[Openswan Users] Can't connect OS X 10.6 with 2.6.29 (netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory)
Gottfried Haider
gottfried.haider at gmail.com
Thu Oct 14 08:10:47 EDT 2010
Hello all,
I've been unable so far to get a road-warrior IPSEC/L2TP setup with
PSK working with openswan 2.6.29 (compiled from source), xl2tpd 1.2.0
and ppp 2.4.5 (both from ubuntu 9.04) on a machine running a 2.6.26
(debian) kernel.
Log output from both, the server's auth.log and the client's
system.log is below - if you need any more debug information please
let me know.
Searching the archives I came across a similar error message that was
supposedly fixed in 2.6.29, maybe that's related ("initiate on
demand", August 13)?
kind regards
Gottfried
-- server --
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 110
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 110
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
received Vendor ID payload [Dead Peer Detection]
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: responding to Main Mode from unknown peer 62.178.23.235
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X):
peer is NATed
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.18'
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
#5: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: new NAT mapping for #5, was 62.178.23.235:500, now
62.178.23.235:4500
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: ignoring informational payload, type IPSEC_INITIAL_CONTACT
msgid=00000000
Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: received and ignored informational message
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: the peer proposed: MY_SERVER_IP/32:17/1701 -> 192.168.1.18/32:17/0
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: responding to Quick Mode proposal {msgid:1f6752d0}
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: us: MY_SERVER_IP[+S=C]:17/1701
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: them: 62.178.23.235[192.168.1.18,+S=C]:17/60446===192.168.1.18/32
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting
QI2
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#6: STATE_QUICK_R2: IPsec SA established transport mode
{ESP=>0x014cfe7e <0xecb26338 xfrm=AES_128-HMAC_SHA1 NATOA=none
NATD=62.178.23.235:4500 DPD=none}
Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: received Delete SA(0x014cfe7e) payload: deleting IPSEC State #6
Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: ERROR: netlink XFRM_MSG_DELPOLICY response for flow
eroute_connection delete included errno 2: No such file or directory
Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: received and ignored informational message
Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
#5: received Delete SA payload: deleting ISAKMP State #5
Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235:
deleting connection "L2TP-PSK-NAT" instance with peer 62.178.23.235
{isakmp=#0/ipsec=#0}
Oct 14 11:41:19 escher pluto[1441]: packet from 62.178.23.235:4500:
received and ignored informational message
-- server --
-- client --
Oct 14 14:40:57 g-macmini pppd[1237]: L2TP connecting to server
'MY_SERVER_NAME' (MY_SERVER_IP)…
Oct 14 14:40:57 g-macmini pppd[1237]: IPSec connection started
Oct 14 14:40:57 g-macmini racoon[1240]: Connecting.
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
(Initiator, Main-Mode message 1).
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: receive success.
(Initiator, Main-Mode message 2).
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
(Initiator, Main-Mode message 3).
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: receive success.
(Initiator, Main-Mode message 4).
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
(Initiator, Main-Mode message 5).
Oct 14 14:40:57 g-macmini racoon[1240]: IKEv1 Phase1 AUTH: success.
(Initiator, Main-Mode Message 6).
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: receive success.
(Initiator, Main-Mode message 6).
Oct 14 14:40:57 g-macmini racoon[1240]: IKEv1 Phase1 Initiator:
success. (Initiator, Main-Mode).
Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
(Information message).
Oct 14 14:40:57 g-macmini racoon[1240]: IKEv1 Information-Notice:
transmit success. (ISAKMP-SA).
Oct 14 14:40:58 g-macmini racoon[1240]: IKE Packet: transmit success.
(Initiator, Quick-Mode message 1).
Oct 14 14:40:59 g-macmini racoon[1240]: IKE Packet: receive success.
(Initiator, Quick-Mode message 2).
Oct 14 14:40:59 g-macmini racoon[1240]: IKE Packet: transmit success.
(Initiator, Quick-Mode message 3).
Oct 14 14:40:59 g-macmini racoon[1240]: IKEv1 Phase2 Initiator:
success. (Initiator, Quick-Mode).
Oct 14 14:40:59 g-macmini racoon[1240]: Connected.
Oct 14 14:40:59 g-macmini pppd[1237]: IPSec connection established
Oct 14 14:41:19 g-macmini pppd[1237]: L2TP cannot connect to the server
Oct 14 14:41:19 g-macmini configd[13]: SCNCController: Disconnecting.
(Connection tried to negotiate for, 22 seconds).
Oct 14 14:41:19 g-macmini racoon[1240]: IKE Packet: transmit success.
(Information message).
Oct 14 14:41:19 g-macmini racoon[1240]: IKEv1 Information-Notice:
transmit success. (Delete IPSEC-SA).
Oct 14 14:41:19 g-macmini racoon[1240]: IKE Packet: transmit success.
(Information message).
Oct 14 14:41:19 g-macmini racoon[1240]: IKEv1 Information-Notice:
transmit success. (Delete ISAKMP-SA).
Oct 14 14:41:20 g-macmini racoon[1240]: Disconnecting. (Connection was
up for, 21.057561 seconds).
-- client --
More information about the Users
mailing list