100:42184 -> hp:road-warrior-host
| find_host_connection returns road-warrior-host
| creating state object #4 at 0x4241e074
| processing connection road-warrior-host[1] 166.205.139.100
| ICOOKIE: 72 a0 52 08 a9 26 9c fa
| RCOOKIE: 62 9b ef 8a e8 4f 46 d3
| state hash entry 23
| inserting state object #4 on chain 23
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #4
| event added at head of queue
"road-warrior-host"[1] 166.205.139.100 #4: responding to Main Mode
from unknown peer 166.205.139.100
| **emit ISAKMP Message:
| initiator cookie:
| 72 a0 52 08 a9 26 9c fa
| responder cookie:
| 62 9b ef 8a e8 4f 46 d3
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| DOI: ISAKMP_DOI_IPSEC
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 40
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 1
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE
| length: 32
| transform number: 1
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_TYPE
| length/value: 1
| [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_DURATION
| length/value: 3600
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 5
| [5 is OAKLEY_3DES_CBC]
| ike_alg_enc_ok(ealg=5,key_len=0): blocksize=8, keyminlen=192,
keydeflen=192, keymaxlen=192, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 1
| [1 is OAKLEY_PRESHARED_KEY]
| started looking for secret for 99.142.205.196->166.205.139.100 of kind PPK_PSK
| instantiating him to 0.0.0.0
| actually looking for secret for 99.142.205.196->%any of kind PPK_PSK
| line 12: key type PPK_PSK(99.142.205.196) to type PPK_PSK
| 1: compared key %any to 99.142.205.196 / %any -> 2
| 2: compared key 99.142.205.196 to 99.142.205.196 / %any -> 10
| line 12: match=10
| best_match 0>10 best=0x4241c630 (line=12)
| concluding with best_match=10 best=0x4241c630 (lineno=12)
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 2
| [2 is OAKLEY_GROUP_MODP1024]
| Oakley Transform 1 accepted
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 1
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE
| transform number: 1
| transform ID: KEY_IKE
| emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
| attributes 80 0b 00 01 80 0c 0e 10 80 01 00 05 80 03 00 01
| attributes 80 02 00 02 80 04 00 02
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| emitting length of ISAKMP Proposal Payload: 40
| emitting length of ISAKMP Security Association Payload: 52
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID 4f 45 47 4a 55 77 4c 5f 55 5c 6d 41
| emitting length of ISAKMP Vendor ID Payload: 16
| out_vendorid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| sender checking NAT-t: 1 and 110
| out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62
| emitting length of ISAKMP Vendor ID Payload: 20
| emitting length of ISAKMP Message: 136
| complete state transition with STF_OK
"road-warrior-host"[1] 166.205.139.100 #4: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
| deleting event for #4
| sending reply packet to 166.205.139.100:42184 (from port 500)
| sending 136 bytes for STATE_MAIN_R0 through ppp0:500 to
166.205.139.100:42184 (using #4)
| 72 a0 52 08 a9 26 9c fa 62 9b ef 8a e8 4f 46 d3
| 01 10 02 00 00 00 00 00 00 00 00 88 0d 00 00 34
| 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01
| 00 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 03 00 01 80 02 00 02 80 04 00 02
| 0d 00 00 10 4f 45 47 4a 55 77 4c 5f 55 5c 6d 41
| 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
| 77 57 01 00 00 00 00 14 4d f3 79 28 e9 fc 4f d1
| b3 26 21 70 d5 15 c6 62
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #4
| event added after event EVENT_RETRANSMIT for #3
