[Openswan Users] [SPAM-HEADER -] - IPsec+L2TP connects the first time. Then doesn't...
Pascal Fuks
Pascal at financial-art.be
Tue Jan 11 01:52:15 EST 2011
Hello,
I was able to solve this part of my issues with dead peer detection...
Add the following lines to your L2TP-PSK-noNAT connection and restart
OpenSwan
dpddelay=40
dpdtimeout=130
dpdaction=clear
Reagrds
Pascal Fuks
Network & Security Consultant,
CEO / Administrateur délégué,
Tel. : +32 2 387 08 00
Fax : +32 2 387 07 06
Email : pascal at financial-art.be
IM: pascal at financial-art (MSN)
Free/Busy Time: http://tinyurl.com/pfukscal
<http://www.financial-art.be/>
www.financial-art.be <http://www.financial-art.be/>
Avant d¹imprimer cet email, réfléchissez à l¹impact sur l¹environnement.
Please consider the environment before printing this mail.
On 04/01/11 22:36, "Jai Dhar" <jdhar at fps-tech.net> wrote:
>I seem to be having this same issue, outlined in this thread
>(http://lists.openswan.org/pipermail/users/2010-September/019380.html),
>but I'm using the latest Openswan / xl2tpd versions built from source.
>
>I'm connecting with an iPad client, and have the following (relevant)
>configuration options set:
>
>ipsec.conf:
>
>conn L2TP-PSK-NAT
> rightsubnet=vhost:%priv,%no
> also=L2TP-PSK-noNAT
>
>conn L2TP-PSK-noNAT
> authby=secret
> pfs=no
> auto=add
> keyingtries=3
> rekey=no
> ikelifetime=8h
> keylife=1h
> type=transport
> left=192.168.1.200
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/0
>
>I did try rightprotoport=17/%any and it did the same thing
>
>For xl2tpd.conf:
>
>[global]
>;ipsec saref = yes
>debug avp = no
>debug network = no
>debug packet = no
>debug state = no
>debug tunnel = yes
>; listen-addr = 192.168.1.98
>;
>; requires openswan-2.5.18 or higher - Also does not yet work in
>combination
>; with kernel mode l2tp as present in linux 2.6.23+
>; ipsec saref = yes
>; forceuserspace = yes
>;
>;debug tunnel = yes
>
>[lns default]
>ip range = 10.1.2.2-10.1.2.255
>local ip = 10.1.2.1
>require chap = yes
>refuse pap = yes
>require authentication = yes
>name = LinuxVPNserver
>ppp debug = yes
>pppoptfile = /etc/ppp/options.xl2tpd
>length bit = yes
>
>I can connect the first time, but then need to restart ipsec to
>connect again. For now, I have worked around this by restart ipsec in
>ip-down.d for ppp, but this is obviously a bad solution.
>
>Here is my syslog and auth.log when I connect:
>
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [RFC 3947] method set to=109
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
>to=110
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
>but already using method 110
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
>but already using method 110
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
>but already using method 110
>Jan 4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [Dead Peer Detection]
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>responding to Main Mode from unknown peer 192.168.1.1
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>STATE_MAIN_R1: sent MR1, expecting MI2
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
>are NATed
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>STATE_MAIN_R2: sent MR2, expecting MI3
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>ignoring informational payload, type IPSEC_INITIAL_CONTACT
>msgid=00000000
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>Main mode peer ID is ID_IPV4_ADDR: '192.168.1.109'
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
>switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
>deleting connection "L2TP-PSK-NAT" instance with peer 192.168.1.1
>{isakmp=#0/ipsec=#0}
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
>transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
>new NAT mapping for #1, was 192.168.1.1:500, now 192.168.1.1:4500
>Jan 4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
>STATE_MAIN_R3: sent MR3, ISAKMP SA established
>{auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
>group=modp1024}
>
>==> /var/log/syslog <==
>Jan 4 13:33:27 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 61452.
