[Openswan Users] Mutual "Deleting connection" with same private IP from others companies
users-bounces at lists.openswan.org
users-bounces at lists.openswan.org
Thu Apr 4 21:20:17 UTC 2013
Rescued from the spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: Peter <pit11 at ukr.net>
Subject: Mutual "Deleting connection" with same private IP from others companies
Date: 4 April, 2013 1:36:34 PM EDT
To: users at lists.openswan.org
Hi All!
CentOS 6.3
kernel 2.6.32-279.9.1.el6.local.x86_64 with SAref
openswan-2.6.38
xl2tpd 1.3.1-5.el6
ipsec.conf:
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.13.0.0/16,%v4:!192.168.18.0/24
oe=off
protostack=mast
interfaces="mast0=eth3"
# Add connections here
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
sareftrack=yes
overlapip=no
left=xxx.xxx.xxx.xxx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
xl2tpd.conf:
global]
listen-addr = xxx.xxx.xxx.xxx
force userspace = yes
ipsec saref = yes
[lns default]
assign ip = yes
ip range = 10.13.1.128-10.13.2.254
local ip = 10.13.0.1
require chap = yes
refuse pap = yes
refuse authentication = no
require authentication = no
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
flow bit = yes
Mutual "Deleting connection" with same private IP from others companies, when they are connected at the same time.
192.168.0.105 --- 80.90.239.11 --------> My VPN-server (xxx.xxx.xxx.xxx)
192.168.0.105 --- 195.138.77.67 --------> My VPN-server (xxx.xxx.xxx.xxx)
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#0/ipsec=#0}
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: deleting connection "L2TP-PSK-NAT" instance with peer 80.90.239.11 {isakmp=#14250/ipsec=#14251}
Full /var/log/secure:
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:50:32 vpn pluto[2047]: packet from 80.90.239.11:500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: responding to Main Mode from unknown peer 80.90.239.11
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 17:50:32 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14250: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#14236/ipsec=#14237}
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT" #14237: deleting state (STATE_QUICK_R2)
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT" #14236: deleting state (STATE_MAIN_R3)
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: new NAT mapping for #14250, was 80.90.239.11:500, now 80.90.239.11:1036
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 192.168.0.105/32:17/0
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14250: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: responding to Quick Mode proposal {msgid:01000000}
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>:17/1701
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: them: 80.90.239.11[192.168.0.105]:17/1701===192.168.0.105/32
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 17:50:33 vpn pluto[2047]: "L2TP-PSK-NAT"[11115] 80.90.239.11 #14251: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x3bf28da1 <0x6fa7d29f xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.105 NATD=80.90.239.11:1036 DPD=none}
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:51:15 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: responding to Main Mode from unknown peer 195.138.77.67
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11116] 195.138.77.67 #14252: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#0/ipsec=#0}
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: deleting connection "L2TP-PSK-NAT" instance with peer 80.90.239.11 {isakmp=#14250/ipsec=#14251}
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT" #14251: deleting state (STATE_QUICK_R2)
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT" #14250: deleting state (STATE_MAIN_R3)
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 192.168.0.105/32:17/0
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14252: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: responding to Quick Mode proposal {msgid:01000000}
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>:17/1701
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: them: 195.138.77.67[192.168.0.105]:17/1701===192.168.0.105/32
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 17:51:15 vpn pluto[2047]: "L2TP-PSK-NAT"[11117] 195.138.77.67 #14253: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x638ab232 <0x6fa7d2a0 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.105 NATD=195.138.77.67:4500 DPD=none}
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:51:23 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:51:23 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: responding to Main Mode from unknown peer 80.90.239.11
Apr 4 17:51:23 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:23 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:23 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 4 17:51:23 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14254: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14254: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#14252/ipsec=#14253}
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT" #14253: deleting state (STATE_QUICK_R2)
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT" #14252: deleting state (STATE_MAIN_R3)
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14254: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14254: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14254: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14254: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 192.168.0.105/32:17/0
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14254: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: responding to Quick Mode proposal {msgid:01000000}
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>:17/1701
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: them: 80.90.239.11[192.168.0.105]:17/1701===192.168.0.105/32
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 17:51:24 vpn pluto[2047]: "L2TP-PSK-NAT"[11118] 80.90.239.11 #14255: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x8ac9644f <0x6fa7d2a1 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.105 NATD=80.90.239.11:1036 DPD=none}
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:51:25 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: responding to Main Mode from unknown peer 195.138.77.67
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11119] 195.138.77.67 #14256: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#0/ipsec=#0}
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: deleting connection "L2TP-PSK-NAT" instance with peer 80.90.239.11 {isakmp=#14254/ipsec=#14255}
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT" #14255: deleting state (STATE_QUICK_R2)
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT" #14254: deleting state (STATE_MAIN_R3)
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 192.168.0.105/32:17/0
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14256: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: responding to Quick Mode proposal {msgid:01000000}
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>:17/1701
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: them: 195.138.77.67[192.168.0.105]:17/1701===192.168.0.105/32
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 17:51:25 vpn pluto[2047]: "L2TP-PSK-NAT"[11120] 195.138.77.67 #14257: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x749e33ed <0x6fa7d2a2 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.105 NATD=195.138.77.67:4500 DPD=none}
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:51:26 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: responding to Main Mode from unknown peer 80.90.239.11
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14258: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14258: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#14256/ipsec=#14257}
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT" #14257: deleting state (STATE_QUICK_R2)
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT" #14256: deleting state (STATE_MAIN_R3)
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14258: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14258: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14258: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14258: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 192.168.0.105/32:17/0
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14258: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: responding to Quick Mode proposal {msgid:01000000}
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>:17/1701
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: them: 80.90.239.11[192.168.0.105]:17/1701===192.168.0.105/32
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 17:51:26 vpn pluto[2047]: "L2TP-PSK-NAT"[11121] 80.90.239.11 #14259: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x66f75963 <0x6fa7d2a3 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.105 NATD=80.90.239.11:1036 DPD=none}
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:51:35 vpn pluto[2047]: packet from 195.138.77.67:4500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: responding to Main Mode from unknown peer 195.138.77.67
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11122] 195.138.77.67 #14261: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: deleting connection "L2TP-PSK-NAT" instance with peer 195.138.77.67 {isakmp=#0/ipsec=#0}
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: deleting connection "L2TP-PSK-NAT" instance with peer 80.90.239.11 {isakmp=#14258/ipsec=#14259}
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT" #14259: deleting state (STATE_QUICK_R2)
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT" #14258: deleting state (STATE_MAIN_R3)
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 192.168.0.105/32:17/0
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14261: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: responding to Quick Mode proposal {msgid:01000000}
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>:17/1701
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: them: 195.138.77.67[192.168.0.105]:17/1701===192.168.0.105/32
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 4 17:51:35 vpn pluto[2047]: "L2TP-PSK-NAT"[11123] 195.138.77.67 #14262: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x11a550d6 <0x6fa7d2a5 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.105 NATD=195.138.77.67:4500 DPD=none}
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [FRAGMENTATION]
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 4 17:51:42 vpn pluto[2047]: packet from 80.90.239.11:1036: ignoring Vendor ID payload [IKE CGA version 1]
Apr 4 17:51:42 vpn pluto[2047]: "L2TP-PSK-NAT"[8642] 80.90.239.11 #14263: responding to Main Mode from unknown peer 80.90.239.11
Need help…
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130404/459ed488/attachment-0001.html>
More information about the Users
mailing list