IPSEC configuring error :cud anyone help out...?

04-24-2006, 09:39 AM

hi ,
when i tried configuring ipsec between a linux server and winows as
client encountered the following error cud anyone help in giving
solution....?

Apr 24 13:09:05 HASERVER pluto[16934]: packet from 172.20.211.77:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but port floating is off
Apr 24 13:09:05 HASERVER pluto[16934]: packet from 172.20.211.77:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[1]
172.20.211.77 #1: responding to Main Mode from unknown peer
172.20.211.77
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[1]
172.20.211.77 #1: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[1]
172.20.211.77 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[1]
172.20.211.77 #1: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[1]
172.20.211.77 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[1]
172.20.211.77 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, ST=TN,
L=CN, O=sss, OU=ddd, CN=SECURE, E=(E-Mail Removed)'
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: deleting connection "roadwarrior-l2tp" instance with
peer 172.20.211.77 {isakmp=#0/ipsec=#0}
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: I am sending my cert
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: cannot respond to IPsec SA request because no
connection is known for 172.20.211.23[C=US, ST=TN, L=CN, O=sss, OU=IWL,
CN=SECURE, E=(E-Mail Removed)]:1/%any...172.20.211.77[C=US, ST=TN,
L=CN, O=sss, OU=ddd, CN=SECURE, E=(E-Mail Removed)]:1/%any
Apr 24 13:09:06 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: sending encrypted notification INVALID_ID_INFORMATION
to 172.20.211.77:500
Apr 24 13:09:06 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0x9e6bf2ee (perhaps this is a duplicated
packet)
Apr 24 13:09:06 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: sending encrypted notification INVALID_MESSAGE_ID to
172.20.211.77:500
Apr 24 13:09:08 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0x9e6bf2ee (perhaps this is a duplicated
packet)
Apr 24 13:09:08 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: sending encrypted notification INVALID_MESSAGE_ID to
172.20.211.77:500
Apr 24 13:09:12 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0x9e6bf2ee (perhaps this is a duplicated
packet)
Apr 24 13:09:12 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: sending encrypted notification INVALID_MESSAGE_ID to
172.20.211.77:500
Apr 24 13:09:16 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77 #1: received Delete SA payload: deleting ISAKMP State #1
Apr 24 13:09:16 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
172.20.211.77: deleting connection "roadwarrior-l2tp" instance with
peer 172.20.211.77 {isakmp=#0/ipsec=#0}

here is the ipsec.conf file details:

config setup
interfaces=%defaultroute
uniqueids=yes

virtual_private=%v4:10.0.0.0/8,%v4:172.20.211.0/16,%v4:172.20.211.0/12
include /etc/ipsec.d/examples/no_oe.conf
conn roadwarrior-l2tp
type=transport
left=%defaultroute
leftcert=server.pem
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
pfs=no
auto=add

04-24-2006, 02:46 PM

karthicks wrote:
> hi ,
> when i tried configuring ipsec between a linux server and winows as
> client encountered the following error cud anyone help in giving
> solution....?
> Apr 24 13:09:05 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]
> 172.20.211.77 #1: cannot respond to IPsec SA request because no
> connection is known for 172.20.211.23[C=US, ST=TN, L=CN, O=sss, OU=IWL,
> CN=SECURE, E=(E-Mail Removed)]:1/%any...172.20.211.77[C=US, ST=TN,
> L=CN, O=sss, OU=ddd, CN=SECURE, E=(E-Mail Removed)]:1/%any
> Apr 24 13:09:06 HASERVER pluto[16934]: "roadwarrior-l2tp"[2]

Your tunnel parameters what pluto is receiving doesn't match the params
you've setup.

> here is the ipsec.conf file details:
>
>
> config setup
> interfaces=%defaultroute
> uniqueids=yes
>
> virtual_private=%v4:10.0.0.0/8,%v4:172.20.211.0/16,%v4:172.20.211.0/12
> include /etc/ipsec.d/examples/no_oe.conf
> conn roadwarrior-l2tp
> type=transport
> left=%defaultroute
> leftcert=server.pem
> leftprotoport=17/%any
> right=%any
> rightprotoport=17/%any
> pfs=no
> auto=add

try :

leftprotoport=17/1701
rightprotoport=17/1701

instead.

Igmar

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
L2TP IPsec VPN Error 678?	Bruce J	Windows Networking	1	01-10-2008 03:26 PM
Dlink AP error while configuring	rulzwrld@gmail.com	Wireless Internet	5	02-20-2007 06:45 PM
Dlink AP error while configuring	rulzwrld@gmail.com	Wireless Internet	0	02-20-2007 04:32 PM
IPsec configuring	karthicks	Linux Networking	0	05-05-2006 10:33 AM
configuring IPsec...	Drazen	Windows Networking	3	03-01-2004 06:40 PM