[Openswan Users] need help with openswan
pual
pual at myway.com
Tue Jun 8 09:27:13 EDT 2010
Hello Paul,I have updated the ipsec.conf and other file where was needed as you suggested.But still receive error: I have put the all the config i have, hopefully you see the issue.many thanks, Pual----------------------------ipsec.conf:version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:91.200.17.23/24 uniqueids=yes oe=off protostack=netkeyconn west-pual left=y.y.y.y leftid=mo.net leftprotoport=17/1701 right=%any rightprotoport=17/%any rightsubnet=vhost:%no,%priv authby=secret rekey=no auto=add pfs=no type=transport-----------ipsec.secrecty.y.y.y %any: PSK "test"------------/etc/ppp/options.l2tpdauth # require authenticationidle 1800 # disconnect if the link is idle for xx secondsmtu 1460 # MTU tx, tunnel overhead=40 bytes => 1500 - 40 = 1460mru 1460 # MTU rx, tunnel overhead=40 bytes => 1500 - 40 = 1460debug # log control packets to syslogproxyarp # reply to ARP requests in the name of the peername *proxyarpipcp-accept-localipcp-accept-remotelcp-echo-failure 3lcp-echo-interval 5nodeflate-----------------------------/etc/xl2tpd/l2tp-secrets# Secrets for authenticating l2tp tunnels* * test* * 1234-------------------------Added in to the firewall rules:permit udp host y.y.y.y eq 500 any gt 1023 permit udp host y.y.y.y eq 1701 any gt 1023 permit tcp host y.y.y.y eq 500 any gt 1023 permit tcp host y.y.y.y eq 1701 any gt 1023================Jun 8 14:58:01 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun 8 14:58:01 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: responding to Main Mode from unknown peer x.x.x.xJun 8 14:58:01 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun 8 14:58:01 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: STATE_MAIN_R1: sent MR1, expecting MI2Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109 Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun 8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun 8 14:58:04 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: responding to Main Mode from unknown peer x.x.x.xJun 8 14:58:04 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun 8 14:58:04 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: STATE_MAIN_R1: sent MR1, expecting MI2Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109 Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun 8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun 8 14:58:07 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: responding to Main Mode from unknown peer x.x.x.xJun 8 14:58:07 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun 8 14:58:07 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: STATE_MAIN_R1: sent MR1, expecting MI2Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109 Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun 8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun 8 14:58:10 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: responding to Main Mode from unknown peer x.x.x.xJun 8 14:58:10 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun 8 14:58:10 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: STATE_MAIN_R1: sent MR1, expecting MI2Jun 8 14:58:24 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #1: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:58:27 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #2: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:58:30 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #3: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:58:33 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #4: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:59:11 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:59:14 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:59:17 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:59:20 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: max number of retransmissions (2) reached STATE_MAIN_R1Jun 8 14:59:20 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x: deleting connection "west-pual" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}Jun 8 15:00:01 vpn-server CRON[9226]: pam_unix(cron:session): session opened for user root by (uid=0)Jun 8 15:00:48 vpn-server CRON[9226]: pam_unix(cron:session): session closed for user root-----Original Message-----From: "pual" [pual at myway.com]Date: 06/04/2010 11:45 AMTo: paul at xelerance.comCC: users at openswan.orgSubject: Re: [Openswan Users] need help with openswanNote: Original message sent as attachment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100608/23eb0f9b/attachment-0001.html
-------------- next part --------------
An embedded message was scrubbed...
From: "pual" <pual at myway.com>
Subject: Re: [Openswan Users] need help with openswan
Date: Fri, 04 Jun 2010 11:45:43 -0400
Size: 6630
Url: http://lists.openswan.org/pipermail/users/attachments/20100608/23eb0f9b/attachment-0001.mht
More information about the Users
mailing list