[Openswan Users] Using openswan to connect to OSX L2TP VPN
Brian C. Huffman
bhuffman at etinternational.com
Tue Jun 4 14:45:24 UTC 2013
To give more detail, this is what I see on the openswan (client) side:
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: initiating Main Mode
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: received Vendor ID
payload [RFC 3947] method set to=109
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: received Vendor ID
payload [Dead Peer Detection]
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: enabling possible
NAT-traversal with method 4
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: STATE_MAIN_I2: sent
MI2, expecting MR2
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): i am NATed
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: STATE_MAIN_I3: sent
MI3, expecting MR3
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: Main mode peer ID is
ID_IPV4_ADDR: 'a.b.c.d'
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: STATE_MAIN_I4:
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128
prf=oakley_sha group=modp1024}
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #2: initiating Quick
Mode PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:0d6d75de
proposal=defaults pfsgroup=no-pfs}
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #1: received and ignored
informational message
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #2: length of ISAKMP
Notification Payload is smaller than minimum
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #2: malformed payload in
packet
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: | payload malformed after IV
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: | dd 6a d7 09 61 93 37 4a
54 f0 38 51 82 27 ad 93
Jun 3 16:24:30 bhuffman-v2 pluto[2608]: "test" #2: sending notification
PAYLOAD_MALFORMED to a.b.c.d:4500
Jun 3 16:24:33 bhuffman-v2 pluto[2608]: "test" #2: length of ISAKMP
Notification Payload is smaller than minimum
Jun 3 16:24:33 bhuffman-v2 pluto[2608]: "test" #2: malformed payload in
packet
Jun 3 16:24:33 bhuffman-v2 pluto[2608]: | payload malformed after IV
Jun 3 16:24:33 bhuffman-v2 pluto[2608]: | dd 6a d7 09 61 93 37 4a
54 f0 38 51 82 27 ad 93
Jun 3 16:24:33 bhuffman-v2 pluto[2608]: "test" #2: sending notification
PAYLOAD_MALFORMED to a.b.c.d:4500
Jun 3 16:24:36 bhuffman-v2 pluto[2608]: "test" #2: length of ISAKMP
Notification Payload is smaller than minimum
Jun 3 16:24:36 bhuffman-v2 pluto[2608]: "test" #2: malformed payload in
packet
Jun 3 16:24:36 bhuffman-v2 pluto[2608]: | payload malformed after IV
And on the server, the logs start out like this (and then keep repeating
on the retransmit):
6/3/13 4:24:30.667 PM racoon[155]: Connecting.
6/3/13 4:24:30.668 PM racoon[155]: IPSec Phase1 started (Initiated by peer).
6/3/13 4:24:30.669 PM racoon[155]: IKE Packet: receive success.
(Responder, Main-Mode message 1).
6/3/13 4:24:30.670 PM racoon[155]: IKE Packet: transmit success.
(Responder, Main-Mode message 2).
6/3/13 4:24:30.761 PM racoon[155]: IKE Packet: receive success.
(Responder, Main-Mode message 3).
6/3/13 4:24:30.775 PM racoon[155]: IKE Packet: transmit success.
(Responder, Main-Mode message 4).
6/3/13 4:24:30.823 PM racoon[155]: IKEv1 Phase1 AUTH: success.
(Responder, Main-Mode Message 5).
6/3/13 4:24:30.823 PM racoon[155]: IKE Packet: receive success.
(Responder, Main-Mode message 5).
6/3/13 4:24:30.823 PM racoon[155]: IKEv1 Phase1 Responder: success.
(Responder, Main-Mode).
6/3/13 4:24:30.823 PM racoon[155]: IKE Packet: transmit success.
(Responder, Main-Mode message 6).
6/3/13 4:24:30.824 PM racoon[155]: IKE Packet: transmit success.
(Information message).
6/3/13 4:24:30.824 PM racoon[155]: IKEv1 Information-Notice: transmit
success. (ISAKMP-SA).
6/3/13 4:24:30.824 PM racoon[155]: IPSec Phase1 established (Initiated
by peer).
6/3/13 4:24:30.881 PM racoon[155]: Connecting.
6/3/13 4:24:30.881 PM racoon[155]: IPSec Phase2 started (Initiated by peer).
6/3/13 4:24:30.882 PM racoon[155]: IKE Packet: receive success.
(Responder, Quick-Mode message 1).
6/3/13 4:24:30.883 PM racoon[155]: IKE Packet: transmit success.
(Responder, Quick-Mode message 2).
6/3/13 4:24:33.014 PM racoon[155]: IKE Packet: transmit success. (Phase2
Retransmit).
6/3/13 4:24:36.017 PM racoon[155]: IKE Packet: transmit success. (Phase2
Retransmit).
6/3/13 4:24:39.020 PM racoon[155]: IKE Packet: transmit success. (Phase2
Retransmit).
6/3/13 4:24:40.083 PM racoon[155]: Received retransmitted packet from
w.x.y.z[47074].
6/3/13 4:24:42.023 PM racoon[155]: IKE Packet: transmit success. (Phase2
Retransmit).
6/3/13 4:24:45.026 PM racoon[155]: IKE Packet: transmit success. (Phase2
Retransmit).
6/3/13 4:24:48.029 PM racoon[155]: IKE Packet: transmit success. (Phase2
Retransmit).
I've googled for these errors as well as combinations of OSX, OS-X, etc.
and no luck.
Thanks much,
Brian
On 06/03/2013 03:49 PM, Brian C. Huffman wrote:
> All,
>
> I'm having trouble using openswan to connect to a L2TP VPN running on
> an OSX server. I've googled around for this and so far have found
> other people posting issues, but no resolution.
>
> Can anyone tell me if this is possible? And if so, how?
>
> I'm using openswan 2.6.37 on Ubuntu 12.04.
>
> I also have xl2tpd 1.3.1 installed.
>
> Thanks,
> Brian
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list