[Openswan Users] R: Multiple interfaces ipsec/l2tp vpn openswan 2.6.26

Federico Viel fviel at bellunum.com
Fri Jun 25 06:49:33 EDT 2010


Arghhhhhhhh!!!!!!!!
Maybe Here it is the problem!!!
Look at highlighted line (doroute statement):
source ip is ok the but dev is not!!! (eth0 instead of eth4)
Is there any configuration to avoid this wrong "doroute"?
Thank you
F

Jun 25 12:21:22 multifw pluto[4310]: packet from R.W.I.P:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jun 25 12:21:22 multifw pluto[4310]: packet from R.W.I.P:500: ignoring Vendor ID payload [FRAGMENTATION]
Jun 25 12:21:22 multifw pluto[4310]: packet from R.W.I.P:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jun 25 12:21:22 multifw pluto[4310]: packet from R.W.I.P:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jun 25 12:21:22 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: responding to Main Mode from unknown peer R.W.I.P
Jun 25 12:21:22 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 25 12:21:22 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 25 12:21:23 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Jun 25 12:21:23 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 25 12:21:23 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 25 12:21:23 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: Main mode peer ID is ID_IPV4_ADDR: 'R.W.I.P'
Jun 25 12:21:23 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 25 12:21:23 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: the peer proposed: x.y.z.206 /32:17/1701 -> R.W.I.P/32:17/0
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323: responding to Quick Mode proposal {msgid:32b76852}
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323:     us: x.y.z.206 /32===x.y.z.206 <x.y.z.206 >[+S=C]:17/1701---x.y.z.193
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323:   them: R.W.I.P[+S=C]:17/1701
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323: route-host output: /usr/lib/ipsec/_updown.netkey: doroute `ip route replace R.W.I.P/32 via x.y.z.193 dev eth0  src x.y.z.206 ' failed (RTNETLINK answers: Network is unreachable)

Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 25 12:21:24 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #323: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x3b41c9fb <0xd6638147 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
Jun 25 12:21:30 multifw pluto[4310]: packet from 85.36.74.198:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x053796e1
Jun 25 12:22:01 multifw pluto[4310]: "L2TP-PSK"[9] R.W.I.P #322: received Delete SA payload: deleting ISAKMP State #322
Jun 25 12:22:01 multifw pluto[4310]: packet from R.W.I.P:500: received and ignored informational message
Jun 25 12:22:01 multifw pluto[4310]: packet from R.W.I.P:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x7399d384

-----Messaggio originale-----
Da: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com] 
Inviato: giovedì 24 giugno 2010 16:37
A: Federico Viel
Cc: users at openswan.org
Oggetto: Re: [Openswan Users] Multiple interfaces ipsec/l2tp vpn openswan 2.6.26

One more question.  What does the log file from Openswan say?
I'm not sure what it is on all systems.  On my Ubuntu system it puts in in /var/log/auth.log

-----Original Message-----
From: "Federico Viel" <fviel at bellunum.com>
Sent: Thursday, June 24, 2010 3:15am
To: users at openswan.org
Subject: Re: [Openswan Users] Multiple interfaces ipsec/l2tp vpn openswan 2.6.26

The answer is: nothing!!!
This is tcpdump during attempt to conn via ETH4:

<snip>





More information about the Users mailing list