Thread Info
  • State Not Answered
  • Replies 21 replies
  • Subscribers 0 subscribers
  • Views 9918 views
  • Users 0 members are here
Options
Suggested

[8.160][NOTABUG][CLOSED] Error Connecting my IPhone via L2TP

Robert Tausend
Here is the LOG entry,

i don't understand the Problem, other IPSec side-to-side tunnels are working correctly




2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: received Vendor ID payload [RFC 3947]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2011:03:02-12:41:45 firewall-1 pluto[7507]: packet from 89.204.137.83:25648: received Vendor ID payload [Dead Peer Detection]
2011:03:02-12:41:45 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[1] 89.204.137.83:25648 #348: responding to Main Mode from unknown peer 89.204.137.83:25648
2011:03:02-12:41:46 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[1] 89.204.137.83:25648 #348: NAT-Traversal: Result using RFC 3947: both are NATed
2011:03:02-12:41:47 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[1] 89.204.137.83:25648 #348: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2011:03:02-12:41:47 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[1] 89.204.137.83:25648 #348: Peer ID is ID_IPV4_ADDR: '10.175.140.83'
2011:03:02-12:41:47 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:25648 #348: deleting connection "S_REF_FUmZvqyGoc" instance with peer 89.204.137.83 {isakmp=#0/ipsec=#0}
2011:03:02-12:41:47 firewall-1 pluto[7507]: | NAT-T: new mapping 89.204.137.83:25648/6319)
2011:03:02-12:41:47 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sent MR3, ISAKMP SA established
2011:03:02-12:41:48 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: cannot respond to IPsec SA request because no connection is known for 93.104.244.197/32===10.10.251.10:4500[10.10.251.10]:17/1701...89.204.137.83:6319[10.175.140.83]:17/%any==={10.175.140.83/32}
2011:03:02-12:41:48 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_ID_INFORMATION to 89.204.137.83:6319
2011:03:02-12:41:51 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:41:51 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:41:54 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:41:54 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:41:57 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:41:57 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:00 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:42:00 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:03 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:42:03 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:06 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:42:06 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:09 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:42:09 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:12 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:42:12 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:15 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x969be4be (perhaps this is a duplicated packet)
2011:03:02-12:42:15 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: sending encrypted notification INVALID_MESSAGE_ID to 89.204.137.83:6319
2011:03:02-12:42:18 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319 #348: received Delete SA payload: deleting ISAKMP State #348
2011:03:02-12:42:18 firewall-1 pluto[7507]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319: deleting connection "S_REF_FUmZvqyGoc" instance with peer 89.204.137.83 {isakmp=#0/ipsec=#0}
2011:03:02-12:42:18 firewall-2 pluto[10969]: "S_REF_FUmZvqyGoc"[2] 89.204.137.83:6319: deleting connection "S_REF_FUmZvqyGoc" instance with peer 89.204.137.83 {isakmp=#0/ipsec=#0}
2011:03:02-12:42:18 firewall-1 pluto[7507]: ERROR: asynchronous network error report on eth0.251 for message to 89.204.137.83 port 6319, complainant 89.204.137.83: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Parents
  • 0
    this stuff here?



    # L2TP over IPsec
    conn S_REF_FUmZvqyGoc_0
            authby="psk"
            auto="add"
            compress="no"
            esp="3des-md5"
            ike="3des-sha-modp2048"
            ikelifetime="28800"
            keyexchange="ike"
            keyingtries="3"
            keylife="3600"
            left="10.10.251.10"
            leftprotoport="17/1701"
            leftupdown="/usr/libexec/ipsec/updown strict"
            pfs="no"
            rekey="no"
            rekeymargin="540"
            right="0.0.0.0"
            rightid="%any"
            rightprotoport="17/%any"
            rightsubnetwithin="0.0.0.0/0"
            type="transport"

    conn S_REF_FUmZvqyGoc_1
            authby="psk"
            auto="add"
            compress="no"
            esp="3des-md5"
            ike="3des-sha-modp2048"
            ikelifetime="28800"
            keyexchange="ike"
            keyingtries="3"
            keylife="3600"
            left="10.10.251.10"
            leftprotoport="17/0"
            leftupdown="/usr/libexec/ipsec/updown strict"
            pfs="no"
            rekey="no"
            rekeymargin="540"
            right="0.0.0.0"
            rightid="%any"
            rightprotoport="17/%any"
            rightsubnetwithin="0.0.0.0/0"
            type="transport"


     firewall:/root #


    maybe you send me your mailadress by pm?

    Robert
Reply
  • 0
    this stuff here?



    # L2TP over IPsec
    conn S_REF_FUmZvqyGoc_0
            authby="psk"
            auto="add"
            compress="no"
            esp="3des-md5"
            ike="3des-sha-modp2048"
            ikelifetime="28800"
            keyexchange="ike"
            keyingtries="3"
            keylife="3600"
            left="10.10.251.10"
            leftprotoport="17/1701"
            leftupdown="/usr/libexec/ipsec/updown strict"
            pfs="no"
            rekey="no"
            rekeymargin="540"
            right="0.0.0.0"
            rightid="%any"
            rightprotoport="17/%any"
            rightsubnetwithin="0.0.0.0/0"
            type="transport"

    conn S_REF_FUmZvqyGoc_1
            authby="psk"
            auto="add"
            compress="no"
            esp="3des-md5"
            ike="3des-sha-modp2048"
            ikelifetime="28800"
            keyexchange="ike"
            keyingtries="3"
            keylife="3600"
            left="10.10.251.10"
            leftprotoport="17/0"
            leftupdown="/usr/libexec/ipsec/updown strict"
            pfs="no"
            rekey="no"
            rekeymargin="540"
            right="0.0.0.0"
            rightid="%any"
            rightprotoport="17/%any"
            rightsubnetwithin="0.0.0.0/0"
            type="transport"


     firewall:/root #


    maybe you send me your mailadress by pm?

    Robert
Children
No Data
Cookie Information Banner