[Openswan Users] Can't connect OS X 10.6 with 2.6.29 (netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory)
Gottfried Haider
gottfried.haider at gmail.com
Thu Oct 14 08:11:56 EDT 2010
Forgot to mention: the setup does work with my Windows XP machine and
Android phone..
On Thu, Oct 14, 2010 at 2:10 PM, Gottfried Haider
<gottfried.haider at gmail.com> wrote:
> Hello all,
>
> I've been unable so far to get a road-warrior IPSEC/L2TP setup with
> PSK working with openswan 2.6.29 (compiled from source), xl2tpd 1.2.0
> and ppp 2.4.5 (both from ubuntu 9.04) on a machine running a 2.6.26
> (debian) kernel.
>
> Log output from both, the server's auth.log and the client's
> system.log is below - if you need any more debug information please
> let me know.
>
> Searching the archives I came across a similar error message that was
> supposedly fixed in 2.6.29, maybe that's related ("initiate on
> demand", August 13)?
>
> kind regards
> Gottfried
>
> -- server --
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> received Vendor ID payload [RFC 3947] method set to=109
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
> to=110
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
> but already using method 110
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but already using method 110
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
> but already using method 110
> Oct 14 11:40:58 escher pluto[1441]: packet from 62.178.23.235:500:
> received Vendor ID payload [Dead Peer Detection]
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: responding to Main Mode from unknown peer 62.178.23.235
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: STATE_MAIN_R1: sent MR1, expecting MI2
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X):
> peer is NATed
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: STATE_MAIN_R2: sent MR2, expecting MI3
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.18'
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[4] 62.178.23.235
> #5: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: new NAT mapping for #5, was 62.178.23.235:500, now
> 62.178.23.235:4500
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
> group=modp1024}
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT
> msgid=00000000
> Oct 14 11:40:58 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: received and ignored informational message
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: the peer proposed: MY_SERVER_IP/32:17/1701 -> 192.168.1.18/32:17/0
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: responding to Quick Mode proposal {msgid:1f6752d0}
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: us: MY_SERVER_IP[+S=C]:17/1701
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: them: 62.178.23.235[192.168.1.18,+S=C]:17/60446===192.168.1.18/32
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting
> QI2
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Oct 14 11:40:59 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #6: STATE_QUICK_R2: IPsec SA established transport mode
> {ESP=>0x014cfe7e <0xecb26338 xfrm=AES_128-HMAC_SHA1 NATOA=none
> NATD=62.178.23.235:4500 DPD=none}
> Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: received Delete SA(0x014cfe7e) payload: deleting IPSEC State #6
> Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: ERROR: netlink XFRM_MSG_DELPOLICY response for flow
> eroute_connection delete included errno 2: No such file or directory
> Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: received and ignored informational message
> Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235
> #5: received Delete SA payload: deleting ISAKMP State #5
> Oct 14 11:41:19 escher pluto[1441]: "L2TP-PSK-NAT"[5] 62.178.23.235:
> deleting connection "L2TP-PSK-NAT" instance with peer 62.178.23.235
> {isakmp=#0/ipsec=#0}
> Oct 14 11:41:19 escher pluto[1441]: packet from 62.178.23.235:4500:
> received and ignored informational message
> -- server --
>
> -- client --
> Oct 14 14:40:57 g-macmini pppd[1237]: L2TP connecting to server
> 'MY_SERVER_NAME' (MY_SERVER_IP)…
> Oct 14 14:40:57 g-macmini pppd[1237]: IPSec connection started
> Oct 14 14:40:57 g-macmini racoon[1240]: Connecting.
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Initiator, Main-Mode message 1).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: receive success.
> (Initiator, Main-Mode message 2).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Initiator, Main-Mode message 3).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: receive success.
> (Initiator, Main-Mode message 4).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Initiator, Main-Mode message 5).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKEv1 Phase1 AUTH: success.
> (Initiator, Main-Mode Message 6).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: receive success.
> (Initiator, Main-Mode message 6).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKEv1 Phase1 Initiator:
> success. (Initiator, Main-Mode).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Information message).
> Oct 14 14:40:57 g-macmini racoon[1240]: IKEv1 Information-Notice:
> transmit success. (ISAKMP-SA).
> Oct 14 14:40:58 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Initiator, Quick-Mode message 1).
> Oct 14 14:40:59 g-macmini racoon[1240]: IKE Packet: receive success.
> (Initiator, Quick-Mode message 2).
> Oct 14 14:40:59 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Initiator, Quick-Mode message 3).
> Oct 14 14:40:59 g-macmini racoon[1240]: IKEv1 Phase2 Initiator:
> success. (Initiator, Quick-Mode).
> Oct 14 14:40:59 g-macmini racoon[1240]: Connected.
> Oct 14 14:40:59 g-macmini pppd[1237]: IPSec connection established
> Oct 14 14:41:19 g-macmini pppd[1237]: L2TP cannot connect to the server
> Oct 14 14:41:19 g-macmini configd[13]: SCNCController: Disconnecting.
> (Connection tried to negotiate for, 22 seconds).
> Oct 14 14:41:19 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Information message).
> Oct 14 14:41:19 g-macmini racoon[1240]: IKEv1 Information-Notice:
> transmit success. (Delete IPSEC-SA).
> Oct 14 14:41:19 g-macmini racoon[1240]: IKE Packet: transmit success.
> (Information message).
> Oct 14 14:41:19 g-macmini racoon[1240]: IKEv1 Information-Notice:
> transmit success. (Delete ISAKMP-SA).
> Oct 14 14:41:20 g-macmini racoon[1240]: Disconnecting. (Connection was
> up for, 21.057561 seconds).
> -- client --
>
More information about the Users
mailing list