LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-17-2010, 05:46 AM   #1
skate
Member
 
Registered: Aug 2003
Location: Bulgaria
Distribution: OpenSuse 10.3, Debian 4.0r3 "Etch", FreeBSD 7.1, Ubuntu
Posts: 210

Rep: Reputation: 30
Question IPSec VPN Tunnel Connection Help > .....


Hello, I am getting this error when I try to bring up IPSec Tunnel... Looking for someone help.. Thanks...

Quote:
Starting connection with command /usr/sbin/ipsec auto --up 'paycode-to-vivacom' ..

104 "paycode-to-vivacom" #7: STATE_MAIN_I1: initiate
003 "paycode-to-vivacom" #7: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [FRAGMENTATION c0000000]
106 "paycode-to-vivacom" #7: STATE_MAIN_I2: sent MI2, expecting MR2
003 "paycode-to-vivacom" #7: received Vendor ID payload [Cisco-Unity]
003 "paycode-to-vivacom" #7: received Vendor ID payload [XAUTH]
003 "paycode-to-vivacom" #7: ignoring unknown Vendor ID payload [c5e228ecee81618df6d2cd7eef3b0bb4]
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [Cisco VPN 3000 Series]
003 "paycode-to-vivacom" #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
108 "paycode-to-vivacom" #7: STATE_MAIN_I3: sent MI3, expecting MR3
010 "paycode-to-vivacom" #7: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3
003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3
003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3
010 "paycode-to-vivacom" #7: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "paycode-to-vivacom" #7: next payload type of ISAKMP Hash Payload has an unknown value: 31
003 "paycode-to-vivacom" #7: malformed payload in packet
031 "paycode-to-vivacom" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "paycode-to-vivacom" #7: starting keying attempt 2 of at most 3, but releasing whack

ipsec.conf

Quote:
conn paycode-to-vivacom
auth=esp
authby=secret
auto=start
esp=3des-168
ike=3des-md5
ikelifetime=8h
keyexchange=ike
keyingtries=3
keylife=1h
left=95.43.208.250
leftid=95.43.208.250
leftnexthop=95.43.208.249
pfs=yes
right=212.39.72.21
rightsubnet=10.16.0.0/24
type=tunnel

PLESE, any help or suggestions will be very appreciated!

Connection Configuration >>> http://i48.tinypic.com/1823ba.jpg

Last edited by skate; 02-19-2010 at 12:15 PM.
 
Old 02-17-2010, 04:37 PM   #2
jefro
Guru
 
Registered: Mar 2008
Posts: 11,116

Rep: Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362
Might look at this just in case. http://ubuntuforums.org/showthread.php?t=527423

In a very old version there was a known bug about that. Latest packages?
 
Old 02-19-2010, 12:14 PM   #3
skate
Member
 
Registered: Aug 2003
Location: Bulgaria
Distribution: OpenSuse 10.3, Debian 4.0r3 "Etch", FreeBSD 7.1, Ubuntu
Posts: 210

Original Poster
Rep: Reputation: 30
I figured that out already, now I have another problem >

Quote:
Starting connection with command /usr/sbin/ipsec auto --up 'paycode-to-vivacom' ..

104 "paycode-to-vivacom" #7: STATE_MAIN_I1: initiate
003 "paycode-to-vivacom" #7: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [FRAGMENTATION c0000000]
106 "paycode-to-vivacom" #7: STATE_MAIN_I2: sent MI2, expecting MR2
003 "paycode-to-vivacom" #7: received Vendor ID payload [Cisco-Unity]
003 "paycode-to-vivacom" #7: received Vendor ID payload [XAUTH]
003 "paycode-to-vivacom" #7: ignoring unknown Vendor ID payload [c5e228ecee81618df6d2cd7eef3b0bb4]
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [Cisco VPN 3000 Series]
003 "paycode-to-vivacom" #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
108 "paycode-to-vivacom" #7: STATE_MAIN_I3: sent MI3, expecting MR3
010 "paycode-to-vivacom" #7: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3
003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3
003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3
010 "paycode-to-vivacom" #7: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "paycode-to-vivacom" #7: next payload type of ISAKMP Hash Payload has an unknown value: 31
003 "paycode-to-vivacom" #7: malformed payload in packet
031 "paycode-to-vivacom" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "paycode-to-vivacom" #7: starting keying attempt 2 of at most 3, but releasing whack


ipsec.conf

Quote:
conn paycode-to-vivacom
auth=esp
authby=secret
auto=start
esp=3des-168
ike=3des-md5
ikelifetime=8h
keyexchange=ike
keyingtries=3
keylife=1h
left=95.43.208.250
leftid=95.43.208.250
leftnexthop=95.43.208.249
pfs=yes
right=212.39.72.21
rightsubnet=10.16.0.0/24
type=tunnel

PLESE, any help or suggestions will be very appreciated!
 
Old 03-09-2010, 02:09 PM   #4
cecolong
LQ Newbie
 
Registered: Mar 2010
Posts: 5

Rep: Reputation: 0
I am having the same problem. Did anyone solve this problem?
 
