[Openswan Users] lt2p ipsec vpn does not connect. Cannot find whats wrong.
JP CR
jprollerskate at hotmail.com
Mon Jan 3 14:59:59 EST 2011
Hello Paul,
I have upgraded to the openswan version 2.6.31 as you suggested.
> I dont see any mru/mtu options in here? Please look at
> the sample that came with xl2tpd and use that as much
> as possible.
>
> You actually didnt post /etc/xl2tpd/xl2tpd.conf
cat /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.194.5.212
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
Also... while I was doing tests and reconfiguring with this version... I ran a test before actually installing xl2tpd and just invoking an ipsec connection with my windows client. Normally when I did this exact text on my home server (same lan) I would just get 1 try and then the IPSEC establishment confirmation and nothing after that. Interesting enough in the server I get the IPsec establishment and then many many tries of the same... so its pretty much the same output with NO xl2tp.. which leads me to believe the problem is on ipsec.
Here is the outpout of that test:
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: responding to Main Mode from unknown peer 145.356.62.74
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: STATE_MAIN_R1: sent MR1, expecting MI2
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: STATE_MAIN_R2: sent MR2, expecting MI3
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: Main mode peer ID is ID_FQDN: '@JP1'
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: new NAT mapping for #104, was 145.356.62.74:500, now 145.356.62.74:4500
Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: peer client type is FQDN
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: Applying workaround for MS-818043 NAT-T bug
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: IDci was FQDN: 2\020\205\356, using NAT_OA=192.170.1.3/32 0 as IDci
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: the peer proposed: 123.16.133.238/32:17/1701 -> 192.170.1.3/32:17/1701
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: responding to Quick Mode proposal {msgid:5e03ecee}
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: us: 10.194.5.212<10.194.5.212>[+S=C]:17/1701
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: them: 145.356.62.74[@JP1,+S=C]:17/1701===192.170.1.3/32
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: keeping refhim=4294901761 during rekey
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #92: received Delete SA payload: deleting ISAKMP State #92
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: netlink_raw_eroute: WARNING: that_client port 0 and that_host port 4500 don't match. Using that_client port.
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xed0da1c2 <0xc877b36b xfrm=3DES_0-HMAC_MD5 NATOA=192.170.1.3 NATD=145.356.62.74:4500 DPD=none}
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: responding to Main Mode from unknown peer 145.356.62.74
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: STATE_MAIN_R1: sent MR1, expecting MI2
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: STATE_MAIN_R2: sent MR2, expecting MI3
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: received Delete SA(0xed0da1c2) payload: deleting IPSEC State #105
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #102: received Delete SA(0x63f10221) payload: deleting IPSEC State #103
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #102: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #100: received Delete SA(0x43cab8f8) payload: deleting IPSEC State #101
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #100: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #98: received Delete SA(0x0c1e06a2) payload: deleting IPSEC State #99
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #98: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #96: received Delete SA(0xe46a5c07) payload: deleting IPSEC State #97
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #96: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #94: received Delete SA(0x0eca1c27) payload: deleting IPSEC State #95
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #94: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xd372f3da
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xccc8a7e6
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x7e8ad2ea
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xe011fc68
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x0e88551a
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xc0c3f66b
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x2a93bede
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xdb6f4674
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xe13dfd1a
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x7d4531a9
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x16a779fa
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x19d04ff7
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x418e977e
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x878a1ecd
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x89f7a47b
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x65278311
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1405bd6b
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1e16bb72
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x72157811
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: Main mode peer ID is ID_FQDN: '@JP1'
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: new NAT mapping for #106, was 145.356.62.74:500, now 145.356.62.74:4500
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: next payload type of ISAKMP Hash Payload has an unknown value: 183
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: malformed payload in packet
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: | payload malformed after IV
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: | d4 07 93 92 be b5 e8 51
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: sending notification PAYLOAD_MALFORMED to 145.356.62.74:4500
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: received Delete SA payload: deleting ISAKMP State #104
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #102: received Delete SA payload: deleting ISAKMP State #102
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #100: received Delete SA payload: deleting ISAKMP State #100
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #98: received Delete SA payload: deleting ISAKMP State #98
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #96: received Delete SA payload: deleting ISAKMP State #96
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #94: received Delete SA payload: deleting ISAKMP State #94
Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message
Gunther
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110103/fb2f33c2/attachment-0001.html
More information about the Users
mailing list