Bug #793559 “iPad IPSEC Reconnect Failure” : Bugs : openswan package : Ubuntu

Revision history for this message

Akagi (akagi010) wrote on 2011-06-06:

#1

/etc/ipsec.conf

config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey

include /etc/ipsec.d/l2tp-psk.conf

Revision history for this message

Akagi (akagi010) wrote on 2011-06-06:

#2

/etc/ipsec.d/l2tp-psk.conf:

conn L2TP-PSK-NAT
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        rekey=no
        ikelifetime=8h
        keylife=1h
        type=transport
        left=192.168.0.108
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        forceencaps=yes
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear

conn passthrough-for-non-l2tp
        type=passthrough
        left=192.168.0.108
        leftnexthop=%defaultroute
        right=0.0.0.0
        rightsubnet=0.0.0.0/0
        auto=route

Revision history for this message

Akagi (akagi010) wrote on 2011-06-06:

#3

/etc/ipsec.secrets:

%any : PSK "secret"

Revision history for this message

Akagi (akagi010) wrote on 2011-06-06:

#4

Download full text (4.2 KiB)

/var/log/daemon.log:

# Startup of OpenSwan:

Jun 6 15:54:43 neptun ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.32-31-generic...
Jun 6 15:54:43 neptun ipsec_setup: Using NETKEY(XFRM) stack
Jun 6 15:54:43 neptun ipsec_setup: ...Openswan IPsec started
Jun 6 15:54:43 neptun ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jun 6 15:54:43 neptun ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Jun 6 15:54:43 neptun ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
Jun 6 15:54:43 neptun ipsec__plutorun: 002 added connection description "passthrough-for-non-l2tp"
Jun 6 15:54:43 neptun ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
Jun 6 15:54:43 neptun ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Jun 6 15:54:43 neptun ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T

# 1. Login

Jun 6 15:55:45 neptun xl2tpd[32645]: control_finish: Peer requested tunnel 39 twice, ignoring second one.
Jun 6 15:55:45 neptun xl2tpd[32645]: Connection established to 91.57.150.43, 61418. Local: 54033, Remote: 39 (ref=0/0). LNS session is 'default'
Jun 6 15:55:45 neptun xl2tpd[32645]: start_pppd: I'm running:
Jun 6 15:55:45 neptun xl2tpd[32645]: "/usr/sbin/pppd"
Jun 6 15:55:45 neptun xl2tpd[32645]: "passive"
Jun 6 15:55:45 neptun xl2tpd[32645]: "nodetach"
Jun 6 15:55:45 neptun xl2tpd[32645]: "192.168.0.59:192.168.0.60"
Jun 6 15:55:45 neptun xl2tpd[32645]: "refuse-pap"
Jun 6 15:55:45 neptun xl2tpd[32645]: "auth"
Jun 6 15:55:45 neptun xl2tpd[32645]: "require-chap"
Jun 6 15:55:45 neptun xl2tpd[32645]: "name"
Jun 6 15:55:45 neptun xl2tpd[32645]: "..."
Jun 6 15:55:45 neptun xl2tpd[32645]: "debug"
Jun 6 15:55:45 neptun xl2tpd[32645]: "file"
Jun 6 15:55:45 neptun xl2tpd[32645]: "/etc/ppp/options.l2tpd"
Jun 6 15:55:45 neptun xl2tpd[32645]: "/dev/pts/1"
Jun 6 15:55:45 neptun xl2tpd[32645]: Call established with 91.57.150.43, Local: 39085, Remote: 18245, Serial: 1
Jun 6 15:55:45 neptun NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jun 6 15:55:45 neptun NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.

# 1. Logoff

Jun 6 15:56:21 neptun xl2tpd[32645]: result_code_avp: result code out of range (768 0 14). Ignoring.
Jun 6 15:56:21 neptun xl2tpd[32645]: control_finish: Peer tried to disconnect without specifying result code.
Jun 6 15:56:21 neptun xl2tpd[32645]: result_code_avp: result code out of range (256 0 14). Ignoring.
Jun 6 15:56:21 neptun xl2tpd[32645]: control_finish: Peer tried to disconnect without specifying result code.
Jun 6 15:56:24 neptun NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jun 6 15:56:24 neptun xl2tpd[32645]: child_handler : pppd exited for call 18245 with code 16
Jun 6 15:56:24 neptun xl2tpd[32645]: call_close: Call 39085 to 91.57.150.43 disconnected
Jun 6 15:56:29 neptun xl2tpd[32645]: Maximum retries exceeded for tunnel 54033. Closing.
Jun 6 15:56:45 neptun xl2tpd[32645]: Terminating...

/var/log/daemon.log:

# Startup of OpenSwan:

Jun  6 15:54:43 neptun ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.32-31-generic...
Jun  6 15:54:43 neptun ipsec_setup: Using NETKEY(XFRM) stack
Jun  6 15:54:43 neptun ipsec_setup: ...Openswan IPsec started
Jun  6 15:54:43 neptun ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jun  6 15:54:43 neptun ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Jun  6 15:54:43 neptun ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
Jun  6 15:54:43 neptun ipsec__plutorun: 002 added connection description "passthrough-for-non-l2tp"
Jun  6 15:54:43 neptun ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
Jun  6 15:54:43 neptun ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Jun  6 15:54:43 neptun ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T

# 1. Login

Jun  6 15:55:45 neptun xl2tpd[32645]: control_finish: Peer requested tunnel 39 twice, ignoring second one.
Jun  6 15:55:45 neptun xl2tpd[32645]: Connection established to 91.57.150.43, 61418.  Local: 54033, Remote: 39 (ref=0/0).  LNS session is 'default'
Jun  6 15:55:45 neptun xl2tpd[32645]: start_pppd: I'm running: 
Jun  6 15:55:45 neptun xl2tpd[32645]: "/usr/sbin/pppd" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "passive" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "nodetach" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "192.168.0.59:192.168.0.60" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "refuse-pap" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "auth" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "require-chap" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "name" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "..." 
Jun  6 15:55:45 neptun xl2tpd[32645]: "debug" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "file" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "/etc/ppp/options.l2tpd" 
Jun  6 15:55:45 neptun xl2tpd[32645]: "/dev/pts/1" 
Jun  6 15:55:45 neptun xl2tpd[32645]: Call established with 91.57.150.43, Local: 39085, Remote: 18245, Serial: 1
Jun  6 15:55:45 neptun NetworkManager:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jun  6 15:55:45 neptun NetworkManager:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.

# 1. Logoff

Jun  6 15:56:21 neptun xl2tpd[32645]: result_code_avp: result code out of range (768 0 14).  Ignoring.
Jun  6 15:56:21 neptun xl2tpd[32645]: control_finish: Peer tried to disconnect without specifying result code.
Jun  6 15:56:21 neptun xl2tpd[32645]: result_code_avp: result code out of range (256 0 14).  Ignoring.
Jun  6 15:56:21 neptun xl2tpd[32645]: control_finish: Peer tried to disconnect without specifying result code.
Jun  6 15:56:24 neptun NetworkManager:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jun  6 15:56:24 neptun xl2tpd[32645]: child_handler : pppd exited for call 18245 with code 16
Jun  6 15:56:24 neptun xl2tpd[32645]: call_close: Call 39085 to 91.57.150.43 disconnected
Jun  6 15:56:29 neptun xl2tpd[32645]: Maximum retries exceeded for tunnel 54033.  Closing.
Jun  6 15:56:45 neptun xl2tpd[32645]: Terminating pppd: sending TERM signal to pid 1502
Jun  6 15:56:45 neptun xl2tpd[32645]: pppd 1502 successfully terminated

# 2. Login

Jun  6 15:56:45 neptun xl2tpd[32645]: Connection 39 closed to 91.57.150.43, port 61418 (Timeout)
Jun  6 15:56:50 neptun xl2tpd[32645]: Unable to deliver closing message for tunnel 54033. Destroying anyway.
Jun  6 15:57:20 neptun xl2tpd[32645]: control_finish: Peer requested tunnel 40 twice, ignoring second one.
Jun  6 15:57:25 neptun xl2tpd[32645]: last message repeated 2 times
Jun  6 15:57:25 neptun xl2tpd[32645]: Maximum retries exceeded for tunnel 57069.  Closing.
Jun  6 15:57:29 neptun xl2tpd[32645]: control_finish: Peer requested tunnel 40 twice, ignoring second one.
Jun  6 15:57:29 neptun xl2tpd[32645]: Connection 40 closed to 91.57.150.43, port 56832 (Timeout)
Jun  6 15:57:33 neptun xl2tpd[32645]: control_finish: Peer requested tunnel 40 twice, ignoring second one.
Jun  6 15:57:34 neptun xl2tpd[32645]: Unable to deliver closing message for tunnel 57069. Destroying anyway.
Jun  6 15:57:37 neptun xl2tpd[32645]: control_finish: Peer requested tunnel 40 twice, ignoring second one.

Revision history for this message

Akagi (akagi010) wrote on 2011-06-06:

#5

Download full text (16.2 KiB)

/var/log/auth.log:

# Startup of OpenSwan:

Jun 6 15:54:43 neptun pluto[1426]: Starting Pluto (Openswan Version 2.6.23; Vendor ID OEm@kgSFEH@\177) pid:1426
Jun 6 15:54:43 neptun pluto[1426]: Setting NAT-Traversal port-4500 floating to on
Jun 6 15:54:43 neptun pluto[1426]: port floating activation criteria nat_t=1/port_float=1Jun 6 15:54:43 neptun pluto[1426]: including NAT-Traversal patch (Version 0.6c)
Jun 6 15:54:43 neptun pluto[1426]: using /dev/urandom as source of random entropyJun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jun 6 15:54:43 neptun pluto[1426]: starting up 1 cryptographic helpers
Jun 6 15:54:43 neptun pluto[1426]: started helper pid=1429 (fd:7)Jun 6 15:54:43 neptun pluto[1426]: Using Linux 2.6 IPsec interface code on 2.6.32-31-generic (experimental code)
Jun 6 15:54:43 neptun pluto[1429]: using /dev/urandom as source of random entropy
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already existsJun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Jun 6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Jun 6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun 6 15:54:43 neptun pluto[1426...

/var/log/auth.log:

# Startup of OpenSwan:

Jun  6 15:54:43 neptun pluto[1426]: Starting Pluto (Openswan Version 2.6.23; Vendor ID OEm@kgSFEH@\177) pid:1426
Jun  6 15:54:43 neptun pluto[1426]: Setting NAT-Traversal port-4500 floating to on
Jun  6 15:54:43 neptun pluto[1426]:    port floating activation criteria nat_t=1/port_float=1Jun  6 15:54:43 neptun pluto[1426]:    including NAT-Traversal patch (Version 0.6c)
Jun  6 15:54:43 neptun pluto[1426]: using /dev/urandom as source of random entropyJun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jun  6 15:54:43 neptun pluto[1426]: starting up 1 cryptographic helpers
Jun  6 15:54:43 neptun pluto[1426]: started helper pid=1429 (fd:7)Jun  6 15:54:43 neptun pluto[1426]: Using Linux 2.6 IPsec interface code on 2.6.32-31-generic (experimental code)
Jun  6 15:54:43 neptun pluto[1429]: using /dev/urandom as source of random entropy
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already existsJun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_add(): ERROR: Algorithm already exists
Jun  6 15:54:43 neptun pluto[1426]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jun  6 15:54:43 neptun pluto[1426]: Changed path to directory '/etc/ipsec.d/cacerts'
Jun  6 15:54:43 neptun pluto[1426]: Changed path to directory '/etc/ipsec.d/aacerts'
Jun  6 15:54:43 neptun pluto[1426]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Jun  6 15:54:43 neptun pluto[1426]: Changing to directory '/etc/ipsec.d/crls'
Jun  6 15:54:43 neptun pluto[1426]:   Warning: empty directory
Jun  6 15:54:43 neptun pluto[1426]: added connection description "L2TP-PSK-NAT"
Jun  6 15:54:43 neptun pluto[1426]: added connection description "L2TP-PSK-noNAT"
Jun  6 15:54:43 neptun pluto[1426]: added connection description "passthrough-for-non-l2tp"
Jun  6 15:54:43 neptun pluto[1426]: listening for IKE messages
Jun  6 15:54:43 neptun pluto[1426]: NAT-Traversal: Trying new style NAT-T
Jun  6 15:54:43 neptun pluto[1426]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Jun  6 15:54:43 neptun pluto[1426]: NAT-Traversal: Trying old style NAT-T
Jun  6 15:54:43 neptun pluto[1426]: adding interface tun0/tun0 10.8.0.1:500
Jun  6 15:54:43 neptun pluto[1426]: adding interface tun0/tun0 10.8.0.1:4500
Jun  6 15:54:43 neptun pluto[1426]: adding interface eth0/eth0 192.168.0.108:500
Jun  6 15:54:43 neptun pluto[1426]: adding interface eth0/eth0 192.168.0.108:4500
Jun  6 15:54:43 neptun pluto[1426]: adding interface lo/lo 127.0.0.1:500
Jun  6 15:54:43 neptun pluto[1426]: adding interface lo/lo 127.0.0.1:4500
Jun  6 15:54:43 neptun pluto[1426]: adding interface lo/lo ::1:500
Jun  6 15:54:43 neptun pluto[1426]: loading secrets from "/etc/ipsec.secrets"

