LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 03-19-2013, 05:38 PM   #1
slokie
LQ Newbie
 
Registered: Oct 2012
Location: Arizona
Distribution: CentOS 5.9
Posts: 7

Rep: Reputation: Disabled
OpenSwan Error when connecting


All,

setting up a server with openswan and I have tested a configuration and get little detail in the logs -

Here's an example of a log received when the connection comes into the server
Quote:
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [RFC 3947] method set to=109
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834: received Vendor ID payload [Dead Peer Detection]
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: Main mode peer ID is ID_IPV4_ADDR: '10.69.xxx.xxx'
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: new NAT mapping for #1, was xxx.xxx.xxx.xxx:20834, now xxx.xxx.xxx.xxx:51460
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 10.69.xxx.xxx/32:17/0
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: responding to Quick Mode proposal {msgid:51573a4a}
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>[+S=C]:17/1701
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: them: xxx.xxx.xxx.xxx[10.69.xxx.xxx,+S=C]:17/61961===10.69.xxx.xxx/32
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 19 13:54:08 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 19 13:54:08 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0714605d <0xe14417ad xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=xxx.xxx.xxx.xxx:51460 DPD=none}
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: received Delete SA(0x0714605d) payload: deleting IPSEC State #2
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: received and ignored informational message
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1: received Delete SA payload: deleting ISAKMP State #1
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx: deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
Mar 19 13:54:28 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:51460: received and ignored informational message
Quote:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.18-348.1.1.el5 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
 
Old 03-21-2013, 03:10 PM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 13,469

Rep: Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800
--- oops --
sorry for the that

Last edited by John VV; 03-27-2013 at 04:24 PM. Reason: fixing a mistake
 
Old 03-27-2013, 02:14 PM   #3
slokie
LQ Newbie
 
Registered: Oct 2012
Location: Arizona
Distribution: CentOS 5.9
Posts: 7

Original Poster
Rep: Reputation: Disabled
We run multiple systems - this one is a CentOS 5.9
[root@vpn02 ~]# cat /etc/redhat-release
CentOS release 5.9 (Final)

OpenSWAN is available in the CentOS side and everything looks correct.
 
Old 03-27-2013, 04:24 PM   #4
John VV
Guru
 
Registered: Aug 2005
Posts: 13,469

Rep: Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800Reputation: 1800
oops

please ignore my post
sorry i read "Openswan" as oneswarm
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help connecting to Cisco ASA with Openswan? Jazsnap Linux - Security 5 12-18-2011 03:31 PM
getting error while connecting to internet harpreetd Linux - Newbie 10 09-04-2009 08:57 AM
getting error while connecting through rsh manoj.linux Linux - Enterprise 1 02-02-2009 11:23 PM
compile error + openswan KaMakani Linux - Software 3 10-06-2005 03:07 AM
Error Connecting to RHN eats85 Red Hat 2 08-30-2003 01:07 PM


All times are GMT -5. The time now is 05:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration