[Openswan Users] Roadwarrior problem

Renzo reda at logobject.ch
Fri Mar 1 04:30:14 EST 2013


Dear All,
We have a working roadwarrior configuration that we are normally using 
by tethering  with our mobile phone.
Recently we receive an usb key, Huawei K4605.
The problem is that using the usb key we are not able to connect to the vpn.
We are using the shrewsoft client.

Here the log with the usb key:

09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor 
ID payload [XAUTH]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor 
ID payload [draft-ietf-ipsec-nat-t-ike-00]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring 
unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor 
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor 
ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor 
ID payload [RFC 3947] method set to=115
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring Vendor 
ID payload [FRAGMENTATION 80000000]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring 
unknown Vendor ID payload [f14b94b7bff1fef02773b8c49feded26]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring 
unknown Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd8451]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring 
unknown Vendor ID payload [8404adf9cda05760b2ca292e4bff537b]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor 
ID payload [Cisco-Unity]
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
responding to Main Mode from unknown peer 31.26.164.20
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
STATE_MAIN_R1: sent MR1, expecting MI2
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT 
detected
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
STATE_MAIN_R2: sent MR2, expecting MI3
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: Main 
mode peer ID is ID_IPV4_ADDR: '31.26.164.20'
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp1024}
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: XAUTH: 
Sending XAUTH Login/Password Request
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: XAUTH: 
Sending Username/Password request (XAUTH_R0)
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
received and ignored informational message
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
XAUTH:  Unsupported XAUTH parameter XAUTH-TYPE received.
09:15:48 lofw pluto[8015]: XAUTH: User lonatan: Attempting to login
09:15:48 lofw pluto[8015]: XAUTH: md5 authentication being called to 
authenticate user lonatan
09:15:48 lofw pluto[8015]: XAUTH: password file (/etc/ipsec.d/passwd) open.
09:15:48 lofw pluto[8015]: XAUTH: checking user(lonatan:*)
09:15:48 lofw pluto[8015]: XAUTH: User lonatan: Authentication Successful
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: XAUTH: 
xauth_inR1(STF_OK)
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established
09:15:51 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: the 
peer proposed: 10.11.1.0/24:0/0 -> 10.11.4.7/32:0/0
09:15:51 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: cannot 
respond to IPsec SA request because no connection is known for 
10.11.1.0/24===81.7.230.226[+XS+S=C]...31.26.164.20[+XC+S=C]===10.11.4.7/32
09:15:51 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: 
sending encrypted notification INVALID_ID_INFORMATION to 31.26.164.20:500


and here a successful connection with phone tethering:

09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received 
Vendor ID payload [XAUTH]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring 
unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received 
Vendor ID payload [RFC 3947] method set to=115
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring 
Vendor ID payload [FRAGMENTATION 80000000]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring 
unknown Vendor ID payload [f14b94b7bff1fef02773b8c49feded26]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring 
unknown Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd8451]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring 
unknown Vendor ID payload [8404adf9cda05760b2ca292e4bff537b]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received 
Vendor ID payload [Cisco-Unity]
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
responding to Main Mode from unknown peer 109.112.87.47
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
STATE_MAIN_R1: sent MR1, expecting MI2
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer 
is NATed
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
STATE_MAIN_R2: sent MR2, expecting MI3
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: Main 
mode peer ID is ID_IPV4_ADDR: '192.168.43.78'
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: 
switched from "roadwarriors" to "roadwarriors"
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
deleting connection "roadwarriors" instance with peer 109.112.87.47 
{isakmp=#0/ipsec=#0}
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: new 
NAT mapping for #1028, was 109.112.87.47:500, now 109.112.87.47:4500
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp1024}
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
XAUTH: Sending XAUTH Login/Password Request
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
XAUTH: Sending Username/Password request (XAUTH_R0)
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
received and ignored informational message
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
XAUTH:  Unsupported XAUTH parameter XAUTH-TYPE received.
09:47:04 lofw pluto[8015]: XAUTH: User lonatan: Attempting to login
09:47:04 lofw pluto[8015]: XAUTH: md5 authentication being called to 
authenticate user lonatan
09:47:04 lofw pluto[8015]: XAUTH: password file (/etc/ipsec.d/passwd) open.
09:47:04 lofw pluto[8015]: XAUTH: checking user(lonatan:*)
09:47:04 lofw pluto[8015]: XAUTH: User lonatan: Authentication Successful
09:47:05 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
XAUTH: xauth_inR1(STF_OK)
09:47:05 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
09:47:05 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: the 
peer proposed: 10.11.1.0/24:0/0 -> 10.11.4.7/32:0/0
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: 
responding to Quick Mode proposal {msgid:5ceb06e0}
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:     
us: 0.0.0.0/0===81.7.230.226[+XS+S=C]
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: them: 
109.112.87.47[192.168.43.78,+XC+S=C]===10.11.4.0/24
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: 
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: 
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: 
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: 
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x048aeee1 
<0xa7a2ccdb xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=109.112.87.47:4500 
DPD=none}



Thanks for any hint
Renzo



More information about the Users mailing list