[Openswan Users] Trouble with OpenSwan and xl2tpd
tim marks
tsmarks at gmail.com
Fri Jan 14 00:03:42 EST 2011
I did the same thing!
http://www.linuxforums.org/forum/networking/171501-solved-opens-wan-ipsec-l2tp.html
<http://www.linuxforums.org/forum/networking/171501-solved-opens-wan-ipsec-l2tp.html>There
is my fix.
Tim
On Tue, Jan 11, 2011 at 9:02 AM, Pascal Fuks <Pascal at financial-art.be>wrote:
> Hello,
> I did manage to make it work with my iPad and my Mac (working configuration
> below). But I can't make it work from a Windows 7 computer… Any idea???
>
> l2tp:~# cat /etc/ipsec.conf
> config setup
> interfaces="%defaultroute"
> protostack=netkey
> OE=off
> nat_traversal=yes
> virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.31.135.0/24
> uniqueids=yes
>
> conn L2TP-PSK-NAT
> overlapip=yes
> rightsubnet=vhost:%priv
> also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
> authby=secret
> pfs=no
> auto=add
> keyingtries=3
> rekey=no
> ikelifetime=8h
> keylife=1h
> type=transport
> #sareftrack=yes
> #overlapip=yes
> left=x.y.z.a
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/%any
> rightid=%any
> forceencaps=yes
> dpddelay=40
> dpdtimeout=130
> dpdaction=clear
>
>
> l2tp:~# cat /etc/xl2tpd/xl2tpd.conf
> [global]
>
> [lns default]
> ip range = 10.31.135.2-10.31.135.250
> local ip = 10.31.135.1
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = l2tpsvr
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
>
>
> l2tp:~# cat /etc/ppp/options.xl2tpd
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns x.y.z.a
> ms-dns b.c.d.e
> noccp
> auth
> crtscts
> idle 1800
> mtu 1200
> mru 1200
> nodefaultroute
> #debug
> lock
> proxyarp
> connect-delay 5000
>
>
> Pascal Fuks
> Network & Security Consultant,
> CEO / Administrateur délégué,
>
> Tel. : +32 2 387 08 00
> Fax : +32 2 387 07 06
> Email : pascal at financial-art.be
> IM: pascal at financial-art (MSN)
> Free/Busy Time: http://tinyurl.com/pfukscal
>
> <http://www.financial-art.be/>
> www.financial-art.be
> Avant d’imprimer cet email, réfléchissez à l’impact sur l’environnement.
> Please consider the environment before printing this mail.
>
>
>
> From: Pascal Fuks <pascal at financial-art.be>
> Date: Tue, 11 Jan 2011 15:57:28 +0100
> To: users <users at openswan.org>
> Cc: <fjctlzy at gmail.com>
>
> Subject: Re: [Openswan Users] Trouble with OpenSwan and xl2tpd
>
> l2tp:~# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan 2.6.32 (klips)
> Checking for IPsec support in kernel [OK]
> KLIPS: checking for NAT Traversal support [OK]
> KLIPS: checking for OCF crypto offload support [N/A]
> SAref kernel support [N/A]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is not /bin/dash [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
>
> Pascal Fuks
> Network & Security Consultant,
> CEO / Administrateur délégué,
>
> Tel. : +32 2 387 08 00
> Fax : +32 2 387 07 06
> Email : pascal at financial-art.be
> IM: pascal at financial-art (MSN)
> Free/Busy Time: http://tinyurl.com/pfukscal
>
> <http://www.financial-art.be/>
> www.financial-art.be
> Avant d’imprimer cet email, réfléchissez à l’impact sur l’environnement.
> Please consider the environment before printing this mail.
>
>
>
> From: Spacelee
> Date: Tue, 11 Jan 2011 14:41:46 +0800
> To: Pascal Fuks <pascal at financial-art.be>
> Subject: Re: [Openswan Users] Trouble with OpenSwan and xl2tpd
>
> what's the result of ipsec verify
>
> On Tue, Jan 11, 2011 at 2:43 PM, Pascal Fuks <Pascal at financial-art.be>wrote:
>
>> Hello,
>> In fact I never see the pppd program starting.
>> Does anybody have any idea on what I should do?
>> Regards
>>
>> Pascal Fuks
>> Network & Security Consultant,
>> CEO / Administrateur délégué,
>>
>> Tel. : +32 2 387 08 00
>> Fax : +32 2 387 07 06
>> Email : pascal at financial-art.be
>> IM: pascal at financial-art (MSN)
>> Free/Busy Time: http://tinyurl.com/pfukscal
>>
>> <http://www.financial-art.be/>
>> www.financial-art.be
>> Avant d’imprimer cet email, réfléchissez à l’impact sur l’environnement.
>> Please consider the environment before printing this mail.
>>
>>
>>
>> From: Pascal Fuks <pascal at financial-art.be>
>> Date: Mon, 10 Jan 2011 10:17:17 +0100
>> To: <users at openswan.org>
>> Subject: Trouble with OpenSwan and xl2tpd
>>
>> Hello,
>> I'm trying to set up a tunnel from an iPad to a Linux Box xl2tpd server
>> (attached to the network)
>> - Debian 5.0.7
>> - kernel 2.6.26-2-xen-amd64
>> - self compiled version of Linux Openswan 2.6.32 (klips)
>> - self compiled version 1.2.7 of xl2tpd (but strangely reporting xl2tpd
>> version xl2tpd-1.2.6)
>> - debian pppd version 2.4.4
>> - eth0 = mypublicip (X.y.z.a)
>> - dummy0 = myprivateip (10.31.135.254) - testbox
>>
>> Ipsec tunnel is up without any trouble…. (so ipsec.secrets is ok)
>> But l2tp never worked
>>
>>
>> **************
>> /etc/ipsec.conf
>> **************
>> config setup
>> interfaces="%defaultroute"
>> protostack=klips
>> OE=off
>> nat_traversal=yes
>> virtual_private=%v4:
>> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.31.135.0/24
>> interfaces="ipsec0=eth0"
>>
>> conn L2TP-PSK-NAT
>> rightsubnet=vhost:%priv
>> also=L2TP-PSK-noNAT
>>
>> conn L2TP-PSK-noNAT
>> authby=secret
>> pfs=no
>> auto=add
>> keyingtries=3
>> rekey=no
>> ikelifetime=8h
>> keylife=1h
>> type=transport
>> left=X.y.z.a
>> leftprotoport=17/1701
>> right=%any
>> rightprotoport=17/%any
>> forceencaps=yes
>> dpddelay=40
>> dpdtimeout=130
>> dpdaction=clear
>>
>>
>> **************
>> /etc/ipsec.secrets
>> **************
>> X.y.z.a %any : PSK "AVerySecretPassword"
>>
>> **************
>> /etc/xl2tpd/xl2tpd.conf
>> **************
>> [global]
>> debug tunnel = yes
>> debug network = yes
>> debug state = yes
>> debug avp = yes
>>
>> [lns default]
>> ip range = 10.31.135.2-10.31.135.250
>> local ip = 10.31.135.1
>> require chap = yes
>> refuse pap = yes
>> require authentication = yes
>> name = l2tpsvr
>> ppp debug = yes
>> pppoptfile = /etc/ppp/options.xl2tpd
>> length bit = yes
>>
>> **************
>> /etc/ppp/options.xl2tpd
>> **************
>> ipcp-accept-local
>> ipcp-accept-remote
>> ms-dns 81.92.x.y
>> ms-dns 81.92.a.b
>> noccp
>> auth
>> crtscts
>> idle 1800
>> mtu 1200
>> mru 1200
>> nodefaultroute
>> debug
>> lock
>> proxyarp
>> connect-delay 5000
>>
>>
>> l2tp:/usr/src/xl2tpd-1.2.7# xl2tpd -D
>> xl2tpd[5300]: setsockopt recvref[22]: Protocol not available
>> xl2tpd[5300]: This binary does not support kernel L2TP.
>> xl2tpd[5300]: xl2tpd version xl2tpd-1.2.6 started on l2tp.financialart.bePID:5300
>> xl2tpd[5300]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
>> xl2tpd[5300]: Forked by Scott Balmos and David Stipp, (C) 2001
>> xl2tpd[5300]: Inherited by Jeff McAdams, (C) 2002
>> xl2tpd[5300]: Forked again by Xelerance (www.xelerance.com) (C) 2006
>> xl2tpd[5300]: Listening on IP address 0.0.0.0, port 1701
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 40687, call 0
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: sending SCCRP
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 21206, call 0
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring
>> second one.
