[Openswan Users] iOS devices not always be dedected and NATted. (Neville)
Neville
nev at itsnev.co.uk
Tue Jan 22 05:28:13 EST 2013
Still failing, but will eventually connected. Any one shed any light on
this.
Trace Below.
Failed Connection.
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring
unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000009]
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: received Vendor
ID payload [RFC 3947] method set to=115
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
method 115
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [FRAGMENTATION]
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [MS-Negotiation Discovery Capable]
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [Vid-Initial-Contact]
Jan 22 10:22:07 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [IKE CGA version 1]
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
responding to Main Mode from unknown peer 192.168.1.127
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
STATE_MAIN_R1: sent MR1, expecting MI2
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is
NATed
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
STATE_MAIN_R2: sent MR2, expecting MI3
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
Main mode peer ID is ID_IPV4_ADDR: '192.168.1.127'
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #112:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #112:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #112:
new NAT mapping for #112, was 46.X.X.X:500, now 46.X.X.X:4500
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 46.X.X.X #112:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=aes_256 prf=oakley_sha group=modp2048}
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 46.X.X.X #112: Dead
Peer Detection (RFC 3706): not enabled because peer did not advertise it
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 46.X.X.X #112: the
peer proposed: 91.204.208.146/32:17/1701 -> 192.168.1.127/32:17/0
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 46.X.X.X #112:
NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 46.X.X.X #113: new NAT
mapping for #113, was 46.X.X.X:4500, now 192.168.1.127:4500
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #112:
new NAT mapping for #112, was 46.X.X.X:4500, now 192.168.1.127:4500
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #113:
responding to Quick Mode proposal {msgid:01000000}
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #113:
us: 91.204.208.146:17/1701---91.204.208.146
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #113:
them: 192.168.1.127:17/1701===192.168.1.127/32
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #113:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 22 10:22:07 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #113:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan 22 10:22:08 ssl7 pluto[28557]: "L2TP-PSK-NAT"[42] 192.168.1.127 #113:
discarding duplicate packet; already STATE_QUICK_R1
Jan 22 10:22:19 ssl7 last message repeated 3 times
Jan 22 10:22:24 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127 #111:
max number of retransmissions (2) reached STATE_MAIN_R2
Jan 22 10:22:24 ssl7 pluto[28557]: "L2TP-PSK-NAT"[41] 192.168.1.127:
deleting connection "L2TP-PSK-NAT" instance with peer 192.168.1.127
{isakmp=#0/ipsec=#0}
Successful Connection after trying 3 times.
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring
unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000009]
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: received Vendor
ID payload [RFC 3947] method set to=115
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
method 115
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [FRAGMENTATION]
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [MS-Negotiation Discovery Capable]
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [Vid-Initial-Contact]
Jan 22 10:23:17 ssl7 pluto[28557]: packet from 46.X.X.X:500: ignoring Vendor
ID payload [IKE CGA version 1]
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
responding to Main Mode from unknown peer 46.X.X.X
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
STATE_MAIN_R1: sent MR1, expecting MI2
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is
NATed
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
STATE_MAIN_R2: sent MR2, expecting MI3
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115: Main
mode peer ID is ID_IPV4_ADDR: '192.168.1.127'
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[43] 46.X.X.X #115:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #115:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #115: new NAT
mapping for #115, was 46.X.X.X:500, now 46.X.X.X:4500
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #115:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=aes_256 prf=oakley_sha group=modp2048}
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #115: Dead
Peer Detection (RFC 3706): not enabled because peer did not advertise it
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #115: the
peer proposed: 91.204.208.146/32:17/1701 -> 192.168.1.127/32:17/0
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #115:
NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116:
responding to Quick Mode proposal {msgid:01000000}
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116: us:
91.204.208.146:17/1701---91.204.208.146
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116: them:
46.X.X.X[192.168.1.127]:17/1701===192.168.1.127/32
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116: Dead
Peer Detection (RFC 3706): not enabled because peer did not advertise it
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 22 10:23:17 ssl7 pluto[28557]: "L2TP-PSK-NAT"[44] 46.X.X.X #116:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xa0128c7c
<0x1484e9a3 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.1.127 NATD=46.X.X.X:4500
DPD=none}
Thx
Nev
More information about the Users
mailing list