LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   OpenSwan Error when connecting (https://www.linuxquestions.org/questions/linux-server-73/openswan-error-when-connecting-4175454753/)

slokie 03-19-2013 04:38 PM

OpenSwan Error when connecting
 
All,

setting up a server with openswan and I have tested a configuration and get little detail in the logs -

Here's an example of a log received when the connection comes into the server
Quote:

Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [RFC 3947] method set to=109
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [Dead Peer Detection]
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: Main mode peer ID is ID_IPV4_ADDR: '10.69.xxx.xxx'
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: new NAT mapping for #1, was xxx.xxx.xxx.xxx:20834, now xxx.xxx.xxx.xxx:51460
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 10.69.xxx.xxx/32:17/0
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: responding to Quick Mode proposal {msgid:51573a4a}
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>[+S=C]:17/1701
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: them: xxx.xxx.xxx.xxx[10.69.xxx.xxx,+S=C]:17/61961===10.69.xxx.xxx/32
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 19 13:54:08 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 19 13:54:08 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0714605d <0xe14417ad xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=xxx.xxx.xxx.xxx:51460 DPD=none}
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: received Delete SA(0x0714605d) payload: deleting IPSEC State #2
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: received and ignored informational message
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: received Delete SA payload: deleting ISAKMP State #1
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx: deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
Mar 19 13:54:28 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:51460: received and ignored informational message
Quote:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.18-348.1.1.el5 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]

John VV 03-21-2013 02:10 PM

--- oops --
sorry for the that

slokie 03-27-2013 01:14 PM

We run multiple systems - this one is a CentOS 5.9
[root@vpn02 ~]# cat /etc/redhat-release
CentOS release 5.9 (Final)

OpenSWAN is available in the CentOS side and everything looks correct.

John VV 03-27-2013 03:24 PM

oops

please ignore my post
sorry i read "Openswan" as oneswarm


All times are GMT -5. The time now is 04:55 AM.