>> xl2tpd[5300]: build_fdset: closing down tunnel 21206
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 16811, call 58064
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring
>> second one.
>> xl2tpd[5300]: build_fdset: closing down tunnel 16811
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 54191, call 56833
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring
>> second one.
>> xl2tpd[5300]: build_fdset: closing down tunnel 54191
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: Maximum retries exceeded for tunnel 40687. Closing.
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 10323, call 0
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring
>> second one.
>> xl2tpd[5300]: build_fdset: closing down tunnel 10323
>> xl2tpd[5300]: build_fdset: closing down tunnel 40687
>> xl2tpd[5300]: Connection 76 closed to 109.129.28.162, port 50750 (Timeout)
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 57821, call 4499
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring
>> second one.
>> xl2tpd[5300]: build_fdset: closing down tunnel 57821
>> xl2tpd[5300]: network_thread: select timeout
>> xl2tpd[5300]: Unable to deliver closing message for tunnel 40687.
>> Destroying anyway.
>> xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60,
>> tunnel = 0, call = 0 ref=0 refhim=0
>> xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162,
>> port 50750.
>> xl2tpd[5300]: handle_avps: handling avp's for tunnel 16436, call 38118
>> xl2tpd[5300]: message_type_avp: message type 1
>> (Start-Control-Connection-Request)
>> xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.
>> xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync
>> xl2tpd[5300]: hostname_avp: peer reports hostname ''
>> xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76
>> xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow
>> control.
>> xl2tpd[5300]: control_finish: message type is
>> Start-Control-Connection-Request(1). Tunnel is 76, call is 0.
>> xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring
>> second one.
>> xl2tpd[5300]: build_fdset: closing down tunnel 16436
>> xl2tpd[5300]: build_fdset: closing down tunnel 40687
>>
>>
>>
>>
>> Jan 10 09:32:08 l2tp ipsec__plutorun: Starting Pluto subsystem...
>> Jan 10 09:32:08 l2tp pluto[3276]: Starting Pluto (Openswan Version 2.6.32;
>> Vendor ID OEhyLdACecfa) pid:3276
>> Jan 10 09:32:08 l2tp pluto[3276]: LEAK_DETECTIVE support [disabled]
>> Jan 10 09:32:08 l2tp pluto[3276]: OCF support for IKE [disabled]
>> Jan 10 09:32:08 l2tp pluto[3276]: SAref support [disabled]: Protocol not
>> available
>> Jan 10 09:32:08 l2tp pluto[3276]: SAbind support [disabled]: Protocol not
>> available
>> Jan 10 09:32:08 l2tp pluto[3276]: NSS support [disabled]
>> Jan 10 09:32:08 l2tp pluto[3276]: HAVE_STATSD notification support not
>> compiled in
>> Jan 10 09:32:08 l2tp pluto[3276]: Setting NAT-Traversal port-4500 floating
>> to on
>> Jan 10 09:32:08 l2tp pluto[3276]: port floating activation criteria
>> nat_t=1/port_float=1
>> Jan 10 09:32:08 l2tp pluto[3276]: NAT-Traversal support [enabled]
>> Jan 10 09:32:08 l2tp pluto[3276]: using /dev/urandom as source of random
>> entropy
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating
>> OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating
>> OAKLEY_TWOFISH_CBC: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating
>> OAKLEY_SERPENT_CBC: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating
>> OAKLEY_AES_CBC: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating
>> OAKLEY_BLOWFISH_CBC: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_hash(): Activating
>> OAKLEY_SHA2_512: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_hash(): Activating
>> OAKLEY_SHA2_256: Ok (ret=0)
>> Jan 10 09:32:08 l2tp pluto[3276]: no helpers will be started, all
>> cryptographic operations will be done inline
>> Jan 10 09:32:08 l2tp pluto[3276]: Using KLIPS IPsec interface code on
>> 2.6.26-2-xen-amd64
>> Jan 10 09:32:08 l2tp pluto[3276]: Changed path to directory
>> '/etc/ipsec.d/cacerts'
>> Jan 10 09:32:08 l2tp pluto[3276]: Changed path to directory
>> '/etc/ipsec.d/aacerts'
>> Jan 10 09:32:08 l2tp pluto[3276]: Changed path to directory
>> '/etc/ipsec.d/ocspcerts'
>> Jan 10 09:32:08 l2tp pluto[3276]: Changing to directory
>> '/etc/ipsec.d/crls'
>> Jan 10 09:32:08 l2tp pluto[3276]: Warning: empty directory
>> Jan 10 09:32:08 l2tp pluto[3276]: added connection description
>> "L2TP-PSK-NAT"
>> Jan 10 09:32:08 l2tp pluto[3276]: added connection description
>> "L2TP-PSK-noNAT"
>> Jan 10 09:32:08 l2tp pluto[3276]: listening for IKE messages
>> Jan 10 09:32:08 l2tp pluto[3276]: adding interface ipsec0/eth0
