[Openswan Users] URGENT! need help in openswan for uBuntu 10.10

Cady Wongso cady at holidaypalace.com
Fri Nov 12 13:04:49 EST 2010 

Dear All,

i'm having problem dialing in from my iphone to my VPN server
below is my config file

config setup
        # Do not set debug options to debug configuration issues!
        # plutodebug / klipsdebug = "all", "none" or a combation from below:
        # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
        # eg:
        #plutodebug="control parsing"
        #
        # enable to get logs per-peer
        #plutoopts="--perpeerlog"
        #
        # Again: only enable plutodebug or klipsdebug when asked by a developer
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes
        # exclude networks used on server side by adding %v4:!a.b.c.0/24
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        # OE is now off by default. Uncomment and change to on, to enable.
        oe=off
        # which IPsec stack to use. auto will try netkey, then klips then mast
        protostack=netkey
conn %default
        left=x.x.x.x
        right=%any
        rightprotoport=17/%any
        keyingtries=0
        disablearrivalcheck=no
conn abc 
        pfs=no
        left=x.x.x.x
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=%any
        type=transport
        #rightprotoport=17/%any
        #rightnexthop=%defaultroute
        dpddelay=30
        dpdtimeout=120
        dpdaction=hold
        authby=secret
        auto=start
        ikelifetime=8h
        keylife=1h


and this is from the log files when my iphone try to connect

Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: received Vendor ID payload [RFC 3947] method set to=109 
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 13 02:08:59 ipsec pluto[1257]: packet from 1.47.105.60:500: received Vendor ID payload [Dead Peer Detection]
Nov 13 02:08:59 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: responding to Main Mode from unknown peer 1.47.105.60
Nov 13 02:08:59 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 13 02:08:59 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: Main mode peer ID is ID_IPV4_ADDR: '1.47.105.60'
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: new NAT mapping for #59, was 1.47.105.60:500, now 1.47.105.60:4500
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 13 02:09:00 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: Dead Peer Detection (RFC 3706): enabled
Nov 13 02:09:02 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: the peer proposed: 110.74.223.120/32:17/1701 -> 1.47.105.60/32:17/0
Nov 13 02:09:02 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #60: ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
Nov 13 02:09:02 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #60: sending encrypted notification BAD_PROPOSAL_SYNTAX to 1.47.105.60:4500
Nov 13 02:09:05 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: the peer proposed: 110.74.223.120/32:17/1701 -> 1.47.105.60/32:17/55958
Nov 13 02:09:05 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #61: ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
Nov 13 02:09:05 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #61: sending encrypted notification BAD_PROPOSAL_SYNTAX to 1.47.105.60:4500
Nov 13 02:09:08 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: the peer proposed: 110.74.223.120/32:17/1701 -> 1.47.105.60/32:17/55958
Nov 13 02:09:08 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #62: ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
Nov 13 02:09:08 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #62: sending encrypted notification BAD_PROPOSAL_SYNTAX to 1.47.105.60:4500
Nov 13 02:09:11 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: the peer proposed: 110.74.223.120/32:17/1701 -> 1.47.105.60/32:17/55958
Nov 13 02:09:11 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #63: ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
Nov 13 02:09:11 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #63: sending encrypted notification BAD_PROPOSAL_SYNTAX to 1.47.105.60:4500
Nov 13 02:09:14 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: the peer proposed: 110.74.223.120/32:17/1701 -> 1.47.105.60/32:17/55958
Nov 13 02:09:14 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #64: ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
Nov 13 02:09:14 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #64: sending encrypted notification BAD_PROPOSAL_SYNTAX to 1.47.105.60:4500
Nov 13 02:09:17 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #59: the peer proposed: 110.74.223.120/32:17/1701 -> 1.47.105.60/32:17/55958
Nov 13 02:09:17 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #65: ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
Nov 13 02:09:17 ipsec pluto[1257]: "abc"[22] 1.47.105.60 #65: sending encrypted notification BAD_PROPOSAL_SYNTAX to 1.47.105.60:4500



the weirdest thing was my terminal at my home both os x and win 7 can connect to my VPN server both NAT and not NAT

please help

Thank you

More information about the Users mailing list