"road-warrior-host"[1] 166.205.139.100 #4: STATE_MAIN_R1: sent MR1,
expecting MI2
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 3 seconds for #2
| next event EVENT_RETRANSMIT in 3 seconds for #2
|
| next event EVENT_RETRANSMIT in 0 seconds for #2
| *time to handle event
| handling event EVENT_RETRANSMIT
| event after this is EVENT_RETRANSMIT in 0 seconds
| processing connection road-warrior-host[1] 166.205.139.100
| handling event EVENT_RETRANSMIT for <invalid> "road-warrior-host" #2
| sending 136 bytes for EVENT_RETRANSMIT through ppp0:500 to
166.205.139.100:42184 (using #2)
| 72 a0 52 08 a9 26 9c fa ee f0 a5 49 a1 11 87 b8
| 01 10 02 00 00 00 00 00 00 00 00 88 0d 00 00 34
| 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01
| 00 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 03 00 01 80 02 00 02 80 04 00 02
| 0d 00 00 10 4f 45 47 4a 55 77 4c 5f 55 5c 6d 41
| 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
| 77 57 01 00 00 00 00 14 4d f3 79 28 e9 fc 4f d1
| b3 26 21 70 d5 15 c6 62
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #2
| event added after event EVENT_RETRANSMIT for #4
| handling event EVENT_RETRANSMIT
| event after this is EVENT_RETRANSMIT in 3 seconds
| processing connection road-warrior-host[1] 166.205.139.100
| handling event EVENT_RETRANSMIT for <invalid> "road-warrior-host" #1
| sending 136 bytes for EVENT_RETRANSMIT through ppp0:500 to
166.205.139.100:42184 (using #1)
| 72 a0 52 08 a9 26 9c fa 7a 24 33 d1 7f b8 2c 40
| 01 10 02 00 00 00 00 00 00 00 00 88 0d 00 00 34
| 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01
| 00 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 03 00 01 80 02 00 02 80 04 00 02
| 0d 00 00 10 4f 45 47 4a 55 77 4c 5f 55 5c 6d 41
| 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
| 77 57 01 00 00 00 00 14 4d f3 79 28 e9 fc 4f d1
| b3 26 21 70 d5 15 c6 62
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
| event added after event EVENT_RETRANSMIT for #4
| next event EVENT_RETRANSMIT in 3 seconds for #3
|
| next event EVENT_RETRANSMIT in 0 seconds for #3
| *time to handle event
| handling event EVENT_RETRANSMIT
| event after this is EVENT_RETRANSMIT in 4 seconds
| processing connection road-warrior-host[1] 166.205.139.100
| handling event EVENT_RETRANSMIT for <invalid> "road-warrior-host" #3
| sending 136 bytes for EVENT_RETRANSMIT through ppp0:500 to
166.205.139.100:42184 (using #3)
| 72 a0 52 08 a9 26 9c fa a6 e6 0f 0f 7f 15 b3 7a
| 01 10 02 00 00 00 00 00 00 00 00 88 0d 00 00 34
| 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01
| 00 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 03 00 01 80 02 00 02 80 04 00 02
| 0d 00 00 10 4f 45 47 4a 55 77 4c 5f 55 5c 6d 41
| 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
| 77 57 01 00 00 00 00 14 4d f3 79 28 e9 fc 4f d1
| b3 26 21 70 d5 15 c6 62
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #3
| event added after event EVENT_PENDING_DDNS
| next event EVENT_RETRANSMIT in 4 seconds for #4
|
| rejected packet:
| 72 a0 52 08 a9 26 9c fa a6 e6 0f 0f 7f 15 b3 7a
| 01 10 02 00 00 00 00 00
| control:
| 00 00 00 18 00 00 00 00 00 00 00 08 00 00 00 08
| 63 8e cd c4 63 8e cd c4 00 00 00 2c 00 00 00 00
| 00 00 00 0b 00 00 00 71 02 03 0d 00 00 00 00 00
| 00 00 00 00 00 02 00 00 4b 0b f5 d2 00 00 00 00
| 00 00 00 00
| name:
| 00 02 a4 c8 a6 cd 8b 64 00 00 00 00 00 00 00 00
ERROR: asynchronous network error report on ppp0 (sport=500) for
message to 166.205.139.100 port 42184, complainant 75.11.245.210: No
route to host [errno 113, origin ICMP type 3 code 13 (not
authenticated)]
More information about the Users
mailing list