[Openswan Users] Openswan 2.4.15: Unsuccessful ipsec connection forces client to wait 5 minutes before reconnecting

Lukas Orlowski LukeO at partyheld.de
Mon Sep 13 17:44:14 EDT 2010

Dear Community

I'm currently in the process of setting up a IPSEC/L2TP connection between a natted Openswan server and (most likely) natted Windows XP Users connection with the Microsoft Client using Ipsec/L2tp. I'm using openswan 2.4.15 on kernel 2.6.34 with netkey.

I have a strange problem. I am able to create an ipsec connection:

pluto[14614]: "WinXP-L2tp"[2] <CLIENTIP> #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x04a8adff <0x07de6b08 xfrm=3DES_0-HMAC_MD5 NATD=<CLIENTIP>:37588 DPD=none}

The xl2tpd should take over now, which it doesn't, so the connection times out. Now I'm unable to reestablish the ipsec connection! All I get is:

pluto[14614]: packet from <CLIENTIP>:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
pluto[14614]: packet from <CLIENTIP>:500: ignoring Vendor ID payload [FRAGMENTATION]
pluto[14614]: packet from <CLIENTIP>:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
pluto[14614]: packet from <CLIENTIP>:500: ignoring Vendor ID payload [Vid-Initial-Contact]
pluto[14614]: "l2tp"[6] <CLIENTIP> #49: responding to Main Mode from unknown peer <CLIENTIP>
pluto[14614]: "l2tp"[6] <CLIENTIP> #49: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
pluto[14614]: "l2tp"[6] <CLIENTIP> #49: STATE_MAIN_R1: sent MR1, expecting MI2

which keeps on looping until I leave it alone for aprox 5 minutes. Then I get another single chance to get my ipsec connection up and running.

ipsec whack --delete --name <name>
followed by restarting pluto does not help. Restarting Windows doesn't help either. Did I create a dangling connection? How du I purge it?

Best regards


More information about the Users mailing list