[Openswan Users] configure ipsec vpn server for phone with openswan mode

Jiapeng myname_jiapeng at 163.com
Mon Sep 28 23:21:26 EDT 2015 

Hi,all


     I want to configue a vpn server for my phones(android and ios) with openswan roadwarrior mode, but now I have an  error as below:




Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [RFC 3947] method set to=109 
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [XAUTH]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [Cisco-Unity]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Sep 29 11:09:52 localhost pluto[20545]: packet from 10.5.6.231:500: received Vendor ID payload [Dead Peer Detection]
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: responding to Main Mode
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: Main mode peer ID is ID_IPV4_ADDR: '10.5.6.231'
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: new NAT mapping for #2, was 10.5.6.231:500, now 10.5.6.231:4500
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: Sending XAUTH Login/Password Request
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: Sending Username/Password request (XAUTH_R0)
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: User test: Attempting to login
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: md5 authentication being called to authenticate user test
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: password file (/etc/ipsec.d/passwd) open.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: checking user(test:road) 
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: User test: Authentication Successful
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: XAUTH: xauth_inR1(STF_OK)
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute INTERNAL_ADDRESS_EXPIRY received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute APPLICATION_VERSION received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_BANNER received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_DEF_DOMAIN received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_SPLIT_DNS received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_SPLIT_INC received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_UNKNOWN received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_DO_PFS received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_SAVE_PW received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_FW_TYPE received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: unsupported mode cfg attribute CISCO_BACKUP_SERVER received.
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: modecfg_inR0(STF_OK)
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: transition from state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: the peer proposed: 0.0.0.0/0:0/0 -> 10.5.6.231/32:0/0
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===10.5.4.222<10.5.4.222>[MS+XS+S=C]...10.5.6.231<10.5.6.231>[+MC+XC+S=C]
Sep 29 11:09:52 localhost pluto[20545]: "road" #2: no Phase1 state for Quick mode notification
Sep 29 11:09:55 localhost pluto[20545]: "road" #2: the peer proposed: 0.0.0.0/0:0/0 -> 10.5.6.231/32:0/0
Sep 29 11:09:55 localhost pluto[20545]: "road" #2: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===10.5.4.222<10.5.4.222>[MS+XS+S=C]...10.5.6.231<10.5.6.231>[+MC+XC+S=C]
Sep 29 11:09:55 localhost pluto[20545]: "road" #2: no Phase1 state for Quick mode notification


my ipsec.conf is like this:


config setup
        dumpdir=/var/run/pluto/
        nat_traversal=yes
        oe=off
        protostack=netkey
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10


conn road
        authby=secret
        auto=add
        modecfgpull=yes
        pfs=no
        rekey=no
        type=tunnel


        left=10.5.4.222
        leftmodecfgserver=yes
        leftxauthserver=yes
        right=%any
        rightxauthclient=yes
        rightmodecfgclient=yes




Can anybody tell me what the problem is ?  Thanks,very much.
    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150929/d319224e/attachment-0001.html>

More information about the Users mailing list