[Openswan Users] Hopfully can some one help me uit to get openswan working,

pual pual at myway.com
Wed Jun 9 05:39:07 EDT 2010


Hello All,I have updated the ipsec.conf and other files, also the firewall rules are adapted.But still no working openswan with PSK, I have put the all the configuration in below email, hopefully someone can help to solve the issue and getting to workIn below config i have replace the of vpn server ip address by  y.y.y.y and vpn client ip address: x.x.x.xMany thanks, Pual----------------------------ipsec.conf:version 2.0    config setup        nat_traversal=yes        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,        uniqueids=yes        oe=off        protostack=netkeyconn west-pual        left=y.y.y.y        leftid=vpn-server        leftprotoport=17/1701        right=%any        rightprotoport=17/%any        rightsubnet=vhost:%no,%priv        authby=secret        rekey=no        auto=add        pfs=no        type=transport-----------ipsec.secrecty.y.y.y %any: PSK "test"------------/etc/ppp/options.l2tpdauth                  # require authenticationidle 1800             # disconnect if the link is idle for xx secondsmtu 1460              # MTU tx, tunnel overhead=40 bytes => 1500 - 40 = 1460mru 1460              # MTU rx, tunnel overhead=40 bytes => 1500 - 40 = 1460debug                 # log control packets to syslogproxyarp              # reply to ARP requests in the name of the peername *proxyarpipcp-accept-localipcp-accept-remotelcp-echo-failure 3lcp-echo-interval 5nodeflate-----------------------------/etc/xl2tpd/l2tp-secrets# Secrets for authenticating l2tp tunnels*       *       test-------------------------Added in to the firewall rules:permit udp host y.y.y.y eq 500 any gt 1023 permit udp host y.y.y.y eq 1701 any gt 1023 permit tcp host y.y.y.y eq 500 any gt 1023 permit tcp host y.y.y.y eq 1701 any gt 1023================Log when i try to connect: Jun  8 14:58:01 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun  8 14:58:01 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: responding to Main Mode from unknown peer x.x.x.xJun  8 14:58:01 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  8 14:58:01 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: STATE_MAIN_R1: sent MR1, expecting MI2Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  8 14:58:04 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun  8 14:58:04 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: responding to Main Mode from unknown peer x.x.x.xJun  8 14:58:04 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  8 14:58:04 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: STATE_MAIN_R1: sent MR1, expecting MI2Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  8 14:58:07 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun  8 14:58:07 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: responding to Main Mode from unknown peer x.x.x.xJun  8 14:58:07 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  8 14:58:07 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: STATE_MAIN_R1: sent MR1, expecting MI2Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  8 14:58:10 vpn-server pluto[9177]: packet from x.x.x.x:500: received Vendor ID payload [Dead Peer Detection]Jun  8 14:58:10 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: responding to Main Mode from unknown peer x.x.x.xJun  8 14:58:10 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  8 14:58:10 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: STATE_MAIN_R1: sent MR1, expecting MI2Jun  8 14:58:24 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #1: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:58:27 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #2: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:58:30 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #3: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:58:33 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #4: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:59:11 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #5: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:59:14 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #6: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:59:17 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #7: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:59:20 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x #8: max number of retransmissions (2) reached STATE_MAIN_R1Jun  8 14:59:20 vpn-server pluto[9177]: "west-pual"[1] x.x.x.x: deleting connection "west-pual" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}Jun  8 15:00:01 vpn-server CRON[9226]: pam_unix(cron:session): session opened for user root by (uid=0)Jun  8 15:00:48 vpn-server CRON[9226]: pam_unix(cron:session): session closed for user root
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100609/44097bbb/attachment-0001.html 
-------------- next part --------------
An embedded message was scrubbed...
From: "pual" <pual at myway.com>
Subject: Re: [Openswan Users] need help with openswan
Date: Tue, 08 Jun 2010 09:27:13 -0400
Size: 30670
Url: http://lists.openswan.org/pipermail/users/attachments/20100609/44097bbb/attachment-0001.mht 


More information about the Users mailing list