>> 81.92.226.188:500
>> Jan 10 09:32:08 l2tp pluto[3276]: adding interface ipsec0/eth0
>> 81.92.226.188:4500
>> Jan 10 09:32:08 l2tp pluto[3276]: loading secrets from
>> "/etc/ipsec.secrets"
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> received Vendor ID payload [RFC 3947] method set to=109
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
>> already using method 110
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
>> already using method 110
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
>> already using method 110
>> Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500:
>> received Vendor ID payload [Dead Peer Detection]
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> responding to Main Mode from unknown peer 109.129.28.162
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> STATE_MAIN_R1: sent MR1, expecting MI2
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are
>> NATed
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> STATE_MAIN_R2: sent MR2, expecting MI3
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7:
>> switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7:
>> deleting connection "L2TP-PSK-NAT" instance with peer 109.129.28.162
>> {isakmp=#0/ipsec=#0}
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7:
>> transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: new
>> NAT mapping for #7, was 109.129.28.162:500, now 109.129.28.162:4500
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7:
>> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
>> cipher=aes_256 prf=oakley_sha group=modp1024}
>> Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7:
>> Dead Peer Detection (RFC 3706): enabled
>> Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: the
>> peer proposed: 81.92.226.188/32:17/1701 -> 192.168.1.11/32:17/0
>> Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> responding to Quick Mode proposal {msgid:cbe4e6f7}
>> Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> us: 81.92.226.188<81.92.226.188>[+S=C]:17/1701
>> Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> them: 109.129.28.162[192.168.1.11,+S=C]:17/50750===192.168.1.11/32
>> Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
>> Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
>> Jan 10 10:10:33 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> Dead Peer Detection (RFC 3706): enabled
>> Jan 10 10:10:33 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>> Jan 10 10:10:33 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8:
>> STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0c8ad036
>> <0x94f2b892 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=109.129.28.162:4500DPD=enabled}
>>
>> Pascal Fuks
>> Network & Security Consultant,
>> CEO / Administrateur délégué,
>>
>> Tel. : +32 2 387 08 00
>> Fax : +32 2 387 07 06
>> Email : pascal at financial-art.be
>> IM: pascal at financial-art (MSN)
>> Free/Busy Time: http://tinyurl.com/pfukscal
>>
>> <http://www.financial-art.be/>
>> www.financial-art.be
>> Avant d’imprimer cet email, réfléchissez à l’impact sur l’environnement.
>> Please consider the environment before printing this mail.
>>
>>
>>
>>
>> **** DISCLAIMER ****
>>
>> "This e-mail and any attachment thereto may contain information which is
>> confidential and/or protected by intellectual property rights and are
>> intended for the sole use of the recipient(s) named above.
>> Any use of the information contained herein (including, but not limited
>> to, total or partial reproduction, communication or distribution in any
>> form) by other persons than the designated recipient(s) is prohibited.
>> If you have received this e-mail in error, please notify the sender either
>> by telephone or by e-mail and delete the material from any computer".
>>
>> Thank you for your cooperation.
>>
>> * This e-mail was scanned against known viruses by MDaemon-DKAV
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
>
> --
> *Space Lee*
>
>
> **** DISCLAIMER ****
>
> "This e-mail and any attachment thereto may contain information which is
> confidential and/or protected by intellectual property rights and are
> intended for the sole use of the recipient(s) named above.
> Any use of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any form) by
> other persons than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender either
> by telephone or by e-mail and delete the material from any computer".
>
> Thank you for your cooperation.
>
> * This e-mail was scanned against known viruses by MDaemon-DKAV
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110113/f28edf5e/attachment-0001.html
More information about the Users
mailing list