>
>==> /var/log/auth.log <==
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
>the peer proposed: 24.6.221.176/32:17/1701 -> 192.168.1.109/32:17/0
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
>responding to Quick Mode proposal {msgid:bc0427c3}
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
> us: 192.168.1.200<192.168.1.200>[+S=C]:17/1701
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
> them: 192.168.1.1[192.168.1.109,+S=C]:17/0===192.168.1.109/32
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
>transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
>STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
>netlink_raw_eroute: WARNING: that_client port 61452 and that_host port
>4500 don't match. Using that_client port.
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
>transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>Jan 4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
>STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0661b379
><0x61228e2e xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=192.168.1.1:4500
>DPD=none}
>
>==> /var/log/syslog <==
>Jan 4 13:33:29 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>27588
>Jan 4 13:33:29 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 61452.
>Jan 4 13:33:29 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 32 twice, ignoring second one.
>Jan 4 13:33:29 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>31065
>Jan 4 13:33:29 viammc xl2tpd[13917]: Connection established to
>192.168.1.1, 61452. Local: 61572, Remote: 32 (ref=0/0). LNS session
>is 'default'
>Jan 4 13:33:29 viammc xl2tpd[13917]: start_pppd: I'm running:
>Jan 4 13:33:29 viammc xl2tpd[13917]: "/usr/sbin/pppd"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "passive"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "nodetach"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "10.1.2.1:10.1.2.2"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "refuse-pap"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "auth"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "require-chap"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "name"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "LinuxVPNserver"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "debug"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "file"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "/etc/ppp/options.xl2tpd"
>Jan 4 13:33:29 viammc xl2tpd[13917]: "/dev/pts/2"
>Jan 4 13:33:29 viammc pppd[15193]: pppd 2.4.4 started by root, uid 0
>Jan 4 13:33:29 viammc pppd[15193]: using channel 12
>Jan 4 13:33:29 viammc pppd[15193]: Using interface ppp0
>Jan 4 13:33:29 viammc pppd[15193]: Connect: ppp0 <--> /dev/pts/2
>Jan 4 13:33:29 viammc pppd[15193]: sent [LCP ConfReq id=0x1 <mru
>1410> <asyncmap 0x0> <auth chap MD5> <magic 0x2ba86c5e> <pcomp>
><accomp>]
>Jan 4 13:33:29 viammc xl2tpd[13917]: Call established with
>192.168.1.1, Local: 34785, Remote: 1704, Serial: 1
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [LCP ConfReq id=0x1 <asyncmap
>0x0> <magic 0x239fcced> <pcomp> <accomp>]
>Jan 4 13:33:29 viammc pppd[15193]: sent [LCP ConfAck id=0x1 <asyncmap
>0x0> <magic 0x239fcced> <pcomp> <accomp>]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [LCP ConfAck id=0x1 <mru
>1410> <asyncmap 0x0> <auth chap MD5> <magic 0x2ba86c5e> <pcomp>
><accomp>]
>Jan 4 13:33:29 viammc pppd[15193]: sent [LCP EchoReq id=0x0
>magic=0x2ba86c5e]
>Jan 4 13:33:29 viammc pppd[15193]: sent [CHAP Challenge id=0x9b
><36d3f77cf1d3bd7602b79ee47d6c7fa95c9288e5>, name = "LinuxVPNserver"]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [LCP EchoReq id=0x0
>magic=0x239fcced]
>Jan 4 13:33:29 viammc pppd[15193]: sent [LCP EchoRep id=0x0
>magic=0x2ba86c5e]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [LCP EchoRep id=0x0
>magic=0x239fcced]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [CHAP Response id=0x9b
><29c1e83cb7a4df5ade8cc8209ed0cd6c>, name = "jdhar"]
>Jan 4 13:33:29 viammc pppd[15193]: sent [CHAP Success id=0x9b "Access
>granted"]
>Jan 4 13:33:29 viammc pppd[15193]: sent [IPCP ConfReq id=0x1
><compress VJ 0f 01> <addr 10.1.2.1>]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfReq id=0x1 <addr
>0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
>Jan 4 13:33:29 viammc pppd[15193]: sent [IPCP ConfNak id=0x1 <addr
>10.1.2.2> <ms-dns1 192.168.1.1> <ms-dns3 192.168.1.3>]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [IPV6CP ConfReq id=0x1 <addr
>fe80::002a:ac43:6e85:5a1c>]
>Jan 4 13:33:29 viammc pppd[15193]: Unsupported protocol 'IPv6 Control
>Protovol' (0x8057) received
>Jan 4 13:33:29 viammc pppd[15193]: sent [LCP ProtRej id=0x2 80 57 01
>01 00 0e 01 0a 00 2a ac 43 6e 85 5a 1c]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfRej id=0x1
><compress VJ 0f 01>]
>Jan 4 13:33:29 viammc pppd[15193]: sent [IPCP ConfReq id=0x2 <addr
>10.1.2.1>]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfReq id=0x2 <addr
>10.1.2.2> <ms-dns1 192.168.1.1> <ms-dns3 192.168.1.3>]
>Jan 4 13:33:29 viammc pppd[15193]: sent [IPCP ConfAck id=0x2 <addr
>10.1.2.2> <ms-dns1 192.168.1.1> <ms-dns3 192.168.1.3>]
>Jan 4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfAck id=0x2 <addr
>10.1.2.1>]
>Jan 4 13:33:29 viammc pppd[15193]: Cannot determine ethernet address
>for proxy ARP
>Jan 4 13:33:29 viammc pppd[15193]: local IP address 10.1.2.1
>Jan 4 13:33:29 viammc pppd[15193]: remote IP address 10.1.2.2
>Jan 4 13:33:29 viammc pppd[15193]: Script /etc/ppp/ip-up started (pid
>15195)
>Jan 4 13:33:29 viammc pppd[15193]: Script /etc/ppp/ip-up finished
>(pid 15195), status = 0x0
>
>...and then when I disconnect....
>
>Jan 4 13:34:52 viammc pppd[15193]: rcvd [LCP TermReq id=0x2 "User
>request"]
>Jan 4 13:34:52 viammc pppd[15193]: LCP terminated by peer (User request)
>Jan 4 13:34:52 viammc pppd[15193]: Connect time 1.4 minutes.
>Jan 4 13:34:52 viammc pppd[15193]: Sent 0 bytes, received 1450 bytes.
>Jan 4 13:34:52 viammc pppd[15193]: Script /etc/ppp/ip-down started (pid
>15209)
>Jan 4 13:34:52 viammc pppd[15193]: sent [LCP TermAck id=0x2]
>Jan 4 13:34:52 viammc pppd[15193]: Script /etc/ppp/ip-down finished
>(pid 15209), status = 0x0
>Jan 4 13:34:52 viammc xl2tpd[13917]: result_code_avp: result code out
>of range (768 0 14). Ignoring.
>Jan 4 13:34:52 viammc xl2tpd[13917]: control_finish: Peer tried to
>disconnect without specifying result code.
>Jan 4 13:34:52 viammc xl2tpd[13917]: network_thread: bad packet
>Jan 4 13:34:52 viammc xl2tpd[13917]: result_code_avp: result code out
>of range (256 0 14). Ignoring.
>Jan 4 13:34:52 viammc xl2tpd[13917]: control_finish: Peer tried to
>disconnect without specifying result code.
>Jan 4 13:34:52 viammc xl2tpd[13917]: network_thread: bad packet
>Jan 4 13:34:55 viammc pppd[15193]: Connection terminated.
>Jan 4 13:34:55 viammc pppd[15193]: Modem hangup
>Jan 4 13:34:55 viammc pppd[15193]: Exit.
>Jan 4 13:34:55 viammc xl2tpd[13917]: child_handler : pppd exited for
>call 1704 with code 16
>Jan 4 13:34:55 viammc xl2tpd[13917]: call_close: Call 34785 to
>192.168.1.1 disconnected
>Jan 4 13:35:00 viammc xl2tpd[13917]: Maximum retries exceeded for
>tunnel 61572. Closing.
>
>
>....and finally, a failed reconnect....