Old 03-09-2010, 02:10 PM   #5
cecolong
LQ Newbie
 
Registered: Mar 2010
Posts: 5

Rep: Reputation: 0
The log is

002 "L2TP-PSK-CLIENT" #1: initiating Main Mode
104 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I1: initiate
003 "L2TP-PSK-CLIENT" #1: received Vendor ID payload [Openswan (this version) 2.4.9 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "L2TP-PSK-CLIENT" #1: received Vendor ID payload [Dead Peer Detection]
003 "L2TP-PSK-CLIENT" #1: received Vendor ID payload [RFC 3947] method set to=110
002 "L2TP-PSK-CLIENT" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "L2TP-PSK-CLIENT" #1: I did not send a certificate because I do not have one.
003 "L2TP-PSK-CLIENT" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
002 "L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "L2TP-PSK-CLIENT" #1: received 1 malformed payload notifies
010 "L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
002 "L2TP-PSK-CLIENT" #1: received 2 malformed payload notifies
003 "L2TP-PSK-CLIENT" #1: discarding duplicate packet; already STATE_MAIN_I3
 
Old 07-28-2011, 07:05 AM   #6
lac8
LQ Newbie
 
Registered: Nov 2004
Posts: 4

Rep: Reputation: 0
I have the exact same problem as cecolong does.

skate, I'm glad that you could solve the first issue about this, but I'd really appreciate if you could share the solution with us who are stuck at that phase.
 
Old 07-28-2011, 09:08 AM   #7
skate
Member
 
Registered: Aug 2003
Location: Bulgaria
Distribution: OpenSuse 10.3, Debian 4.0r3 "Etch", FreeBSD 7.1, Ubuntu
Posts: 210

Original Poster
Rep: Reputation: 30
Wink

Quote:
Originally Posted by lac8 View Post
I have the exact same problem as cecolong does.

skate, I'm glad that you could solve the first issue about this, but I'd really appreciate if you could share the solution with us who are stuck at that phase.

Make sure that the other side has your right configuration and you as well. I will send you message with my ipsec.conf. Let me know whats yours. Thank you.

PS: I am unable to send you private message.

Last edited by skate; 07-28-2011 at 09:09 AM.
 
Old 07-28-2011, 09:46 AM   #8
lac8
LQ Newbie
 
Registered: Nov 2004
Posts: 4

Rep: Reputation: 0
Thanks for the quick reply! Right now that's how my ipsec.conf looks like:

config setup
nat_traversal=yes
protostack=netkey
interfaces=%defaultroute
#plutodebug=all

conn sonicwall
#modecfgclient=yes
#modecfgpull=yes
#compress=yes
#leftsendcert=always
#fragicmp=yes
type=tunnel
left=%defaultroute
#left=10.66.67.10
#leftsubnet=10.66.67.0/24 # Your local subnet, eg: 192.168.0.0/24
leftid=@myvpn
#leftxauthclient=yes
right=vpn.company.net
#rightmodecfgserver=yes
rightsubnet=72.9.41.0/25 # The subnet at the router end, eg: 192.168.2.0/24
#rightxauthserver=yes
rightid=@company # This must be the Unique ID of the SonicWALL router
#keyingtries=0
pfs=no
aggrmode=no
keyexchange=ike
auto=add
auth=esp
esp=3des-sha1
ike=3des-sha1-modp1024
authby=secret

And that's what happens upon trying to establish connection:

002 listening for IKE messages
003 NAT-Traversal: Trying new style NAT-T
003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
003 NAT-Traversal: Trying old style NAT-T
002 adding interface ppp0/ppp0 172.16.12.110:500
002 adding interface ppp0/ppp0 172.16.12.110:4500
002 adding interface eth0/eth0 10.66.67.10:500
002 adding interface eth0/eth0 10.66.67.10:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/var/lib/openswan/ipsec.secrets.inc"
002 loaded private key file '/etc/ipsec.d/private/nitehawkKey.pem' (1679 bytes)
002 loaded private key for keyid: PPK_RSA:AwEAAdeSE
002 "sonicwall" #1: initiating Main Mode
104 "sonicwall" #1: STATE_MAIN_I1: initiate
003 "sonicwall" #1: ignoring unknown Vendor ID payload [5b362bc820f60007]
003 "sonicwall" #1: received Vendor ID payload [RFC 3947] method set to=109
002 "sonicwall" #1: enabling possible NAT-traversal with method 4
002 "sonicwall" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "sonicwall" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sonicwall" #1: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
003 "sonicwall" #1: received Vendor ID payload [XAUTH]
003 "sonicwall" #1: received Vendor ID payload [Dead Peer Detection]
003 "sonicwall" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
002 "sonicwall" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "sonicwall" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "sonicwall" #1: received 1 malformed payload notifies
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
002 "sonicwall" #1: received 2 malformed payload notifies
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "sonicwall" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
002 "sonicwall" #1: received 3 malformed payload notifies
003 "sonicwall" #1: discarding duplicate packet; already STATE_MAIN_I3
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Establishing a VPN connection (host to host) using IPSec services adithya24 Linux - Networking 9 06-10-2009 08:44 AM
Dynamic IP VPN between IpSec(OpenBSD) and Linux VPN software Peter_APIIT Linux - Server 2 04-09-2008 05:08 AM
Can I Route Specific Addresses Through an IPSec VPN Tunnel? strick1226 Linux - Networking 3 12-15-2005 08:30 AM
creating a vpn tunnel to windows 2003 machine with ISA2003 using IPSec from RHES 3.0 gauravjee Linux - Networking 0 08-26-2004 06:05 AM
Linux VPN - IPSEC connection for client? jon3k Linux - Networking 2 12-08-2003 12:47 AM


All times are GMT -5. The time now is 08:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration