[Openswan Users] Works fine with Android, Iphone and Win7, but not winXP

Raúl Uría Elices ruria60 at yahoo.es
Wed Mar 21 05:26:57 EDT 2012


Hi all, I have  this  up and running for Android, Iphnoe and windows 7, but
I can´t connect to from a  Windows XP.  XP has
AssumeUDPEncapsulationContextOnSendRule set to 2 (double NAT).

 

Ubuntu 11.10 (GNU/Linux 3.0.0-16-generic-pae i686)

Linux Openswan U2.6.37/K3.0.0-16-generic-pae

xl2tpd-1.3.0

 

Any idea?

 

 

auth.log:

 

Mar 19 12:22:24 ubuntu pluto[1513]: packet from 80.30.209.37:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

Mar 19 12:22:24 ubuntu pluto[1513]: packet from 80.30.209.37:500: ignoring
Vendor ID payload [FRAGMENTATION]

Mar 19 12:22:24 ubuntu pluto[1513]: packet from 80.30.209.37:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106

Mar 19 12:22:24 ubuntu pluto[1513]: packet from 80.30.209.37:500: ignoring
Vendor ID payload [Vid-Initial-Contact]

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
responding to Main Mode from unknown peer 80.30.209.37

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
STATE_MAIN_R1: sent MR1, expecting MI2

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
STATE_MAIN_R2: sent MR2, expecting MI3

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
Main mode peer ID is ID_FQDN: '@javier-8690b7da'

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[22] 80.30.209.37 #68:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68: new
NAT mapping for #68, was 80.30.209.37:500, now 80.30.209.37:1024

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}

Mar 19 12:22:24 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
Dead Peer Detection (RFC 3706): not enabled because peer did not advertise
it

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
peer client type is FQDN

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
Applying workaround for MS-818043 NAT-T bug

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
IDci was FQDN: X\002\255\300, using NAT_OA=192.168.1.35/32 0 as IDci

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68: the
peer proposed: 88.2.173.192/32:17/1701 -> 192.168.1.35/32:17/0

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
responding to Quick Mode proposal {msgid:b22c1702}

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
us: 192.168.2.1<192.168.2.1>[+S=C]:17/1701---192.168.1.1

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
them: 80.30.209.37[@javier-8690b7da,+S=C]:17/1701===192.168.1.35/32

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
netlink_raw_eroute: WARNING: that_client port 0 and that_host port 1701
don't match. Using that_client port.

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
Dead Peer Detection (RFC 3706): not enabled because peer did not advertise
it

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Mar 19 12:22:25 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #69:
STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xfe1a8c15
<0x7e2d3ef1 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35 NATD=80.30.209.37:1024
DPD=none}

Mar 19 12:23:00 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
received Delete SA(0xfe1a8c15) payload: deleting IPSEC State #69

Mar 19 12:23:00 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete
included errno 2: No such file or directory

Mar 19 12:23:00 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
received and ignored informational message

Mar 19 12:23:00 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37 #68:
received Delete SA payload: deleting ISAKMP State #68

Mar 19 12:23:00 ubuntu pluto[1513]: "L2TP-PSK-NAT"[39] 80.30.209.37:
deleting connection "L2TP-PSK-NAT" instance with peer 80.30.209.37
{isakmp=#0/ipsec=#0}

Mar 19 12:23:00 ubuntu pluto[1513]: packet from 80.30.209.37:1024: received
and ignored informational message

 

syslog:

 

Mar 19 12:22:27 ubuntu xl2tpd[1297]: control_finish: Peer requested tunnel 1
twice, ignoring second one.

Mar 19 12:22:28 ubuntu xl2tpd[1297]: control_finish: Peer requested tunnel 1
twice, ignoring second one.

Mar 19 12:22:28 ubuntu pppd[7125]: sent [LCP EchoReq id=0x9
magic=0x39fa99a4]

Mar 19 12:22:28 ubuntu pppd[7125]: rcvd [LCP EchoRep id=0x9
magic=0x58e97985]

Mar 19 12:22:32 ubuntu xl2tpd[1297]: Maximum retries exceeded for tunnel
27162.  Closing.

Mar 19 12:22:32 ubuntu xl2tpd[1297]: control_finish: Peer requested tunnel 1
twice, ignoring second one.

Mar 19 12:22:32 ubuntu xl2tpd[1297]: Connection 1 closed to 80.30.209.37,
port 1701 (Timeout)

Mar 19 12:22:37 ubuntu xl2tpd[1297]: Unable to deliver closing message for
tunnel 27162. Destroying anyway.

Mar 19 12:22:47 ubuntu xl2tpd[1297]: Maximum retries exceeded for tunnel
46858.  Closing.

Mar 19 12:22:47 ubuntu xl2tpd[1297]: Connection 1 closed to 80.30.209.37,
port 1701 (Timeout)

Mar 19 12:22:50 ubuntu xl2tpd[1297]: control_finish: Peer requested tunnel 1
twice, ignoring second one.

Mar 19 12:22:52 ubuntu xl2tpd[1297]: Unable to deliver closing message for
tunnel 46858. Destroying anyway.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120321/9eb729c4/attachment-0001.html>


More information about the Users mailing list