>
>==> /var/log/auth.log <==
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [RFC 3947] method set to=109
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
>to=110
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
>but already using method 110
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
>but already using method 110
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
>but already using method 110
>Jan 4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
>received Vendor ID payload [Dead Peer Detection]
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>responding to Main Mode from unknown peer 192.168.1.1
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>STATE_MAIN_R1: sent MR1, expecting MI2
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
>are NATed
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>STATE_MAIN_R2: sent MR2, expecting MI3
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>ignoring informational payload, type IPSEC_INITIAL_CONTACT
>msgid=00000000
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>Main mode peer ID is ID_IPV4_ADDR: '192.168.1.109'
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>new NAT mapping for #3, was 192.168.1.1:500, now 192.168.1.1:4500
>Jan 4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>STATE_MAIN_R3: sent MR3, ISAKMP SA established
>{auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
>group=modp1024}
>
>==> /var/log/syslog <==
>Jan 4 13:35:25 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>
>==> /var/log/auth.log <==
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
>the peer proposed: 24.6.221.176/32:17/1701 -> 192.168.1.109/32:17/0
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>responding to Quick Mode proposal {msgid:6d00f490}
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
> us: 192.168.1.200<192.168.1.200>[+S=C]:17/1701
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
> them: 192.168.1.1[192.168.1.109,+S=C]:17/0===192.168.1.109/32
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>keeping refhim=4294901761 during rekey
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>netlink_raw_eroute: WARNING: that_client port 61452 and that_host port
>4500 don't match. Using that_client port.
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>Jan 4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
>STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x081c2aa5
><0x86a2d7d1 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=192.168.1.1:4500
>DPD=none}
>
>==> /var/log/syslog <==
>Jan 4 13:35:27 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>61572
>Jan 4 13:35:27 viammc xl2tpd[13917]: Terminating pppd: sending TERM
>signal to pid 15193
>Jan 4 13:35:27 viammc xl2tpd[13917]: Connection 32 closed to
>192.168.1.1, port 61452 (Timeout)
>Jan 4 13:35:27 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>Jan 4 13:35:27 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 33 twice, ignoring second one.
>Jan 4 13:35:27 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>18215
>Jan 4 13:35:28 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>Jan 4 13:35:28 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 33 twice, ignoring second one.
>Jan 4 13:35:28 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>44552
>Jan 4 13:35:32 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>Jan 4 13:35:32 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 33 twice, ignoring second one.
>Jan 4 13:35:32 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>2676
>Jan 4 13:35:32 viammc xl2tpd[13917]: Maximum retries exceeded for
>tunnel 20370. Closing.
>Jan 4 13:35:32 viammc xl2tpd[13917]: Unable to deliver closing
>message for tunnel 61572. Destroying anyway.
>Jan 4 13:35:36 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>Jan 4 13:35:36 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 33 twice, ignoring second one.
>Jan 4 13:35:36 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>35916
>Jan 4 13:35:36 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>20370
>Jan 4 13:35:36 viammc xl2tpd[13917]: Connection 33 closed to
>192.168.1.1, port 56429 (Timeout)
>Jan 4 13:35:36 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>61572
>Jan 4 13:35:40 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>Jan 4 13:35:40 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 33 twice, ignoring second one.
>Jan 4 13:35:40 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>30674
>Jan 4 13:35:41 viammc xl2tpd[13917]: Unable to deliver closing
>message for tunnel 20370. Destroying anyway.
>Jan 4 13:35:44 viammc xl2tpd[13917]: get_call: allocating new tunnel
>for host 192.168.1.1, port 56429.
>Jan 4 13:35:44 viammc xl2tpd[13917]: control_finish: Peer requested
>tunnel 33 twice, ignoring second one.
>Jan 4 13:35:44 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>64485
>Jan 4 13:35:44 viammc xl2tpd[13917]: build_fdset: closing down tunnel
>20370
>
>
>Running "sudo ipsec auto --status |grep template" gives nothing. Any
>ideas?
>
>Thanks,
>
>--
>Jai Dhar
>FPS-Tech, Santa Clara, CA
>Web: http://www.fps-tech.net
>Phone: 408-982-7407
>_______________________________________________
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>Building and Integrating Virtual Private Networks with Openswan:
>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
**** DISCLAIMER ****
"This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above.
Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer".
Thank you for your cooperation.
* This e-mail was scanned against known viruses by MDaemon-DKAV
More information about the Users
mailing list