[Openswan Users] VPN Transport Mode, Windows 7, xl2tpd, openswan - setup feasibility check

Simon Deziel simon at xelerance.com
Sun Oct 7 18:01:32 EDT 2012 

For l2tp logs, you can try to look in one of those:

/var/log/syslog
/var/log/daemon
/var/log/messages

Simon

On 12-10-06 06:00 PM, Karl wrote:
> Hi,
> 
>  
> 
> thanks for the tip. I set the registry key but the error remains. The
> tunnel is established in State-quick-r2 but in windows I can see the
> window “verify username and password” for 0.5 seconds and the error
> windows with message “Error 619 …” comes up.
> 
>  
> 
> // pluto.log //
> 
> packet from 2.204.210.70:54963: received Vendor ID payload [RFC 3947]
> method set to=115
> 
> packet from 2.204.210.70:54963: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
> 
> packet from 2.204.210.70:54963: ignoring Vendor ID payload [FRAGMENTATION]
> 
> packet from 2.204.210.70:54963: ignoring Vendor ID payload
> [MS-Negotiation Discovery Capable]
> 
> packet from 2.204.210.70:54963: ignoring Vendor ID payload
> [Vid-Initial-Contact]
> 
> packet from 2.204.210.70:54963: ignoring Vendor ID payload [IKE CGA
> version 1]
> 
> "vpnhome"[15] 2.204.210.70 #15: responding to Main Mode from unknown
> peer 2.204.210.70
> 
> "vpnhome"[15] 2.204.210.70 #15: OAKLEY_GROUP 20 not supported. 
> Attribute OAKLEY_GROUP_DESCRIPTION
> 
> "vpnhome"[15] 2.204.210.70 #15: OAKLEY_GROUP 19 not supported. 
> Attribute OAKLEY_GROUP_DESCRIPTION
> 
> "vpnhome"[15] 2.204.210.70 #15: transition from state STATE_MAIN_R0 to
> state STATE_MAIN_R1
> 
> "vpnhome"[15] 2.204.210.70 #15: STATE_MAIN_R1: sent MR1, expecting MI2
> 
> "vpnhome"[15] 2.204.210.70 #15: NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
> 
> "vpnhome"[15] 2.204.210.70 #15: transition from state STATE_MAIN_R1 to
> state STATE_MAIN_R2
> 
> "vpnhome"[15] 2.204.210.70 #15: STATE_MAIN_R2: sent MR2, expecting MI3
> 
> "vpnhome"[15] 2.204.210.70 #15: Main mode peer ID is ID_IPV4_ADDR:
> '10.0.0.2'
> 
> "vpnhome"[15] 2.204.210.70 #15: switched from "vpnhome" to "vpnhome"
> 
> "vpnhome"[16] 2.204.210.70 #15: deleting connection "vpnhome" instance
> with peer 2.204.210.70 {isakmp=#0/ipsec=#0}
> 
> "vpnhome"[16] 2.204.210.70 #15: transition from state STATE_MAIN_R2 to
> state STATE_MAIN_R3
> 
> "vpnhome"[16] 2.204.210.70 #15: new NAT mapping for #15, was
> 2.204.210.70:54963, now 2.204.210.70:54964
> 
> "vpnhome"[16] 2.204.210.70 #15: STATE_MAIN_R3: sent MR3, ISAKMP SA
> established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
> group=modp2048}
> 
> "vpnhome"[16] 2.204.210.70 #15: Dead Peer Detection (RFC 3706): not
> enabled because peer did not advertise it
> 
> "vpnhome"[16] 2.204.210.70 #15: the peer proposed:
> 85.177.250.149/32:17/1701 -> 10.0.0.2/32:17/0
> 
> "vpnhome"[16] 2.204.210.70 #15: NAT-Traversal: received 2 NAT-OA. using
> first, ignoring others
> 
> "vpnhome"[16] 2.204.210.70 #16: responding to Quick Mode proposal
> {msgid:01000000}
> 
> "vpnhome"[16] 2.204.210.70 #16:     us:
> 192.168.1.30<192.168.1.30>:17/1701---192.168.1.1
> 
> "vpnhome"[16] 2.204.210.70 #16:   them:
> 2.204.210.70[10.0.0.2]:17/1701===10.0.0.2/32
> 
> "vpnhome"[16] 2.204.210.70 #16: transition from state STATE_QUICK_R0 to
> state STATE_QUICK_R1
> 
> "vpnhome"[16] 2.204.210.70 #16: STATE_QUICK_R1: sent QR1, inbound IPsec
> SA installed, expecting QI2
> 
> "vpnhome"[16] 2.204.210.70 #16: Dead Peer Detection (RFC 3706): not
> enabled because peer did not advertise it
> 
> "vpnhome"[16] 2.204.210.70 #16: transition from state STATE_QUICK_R1 to
> state STATE_QUICK_R2
> 
> "vpnhome"[16] 2.204.210.70 #16: STATE_QUICK_R2: IPsec SA established
> transport mode {ESP/NAT=>0x3e674b5b <0xcc1fbfea xfrm=AES_128-HMAC_SHA1
> NATOA=10.0.0.2 NATD=2.204.210.70:54964 DPD=none}
> 
> "vpnhome"[16] 2.204.210.70 #15: received Delete SA(0x3e674b5b) payload:
> deleting IPSEC State #16
> 
> "vpnhome"[16] 2.204.210.70 #15: received and ignored informational message
> 
> "vpnhome"[16] 2.204.210.70 #15: received Delete SA payload: deleting
> ISAKMP State #15
> 
> "vpnhome"[16] 2.204.210.70: deleting connection "vpnhome" instance with
> peer 2.204.210.70 {isakmp=#0/ipsec=#0}
> 
> packet from 2.204.210.70:54964: received and ignored informational message
> 
>  
> 
>  
> 
> Windows log says “Event ID 20226 with reason code 829”. I googled a
> little bit and only found explanations into the direction of modem
> connect problems. (?). I am going to focus on PPP configuration now. I
> cannot find l2tpd.log file?
> 
>  
> 
> Any ideas?
> 
>  
> 
> Regards,
> 
> Horst
> 
>  
> 
> --- PPP config file ---
> 
> /etc/ppp/options.xl2tpd   [B---] 19 L:[  1+25  26/ 27] *(294 / 295b)
> 0010 0x00A
> 
> require-mschap-v2
> 
> asyncmap 0
> 
> hide-password
> 
> modem
> 
>  
> 
> ipcp-accept-local
> 
> ipcp-accept-remote
> 
> noccp
> 
> auth
> 
> crtscts
> 
> idle 1800
> 
> mtu 1400
> 
> mre 1400
> 
> nodefaultroute
> 
> debug
> 
> lock
> 
> proxyarp
> 
> connect-delay 5000
> 
> logfd 2
> 
> logfile /var/log/l2tpd.log
> 
>  
> 
>  
> 
> ms-dns 8.8.8.8
> 
> ms-dns 8.8.4.4
> 
> lcp-echo-failure 12
> 
> lcp-echo-interval 5
> 
>  
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list