[Openswan Users] SOme issues
Luis Nagaki
luis.nagaki at gmail.com
Wed Oct 24 10:25:47 EDT 2012
Hey guys, i have over 6 vpn clients that are all working just fine.
but i installed 1 location that all of a sudden stopped worked. i
think their firewall is blocking something.
here are some log file outputs
log output on client
"central" #1: ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]
"central" #1: received Vendor ID payload [Dead Peer Detection]
"central" #1: received Vendor ID payload [RFC 3947] method set to=109
"central" #1: enabling possible NAT-traversal with method 4
"central" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"central" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"central" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
"central" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"central" #1: STATE_MAIN_I3: sent MI3, expecting MR3
just hangs here.. what can it be?
log output on vpn server
packet from PUBLIC_IP:500: ignoring unknown Vendor ID payload
[4f4568794c64414365636661]
packet from PUBLIC_IP:500: received Vendor ID payload [Dead Peer Detection]
packet from PUBLIC_IP:500: received Vendor ID payload [RFC 3947]
method set to=109
packet from PUBLIC_IP:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
packet from PUBLIC_IP:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method
109
packet from PUBLIC_IP:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
packet from PUBLIC_IP:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
"vpn_client1"[4727] PUBLIC_IP #22013: responding to Main Mode from
unknown peer PUBLIC_IP
"vpn_client1"[4727] PUBLIC_IP #22013: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
"vpn_client1"[4727] PUBLIC_IP #22013: STATE_MAIN_R1: sent MR1, expecting MI2
"vpn_client1"[4727] PUBLIC_IP #22013: NAT-Traversal: Result using RFC
3947 (NAT-Traversal): peer is NATed
"vpn_client1"[4727] PUBLIC_IP #22013: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
"vpn_client1"[4727] PUBLIC_IP #22013: STATE_MAIN_R2: sent MR2, expecting MI3
"vpn_client1"[4727] PUBLIC_IP #22013: Main mode peer ID is ID_FQDN:
'@vpn_client1'
"vpn_client1"[4727] PUBLIC_IP #22013: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
"vpn_client1"[4727] PUBLIC_IP #22013: new NAT mapping for #22013, was
PUBLIC_IP:500, now PUBLIC_IP:11336
"vpn_client1"[4727] PUBLIC_IP #22013: STATE_MAIN_R3: sent MR3, ISAKMP
SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp2048}
"vpn_client1"[4727] PUBLIC_IP #22013: Dead Peer Detection (RFC 3706): enabled
vpn client verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.18-308.16.1.el5 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
can you guys give me some input?
thanks!
More information about the Users
mailing list