[Openswan Users] VPN Transport Mode, Windows 7, xl2tpd, openswan - setup feasibility check

Karl Horst at skat-foundation.de
Sat Oct 6 18:00:00 EDT 2012 

Hi,

 

thanks for the tip. I set the registry key but the error remains. The tunnel
is established in State-quick-r2 but in windows I can see the window "verify
username and password" for 0.5 seconds and the error windows with message
"Error 619 ." comes up.

 

// pluto.log //

packet from 2.204.210.70:54963: received Vendor ID payload [RFC 3947] method
set to=115

packet from 2.204.210.70:54963: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115

packet from 2.204.210.70:54963: ignoring Vendor ID payload [FRAGMENTATION]

packet from 2.204.210.70:54963: ignoring Vendor ID payload [MS-Negotiation
Discovery Capable]

packet from 2.204.210.70:54963: ignoring Vendor ID payload
[Vid-Initial-Contact]

packet from 2.204.210.70:54963: ignoring Vendor ID payload [IKE CGA version
1]

"vpnhome"[15] 2.204.210.70 #15: responding to Main Mode from unknown peer
2.204.210.70

"vpnhome"[15] 2.204.210.70 #15: OAKLEY_GROUP 20 not supported.  Attribute
OAKLEY_GROUP_DESCRIPTION

"vpnhome"[15] 2.204.210.70 #15: OAKLEY_GROUP 19 not supported.  Attribute
OAKLEY_GROUP_DESCRIPTION

"vpnhome"[15] 2.204.210.70 #15: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1

"vpnhome"[15] 2.204.210.70 #15: STATE_MAIN_R1: sent MR1, expecting MI2

"vpnhome"[15] 2.204.210.70 #15: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed

"vpnhome"[15] 2.204.210.70 #15: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2

"vpnhome"[15] 2.204.210.70 #15: STATE_MAIN_R2: sent MR2, expecting MI3

"vpnhome"[15] 2.204.210.70 #15: Main mode peer ID is ID_IPV4_ADDR:
'10.0.0.2'

"vpnhome"[15] 2.204.210.70 #15: switched from "vpnhome" to "vpnhome"

"vpnhome"[16] 2.204.210.70 #15: deleting connection "vpnhome" instance with
peer 2.204.210.70 {isakmp=#0/ipsec=#0}

"vpnhome"[16] 2.204.210.70 #15: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3

"vpnhome"[16] 2.204.210.70 #15: new NAT mapping for #15, was
2.204.210.70:54963, now 2.204.210.70:54964

"vpnhome"[16] 2.204.210.70 #15: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
group=modp2048}

"vpnhome"[16] 2.204.210.70 #15: Dead Peer Detection (RFC 3706): not enabled
because peer did not advertise it

"vpnhome"[16] 2.204.210.70 #15: the peer proposed: 85.177.250.149/32:17/1701
-> 10.0.0.2/32:17/0

"vpnhome"[16] 2.204.210.70 #15: NAT-Traversal: received 2 NAT-OA. using
first, ignoring others

"vpnhome"[16] 2.204.210.70 #16: responding to Quick Mode proposal
{msgid:01000000}

"vpnhome"[16] 2.204.210.70 #16:     us:
192.168.1.30<192.168.1.30>:17/1701---192.168.1.1

"vpnhome"[16] 2.204.210.70 #16:   them:
2.204.210.70[10.0.0.2]:17/1701===10.0.0.2/32

"vpnhome"[16] 2.204.210.70 #16: transition from state STATE_QUICK_R0 to
state STATE_QUICK_R1

"vpnhome"[16] 2.204.210.70 #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA
installed, expecting QI2

"vpnhome"[16] 2.204.210.70 #16: Dead Peer Detection (RFC 3706): not enabled
because peer did not advertise it

"vpnhome"[16] 2.204.210.70 #16: transition from state STATE_QUICK_R1 to
state STATE_QUICK_R2

"vpnhome"[16] 2.204.210.70 #16: STATE_QUICK_R2: IPsec SA established
transport mode {ESP/NAT=>0x3e674b5b <0xcc1fbfea xfrm=AES_128-HMAC_SHA1
NATOA=10.0.0.2 NATD=2.204.210.70:54964 DPD=none}

"vpnhome"[16] 2.204.210.70 #15: received Delete SA(0x3e674b5b) payload:
deleting IPSEC State #16

"vpnhome"[16] 2.204.210.70 #15: received and ignored informational message

"vpnhome"[16] 2.204.210.70 #15: received Delete SA payload: deleting ISAKMP
State #15

"vpnhome"[16] 2.204.210.70: deleting connection "vpnhome" instance with peer
2.204.210.70 {isakmp=#0/ipsec=#0}

packet from 2.204.210.70:54964: received and ignored informational message

 

 

Windows log says "Event ID 20226 with reason code 829". I googled a little
bit and only found explanations into the direction of modem connect
problems. (?). I am going to focus on PPP configuration now. I cannot find
l2tpd.log file?

 

Any ideas?

 

Regards,

Horst

 

--- PPP config file ---

/etc/ppp/options.xl2tpd   [B---] 19 L:[  1+25  26/ 27] *(294 / 295b) 0010
0x00A

require-mschap-v2

asyncmap 0

hide-password

modem

 

ipcp-accept-local

ipcp-accept-remote

noccp

auth

crtscts

idle 1800

mtu 1400

mre 1400

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

logfd 2

logfile /var/log/l2tpd.log

 

 

ms-dns 8.8.8.8

ms-dns 8.8.4.4

lcp-echo-failure 12

lcp-echo-interval 5

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121007/372d6813/attachment.html>

More information about the Users mailing list