[Openswan Users] Openswan problem with EC2

Paul Wouters paul at xelerance.com
Mon Jul 4 23:40:13 EDT 2011


On Mon, 4 Jul 2011, Sajith Kalathingal wrote:

> Date: Mon, 4 Jul 2011 19:13:52 +0530 (IST)
> From: Sajith Kalathingal <sajith.kalathingal at yahoo.in>
> To: Openswan <users at openswan.org>
> Subject: [Openswan Users] Openswan problem with EC2
> 
> I'm trying to establish an IPSec connection from my laptop to an ec2 instance using VPC. However I'm getting the following error. Can anyone help me to figure out why this is happening?

I am not sure. I see both sides are NAT'ed. They don't use the same range?

What version of openswan is this?

Try adding forceencaps=yes though I think it might not matter in this case.

Paul

> EC2 node
> ----------------------
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: STATE_MAIN_R1: sent MR1, expecting MI2
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: STATE_MAIN_R2: sent MR2, expecting MI3
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: Main mode peer ID is ID_IPV4_ADDR: 'x.x.x.x'
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: new NAT mapping for #4, was x.x.x.x:500, now x.x.x.x:4500
> Jul  4 13:31:30 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_md5 group=modp1536}
> Jul  4 13:31:31 ip-10-0-0-100 pluto[22644]: "host-to-host" #3: discarding duplicate packet; already STATE_MAIN_I3
> Jul  4 13:31:40 ip-10-0-0-100 pluto[22644]: "host-to-host" #4: retransmitting in response to duplicate packet; already STATE_MAIN_R3
> Jul  4 13:31:51 ip-10-0-0-100 pluto[22644]: "host-to-host" #3: discarding duplicate packet; already STATE_MAIN_I3
>
> Laptop
> -------
>
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: initiating Main Mode to replace #8
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: ignoring unknown Vendor ID payload [4f4568794c64414365636661]
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: received Vendor ID payload [Dead Peer Detection]
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: received Vendor ID payload [RFC 3947] method set to=109
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: enabling possible NAT-traversal with method 4
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: STATE_MAIN_I2: sent MI2, expecting MR2
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> Jul  4 15:35:22 host pluto[16783]: "host-to-host" #10: STATE_MAIN_I3: sent MI3, expecting MR3
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list