This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem connection from IPhone to Astaro via L2TP

Hi all,

i have a strange Problem connecting from my iphone or a normal windows PC via L2TP to my Astaro.

I have the following i-net connection: FritzBox7270 who makes NAT and forwards all to my Astaro V8.1. Connections via S-to-S IPSec works without any problem, initiated by my firewall or the opposite, both works great.

I get the following messages in the log:

2011:02:07-12:47:05 firewall-1 pluto[18445]: Changing to directory '/etc/ipsec.d/crls'
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: received Vendor ID payload [RFC 3947]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2011:02:07-12:47:58 firewall-1 pluto[18445]: packet from 89.204.153.112:17123: received Vendor ID payload [Dead Peer Detection]
2011:02:07-12:47:58 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[1] 89.204.153.112:17123 #878: responding to Main Mode from unknown peer 89.204.153.112:17123
2011:02:07-12:47:59 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[1] 89.204.153.112:17123 #878: NAT-Traversal: Result using RFC 3947: both are NATed
2011:02:07-12:48:00 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[1] 89.204.153.112:17123 #878: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2011:02:07-12:48:00 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[1] 89.204.153.112:17123 #878: Peer ID is ID_IPV4_ADDR: '10.159.217.240'
2011:02:07-12:48:00 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:17123 #878: deleting connection "S_REF_FUmZvqyGoc" instance with peer 89.204.153.112 {isakmp=#0/ipsec=#0}
2011:02:07-12:48:00 firewall-1 pluto[18445]: | NAT-T: new mapping 89.204.153.112:17123/11086)
2011:02:07-12:48:00 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sent MR3, ISAKMP SA established
2011:02:07-12:48:02 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: cannot respond to IPsec SA request because no connection is known for 93.104.244.197/32===10.10.251.10:4500[10.10.251.10]:17/1701...89.204.153.112:11086[10.159.217.240]:17/%any==={10.159.217.240/32}
2011:02:07-12:48:02 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_ID_INFORMATION to 89.204.153.112:11086
2011:02:07-12:48:05 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:05 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:08 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:08 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:11 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:11 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:14 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:14 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:17 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:17 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:20 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:20 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:23 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:23 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:26 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:26 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:29 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4e199fd0 (perhaps this is a duplicated packet)
2011:02:07-12:48:29 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: sending encrypted notification INVALID_MESSAGE_ID to 89.204.153.112:11086
2011:02:07-12:48:32 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086 #878: received Delete SA payload: deleting ISAKMP State #878
2011:02:07-12:48:32 firewall-1 pluto[18445]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086: deleting connection "S_REF_FUmZvqyGoc" instance with peer 89.204.153.112 {isakmp=#0/ipsec=#0}
2011:02:07-12:45:43 firewall-2 pluto[7401]: "S_REF_FUmZvqyGoc"[2] 89.204.153.112:11086: deleting connection "S_REF_FUmZvqyGoc" instance with peer 89.204.153.112 {isakmp=#0/ipsec=#0}
2011:02:07-12:48:32 firewall-1 pluto[18445]: ERROR: asynchronous network error report on eth0.251 for message to 89.204.153.112 port 11086, complainant 89.204.153.112: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

can anyone maybe help?

Robert

This thread was automatically locked due to age.