# 1. Login:

Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [RFC 3947] method set to=109 
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Jun  6 15:55:41 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [Dead Peer Detection]
Jun  6 15:55:41 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: responding to Main Mode from unknown peer 91.57.150.43
Jun  6 15:55:41 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun  6 15:55:41 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: Main mode peer ID is ID_IPV4_ADDR: '10.10.10.111'
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[1] 91.57.150.43 #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: deleting connection "L2TP-PSK-NAT" instance with peer 91.57.150.43 {isakmp=#0/ipsec=#0}
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: new NAT mapping for #1, was 91.57.150.43:500, now 91.57.150.43:4500
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Jun  6 15:55:42 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: Dead Peer Detection (RFC 3706): enabled
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: the peer proposed: 89.0.47.206/32:17/1701 -> 10.10.10.111/32:17/0
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2: responding to Quick Mode proposal {msgid:020a7080}
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2:     us: 192.168.0.108<192.168.0.108>[+S=C]:17/1701---192.168.0.1
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2:   them: 91.57.150.43[10.10.10.111,+S=C]:17/61418
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2: Dead Peer Detection (RFC 3706): enabled
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun  6 15:55:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x069b6d07 <0x4534cd5a xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=91.57.150.43:4500 DPD=enabled}

# 2. Login:

Jun  6 15:56:43 neptun pluto[1426]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 91.57.150.43 port 4500, complainant 91.57.150.43: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Jun  6 15:57:13 neptun pluto[1426]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 91.57.150.43 port 4500, complainant 91.57.150.43: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [RFC 3947] method set to=109 
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Jun  6 15:57:17 neptun pluto[1426]: packet from 91.57.150.43:500: received Vendor ID payload [Dead Peer Detection]
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: responding to Main Mode from unknown peer 91.57.150.43
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: Main mode peer ID is ID_IPV4_ADDR: '10.10.10.111'
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: new NAT mapping for #3, was 91.57.150.43:500, now 91.57.150.43:4500
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Jun  6 15:57:17 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: Dead Peer Detection (RFC 3706): enabled
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #3: the peer proposed: 89.0.47.206/32:17/1701 -> 10.10.10.111/32:17/61418
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: responding to Quick Mode proposal {msgid:6c2ebcb0}
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4:     us: 192.168.0.108<192.168.0.108>[+S=C]:17/1701---192.168.0.1
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4:   them: 91.57.150.43[10.10.10.111,+S=C]:17/61418
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: keeping refhim=4294901761 during rekey
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: Dead Peer Detection (RFC 3706): enabled
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun  6 15:57:18 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0c47ac30 <0xb87c81ae xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=91.57.150.43:4500 DPD=enabled}
Jun  6 15:57:43 neptun pluto[1426]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 91.57.150.43 port 4500, complainant 91.57.150.43: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Jun  6 15:58:14 neptun pluto[1426]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 91.57.150.43 port 4500, complainant 91.57.150.43: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: DPD: No response from peer - declaring peer dead
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43 #1: DPD: Clearing Connection
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT" #2: deleting state (STATE_QUICK_R2)
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT" #1: deleting state (STATE_MAIN_R3)
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT" #4: deleting state (STATE_QUICK_R2)
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT" #4: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@192.168.0.108 was too long: 168 > 36
Jun  6 15:58:43 neptun pluto[1426]: | raw_eroute result=0 
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT" #3: deleting state (STATE_MAIN_R3)
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT"[2] 91.57.150.43: deleting connection "L2TP-PSK-NAT" instance with peer 91.57.150.43 {isakmp=#0/ipsec=#0}
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT": netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36
Jun  6 15:58:43 neptun pluto[1426]: "L2TP-PSK-NAT": netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36
Jun  6 15:58:43 neptun pluto[1426]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 91.57.150.43 port 4500, complainant 91.57.150.43: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

Revision history for this message

Akagi (akagi010) wrote on 2011-06-06:

#6

I forgot: I use an Ubuntu 10.04 Netbook Edition.

The OpenSwan version is: 2.6.23+dfsg-1ubuntu1

Revision history for this message

Harald Jenny (harald-a-little-linux-box) wrote on 2012-01-15:

#7

Dear bug reporter,

as the Ipad does not send any IPSec delete notify messages how long did you wait between the connection tries?

Kind regards
Harald Jenny

Ubuntu
openswan package

iPad IPSEC Reconnect Failure

Bug Description

Other bug subscribers

Remote bug watches

Ubuntuopenswan package

iPad IPSEC Reconnect Failure

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
openswan package