[Openswan Users] Connecting to a VPN through Ubuntu

Rogelio Alejandro Ortiz Sevilla rogelio.sevilla1 at gmail.com
Fri Sep 9 14:03:11 EDT 2011 

Good day everyone, this is my first post, sorry if my question is too basic.

I'm trying to connect to a VPN through my Ubuntu desktop machine. The other
windows users on my office are using the Sonic Wall Global VPN Client so I
decided to go with openswan since i'm using ubuntu.

The problem is that, when i try to connect, i just get an #500 error and
everything stops. I'm sorry, networks are honestly not my strong point.

When i checked the var/log/auth.log file, this is the content i found:





Sep  9 12:49:25 rogeliosevilla1-laptop ipsec__plutorun: Starting Pluto
subsystem...
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Starting Pluto
(Openswan Version 2.6.23; Vendor ID OEm at kgSFEH@\177) pid:10899
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Setting NAT-Traversal
port-4500 floating to on
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]:    port floating
activation criteria nat_t=1/port_float=1
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]:    including
NAT-Traversal patch (Version 0.6c)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: starting up 7
cryptographic helpers
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10902 (fd:7)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10903 (fd:8)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10902]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10904 (fd:9)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10905 (fd:10)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10903]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10906 (fd:11)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10907 (fd:12)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10904]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: started helper
pid=10908 (fd:13)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Using Linux 2.6 IPsec
interface code on 2.6.32-33-generic-pae (experimental code)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10907]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10908]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10906]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10905]: using /dev/urandom as
source of random entropy
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_add(): ERROR:
Algorithm already exists
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_add(): ERROR:
Algorithm already exists
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_add(): ERROR:
Algorithm already exists
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_add(): ERROR:
Algorithm already exists
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_add(): ERROR:
Algorithm already exists
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Changed path to
directory '/etc/ipsec.d/cacerts'
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Changed path to
directory '/etc/ipsec.d/aacerts'
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Changed path to
directory '/etc/ipsec.d/ocspcerts'
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: Changing to directory
'/etc/ipsec.d/crls'
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]:   Warning: empty
directory
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: added connection
description "MyCompany_VPN"
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: listening for IKE
messages
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: NAT-Traversal: Trying
new style NAT-T
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: NAT-Traversal:
ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: NAT-Traversal: Trying
old style NAT-T
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: adding interface
eth0/eth0 10.0.0.2:500
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: adding interface
eth0/eth0 10.0.0.2:4500
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: adding interface lo/lo
127.0.0.1:500
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: adding interface lo/lo
127.0.0.1:4500
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: adding interface lo/lo
::1:500
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: loading secrets from
"/etc/ipsec.secrets"
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
initiating Main Mode
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
ignoring unknown Vendor ID payload [5b362bc820f60007]
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
received Vendor ID payload [RFC 3947] method set to=109
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
enabling possible NAT-traversal with method 4
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
STATE_MAIN_I2: sent MI2, expecting MR2
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
received Vendor ID payload [XAUTH]
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
received Vendor ID payload [Dead Peer Detection]
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
STATE_MAIN_I3: sent MI3, expecting MR3
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
Main mode peer ID is ID_IPV4_ADDR: 'myRemoteIp'
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=aes_128 prf=oakley_sha group=modp1024}
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #2:
initiating Quick Mode PSK+ENCRYPT+UP+IKEv2ALLOW {using isakmp#1
msgid:970b965f proposal=defaults pfsgroup=no-pfs}
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Sep  9 12:49:25 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
received and ignored informational message
Sep  9 12:49:35 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Sep  9 12:49:35 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
received and ignored informational message
Sep  9 12:49:55 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Sep  9 12:49:55 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
received and ignored informational message
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: shutting down
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: forgetting secrets
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN":
deleting connection
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #2:
deleting state (STATE_QUICK_I1)
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: "MyCompany_VPN" #1:
deleting state (STATE_MAIN_I4)
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: shutting down interface
lo/lo ::1:500
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: shutting down interface
lo/lo 127.0.0.1:4500
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: shutting down interface
lo/lo 127.0.0.1:500
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: shutting down interface
eth0/eth0 10.0.0.2:4500
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10899]: shutting down interface
eth0/eth0 10.0.0.2:500
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10904]: pluto_crypto_helper:
helper (2) is  normal exiting
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10905]: pluto_crypto_helper:
helper (3) is  normal exiting
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10903]: pluto_crypto_helper:
helper (1) is  normal exiting
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10902]: pluto_crypto_helper:
helper (0) is  normal exiting
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10907]: pluto_crypto_helper:
helper (5) is  normal exiting
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10908]: pluto_crypto_helper:
helper (6) is  normal exiting
Sep  9 12:50:05 rogeliosevilla1-laptop pluto[10906]: pluto_crypto_helper:
helper (4) is  normal exiting





This is the content of my ipsec.conf  file



# /etc/ipsec.conf - Openswan IPsec configuration file
# $Id$

# Manual: ipsec.conf(5)

# Created: Fri Sep 9 12:43:30 2011
#      by: The L2TP IPsec VPN Manager application version 1.0.1
#
# WARNING! All changes made in this file will be lost!

version    2.0    # conforms to second version of ipsec.conf specification

config setup
    # plutodebug="parsing emitting control private"
    plutodebug=none
    strictcrlpolicy=no
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
    # which IPsec stack to use. netkey,klips,mast,auto or none
    protostack=netkey

conn %default
    keyingtries=3
    pfs=no
    rekey=yes
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701

# Add connections here.


conn MyCompany_VPN
   authby=secret

    right=myCompanyIp
    rightid=""
    auto=add





And finally, my ipsec.secrets looks something like this


# /etc/ipsec.secrets - secrets for IKE/IPsec authentication
# $Id$

# Manual: ipsec.secrets(5)

# Created: Fri Sep 9 12:43:30 2011
#      by: The L2TP IPsec VPN Manager application version 1.0.1
#
# WARNING! All changes made in this file will be lost!
#
#
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
#
%any myCompanyIp: PSK "MyPreSharedKey"




Any Help would be REALLY appreciated.

Thanks a lot in advance for your time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110909/ba4ee372/attachment-0001.html

More information about the Users mailing list