[Openswan Users] More than one user behind NAT device
Linden.Varley at lisasoft.com
Mon Oct 24 23:28:20 EDT 2011
I have two users behind a NAT router trying to connect to an OpenSwan server. After they have both connected, the original user can no longer establish an ipsec connection. I need to reset the ADSL Router (NAT device) in order for the user to connect again.
User1 connects then disconnects
User2 connects then disconnects
User1 can no longer connect.
User2 can still connect.
ipsec saref = yes
ip range = <vpnrange>
local ip = <vpnip>
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
I'm running Debian 6.0.3 with a SAref patched 2.6.32 kernel.
ipsec verify shows
Kernel: IPsec SAref kernel support [OK]
Kernel: IPsec SAref Bind kernel support [OK]
/var/log/auth.log shows ipsec getting stuck at the following:
pluto: packet from <Nat External IP>:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
pluto: packet from <Nat External IP>:500: ignoring Vendor ID payload [FRAGMENTATION]
pluto: packet from <Nat External IP>:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
pluto: packet from <Nat External IP>:500: ignoring Vendor ID payload [Vid-Initial-Contact]
pluto: "L2TP-PSK-NAT" <Nat External IP> #6: responding to Main Mode from unknown peer 126.96.36.199
pluto: "L2TP-PSK-NAT" <Nat External IP> #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
pluto: "L2TP-PSK-NAT" <Nat External IP> #6: STATE_MAIN_R1: sent MR1, expecting MI2
The contents of this email are confidential and may be subject to legal or professional privilege and copyright. No representation is made that this email is free of viruses or other defects. If you have received this communication in error, you may not copy or distribute any part of it or otherwise disclose its contents to anyone. Please advise the sender of your incorrect receipt of this correspondence.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users