[Openswan Users] Roadwarrior problem
Renzo
reda at logobject.ch
Fri Mar 1 04:30:14 EST 2013
Dear All,
We have a working roadwarrior configuration that we are normally using
by tethering with our mobile phone.
Recently we receive an usb key, Huawei K4605.
The problem is that using the usb key we are not able to connect to the vpn.
We are using the shrewsoft client.
Here the log with the usb key:
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor
ID payload [XAUTH]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-00]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring
unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor
ID payload [RFC 3947] method set to=115
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring Vendor
ID payload [FRAGMENTATION 80000000]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring
unknown Vendor ID payload [f14b94b7bff1fef02773b8c49feded26]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring
unknown Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd8451]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: ignoring
unknown Vendor ID payload [8404adf9cda05760b2ca292e4bff537b]
09:15:48 lofw pluto[8015]: packet from 31.26.164.20:500: received Vendor
ID payload [Cisco-Unity]
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
responding to Main Mode from unknown peer 31.26.164.20
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
STATE_MAIN_R1: sent MR1, expecting MI2
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
detected
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
STATE_MAIN_R2: sent MR2, expecting MI3
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: Main
mode peer ID is ID_IPV4_ADDR: '31.26.164.20'
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: XAUTH:
Sending XAUTH Login/Password Request
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: XAUTH:
Sending Username/Password request (XAUTH_R0)
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
received and ignored informational message
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
XAUTH: Unsupported XAUTH parameter XAUTH-TYPE received.
09:15:48 lofw pluto[8015]: XAUTH: User lonatan: Attempting to login
09:15:48 lofw pluto[8015]: XAUTH: md5 authentication being called to
authenticate user lonatan
09:15:48 lofw pluto[8015]: XAUTH: password file (/etc/ipsec.d/passwd) open.
09:15:48 lofw pluto[8015]: XAUTH: checking user(lonatan:*)
09:15:48 lofw pluto[8015]: XAUTH: User lonatan: Authentication Successful
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: XAUTH:
xauth_inR1(STF_OK)
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
09:15:48 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
09:15:51 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: the
peer proposed: 10.11.1.0/24:0/0 -> 10.11.4.7/32:0/0
09:15:51 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001: cannot
respond to IPsec SA request because no connection is known for
10.11.1.0/24===81.7.230.226[+XS+S=C]...31.26.164.20[+XC+S=C]===10.11.4.7/32
09:15:51 lofw pluto[8015]: "roadwarriors"[14] 31.26.164.20 #1001:
sending encrypted notification INVALID_ID_INFORMATION to 31.26.164.20:500
and here a successful connection with phone tethering:
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received
Vendor ID payload [XAUTH]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring
unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received
Vendor ID payload [RFC 3947] method set to=115
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring
Vendor ID payload [FRAGMENTATION 80000000]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring
unknown Vendor ID payload [f14b94b7bff1fef02773b8c49feded26]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring
unknown Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd8451]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: ignoring
unknown Vendor ID payload [8404adf9cda05760b2ca292e4bff537b]
09:47:04 lofw pluto[8015]: packet from 109.112.87.47:500: received
Vendor ID payload [Cisco-Unity]
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
responding to Main Mode from unknown peer 109.112.87.47
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
STATE_MAIN_R1: sent MR1, expecting MI2
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer
is NATed
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
STATE_MAIN_R2: sent MR2, expecting MI3
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028: Main
mode peer ID is ID_IPV4_ADDR: '192.168.43.78'
09:47:04 lofw pluto[8015]: "roadwarriors"[16] 109.112.87.47 #1028:
switched from "roadwarriors" to "roadwarriors"
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
deleting connection "roadwarriors" instance with peer 109.112.87.47
{isakmp=#0/ipsec=#0}
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: new
NAT mapping for #1028, was 109.112.87.47:500, now 109.112.87.47:4500
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
XAUTH: Sending XAUTH Login/Password Request
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
XAUTH: Sending Username/Password request (XAUTH_R0)
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
received and ignored informational message
09:47:04 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
XAUTH: Unsupported XAUTH parameter XAUTH-TYPE received.
09:47:04 lofw pluto[8015]: XAUTH: User lonatan: Attempting to login
09:47:04 lofw pluto[8015]: XAUTH: md5 authentication being called to
authenticate user lonatan
09:47:04 lofw pluto[8015]: XAUTH: password file (/etc/ipsec.d/passwd) open.
09:47:04 lofw pluto[8015]: XAUTH: checking user(lonatan:*)
09:47:04 lofw pluto[8015]: XAUTH: User lonatan: Authentication Successful
09:47:05 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
XAUTH: xauth_inR1(STF_OK)
09:47:05 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
09:47:05 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1028: the
peer proposed: 10.11.1.0/24:0/0 -> 10.11.4.7/32:0/0
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:
responding to Quick Mode proposal {msgid:5ceb06e0}
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:
us: 0.0.0.0/0===81.7.230.226[+XS+S=C]
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029: them:
109.112.87.47[192.168.43.78,+XC+S=C]===10.11.4.0/24
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
09:47:12 lofw pluto[8015]: "roadwarriors"[17] 109.112.87.47 #1029:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x048aeee1
<0xa7a2ccdb xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=109.112.87.47:4500
DPD=none}
Thanks for any hint
Renzo
More information about the Users
mailing list