[Openswan Users] lt2p ipsec vpn does not connect. Cannot find whats wrong.

JP CR jprollerskate at hotmail.com
Mon Jan 3 22:24:26 EST 2011 






Paul, thanks for the reply.. i appreciate you trying to help me.

> Are you running with protostack=mast and a kernel with SAREF patches?
> (see ipsec verify)

This is my ipsec verify

Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.31/K2.6.32-309-ec2 (netkey)
Checking for IPsec support in kernel                            [OK]
SAref kernel support                                            [N/A]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking that pluto is running                                  [OK]
Pluto listening for IKE on udp 500                              [OK]
Pluto listening for NAT-T on udp 4500                           [OK]
Two or more interfaces found, checking IP forwarding            [FAILED]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


> If not, you MUST set ipsec saref = no or else all your packets will fail.

Iam guessing the NA means that iam not running a kernel with such patches... even though I tried setting ipsec saref = no and I still cannot establish the l2tp connection. Below is the output of auth.log



Jan  4 03:10:46 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: responding to Main Mode from unknown peer 56.199.62.74
Jan  4 03:10:46 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  4 03:10:46 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: STATE_MAIN_R1: sent MR1, expecting MI2
Jan  4 03:10:46 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Jan  4 03:10:46 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  4 03:10:46 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: STATE_MAIN_R2: sent MR2, expecting MI3
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: Main mode peer ID is ID_FQDN: '@JP1'
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: new NAT mapping for #55, was 56.199.62.74:500, now 56.199.62.74:4500
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: peer client type is FQDN
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: Applying workaround for MS-818043 NAT-T bug
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: IDci was FQDN: 2\020\205\356, using NAT_OA=192.170.1.3/32 0 as IDci
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: the peer proposed: 194.15.13.23/32:17/1701 -> 192.170.1.3/32:17/1701
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: responding to Quick Mode proposal {msgid:e6efdf09}
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56:     us: 10.194.5.212<10.194.5.212>[+S=C]:17/1701
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56:   them: 56.199.62.74[@JP1,+S=C]:17/1701===192.170.1.3/32
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: keeping refhim=4294901761 during rekey
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #43: received Delete SA payload: deleting ISAKMP State #43
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: netlink_raw_eroute: WARNING: that_client port 0 and that_host port 4500 don't match. Using that_client port.
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #56: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xae4ae36d <0xfa61537c xfrm=3DES_0-HMAC_MD5 NATOA=192.170.1.3 NATD=56.199.62.74:4500 DPD=none}
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: responding to Main Mode from unknown peer 56.199.62.74
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  4 03:10:47 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: STATE_MAIN_R1: sent MR1, expecting MI2
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: STATE_MAIN_R2: sent MR2, expecting MI3
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: Main mode peer ID is ID_FQDN: '@JP1'
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: new NAT mapping for #57, was 56.199.62.74:500, now 56.199.62.74:4500
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: peer client type is FQDN
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: Applying workaround for MS-818043 NAT-T bug
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: IDci was FQDN: 2\020\205\356, using NAT_OA=192.170.1.3/32 0 as IDci
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: the peer proposed: 194.15.13.23/32:17/1701 -> 192.170.1.3/32:17/1701
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: responding to Quick Mode proposal {msgid:ca7d2499}
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58:     us: 10.194.5.212<10.194.5.212>[+S=C]:17/1701
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58:   them: 56.199.62.74[@JP1,+S=C]:17/1701===192.170.1.3/32
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: keeping refhim=4294901761 during rekey
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #45: received Delete SA payload: deleting ISAKMP State #45
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: netlink_raw_eroute: WARNING: that_client port 0 and that_host port 4500 don't match. Using that_client port.
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #58: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x24ac6268 <0x531a4a93 xfrm=3DES_0-HMAC_MD5 NATOA=192.170.1.3 NATD=56.199.62.74:4500 DPD=none}
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #59: responding to Main Mode from unknown peer 56.199.62.74
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #59: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #59: STATE_MAIN_R1: sent MR1, expecting MI2
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: received Delete SA(0x24ac6268) payload: deleting IPSEC State #58
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: received Delete SA(0xae4ae36d) payload: deleting IPSEC State #56
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #53: received Delete SA(0xde18d781) payload: deleting IPSEC State #54
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #53: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #51: received Delete SA(0x096753c6) payload: deleting IPSEC State #52
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #51: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #49: received Delete SA(0xe35d8e07) payload: deleting IPSEC State #50
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #49: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #57: received Delete SA payload: deleting ISAKMP State #57
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: ignoring Delete SA payload: not encrypted
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #55: received Delete SA payload: deleting ISAKMP State #55
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #53: received Delete SA payload: deleting ISAKMP State #53
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #51: received Delete SA payload: deleting ISAKMP State #51
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #49: received Delete SA payload: deleting ISAKMP State #49
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #47: received Delete SA payload: deleting ISAKMP State #47
Jan  4 03:10:48 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: received and ignored informational message
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xf2428ff5
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1faa46de
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xcb6faf8f
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x47798c53
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xcefef2d2
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xdb951f6a
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xa8f0a3e2
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x3b64c29c
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x8f802347
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x02dd7b5b
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x6c0ccb4c
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xdd64f87a
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x5c4acc01
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x843a42b2
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x5500dc81
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x377e3b98
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x133c5de7
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x74191d82
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x72caa241
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x6b9466c1
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1d94d969
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xc04a1c2f
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xda56486a
Jan  4 03:10:49 ip-10-194-5-212 pluto[14739]: packet from 56.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x9b8f405f
Jan  4 03:11:58 ip-10-194-5-212 pluto[14739]: "L2TP-PSK-NAT"[2] 56.199.62.74 #59: max number of retransmissions (2) reached STATE_MAIN_R1

Gunther
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110104/4085e0de/attachment-0001.html

More information about the Users mailing list