[strongSwan] problem with windows 7 and l2tp/ipsec with x509 certificate

Sat, 26 Sep 2009 09:50:00 -0700 

Hi all,

windows 7 doesn't work (all others os works xp, 200x, linux,cisco etc) 
with my vpn server:

# OS: CentOS 5.3
# software: strongswan-4.3.4

config setup
         interfaces=%defaultroute
         nat_traversal=yes
         klipsdebug=all
         dumpdir=/tmp
         overridemtu=1400
         hidetos=yes
         uniqueids=yes
         fragicmp=no
         keep_alive=5
         plutostart=yes
         charonstart=no

conn %default
         keyingtries=%forever
         authby=rsasig
         leftrsasigkey=%cert
         rightrsasigkey=%cert
         left=%defaultroute
         leftcert=vpngw-cert.pem
         pfs=no
....
conn roadwarrior
         leftprotoport=17/1701
         right=%any
         rightprotoport=17/%any
         rightsubnet=vhost:%no,%priv # serve per i client nattati
         keyingtries=3
         dpdaction=clear # RFC 3706 Dead Peer Detection
         auto=add

the log file:

Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 0
0000008]
Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
received Vendor ID payload [RFC 3947]
Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-
t-ike-02_n]
Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
ignoring Vendor ID payload [FRAGMENTATION]
Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
ignoring Vendor ID payload [MS-Negotiation Discov
ery Capable]
Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 26 09:48:03 vpngw pluto[32319]: packet from 79.40.165.31:5344: 
ignoring Vendor ID payload [IKE CGA version 1]
Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#47: responding to Main Mode from unknown pee
r 79.40.164.31:5344
Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#47: ECP_384 is not supported.  Attribute OAK
LEY_GROUP_DESCRIPTION
Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#47: ECP_256 is not supported.  Attribute OAK
LEY_GROUP_DESCRIPTION
Sep 26 09:48:03 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#47: NAT-Traversal: Result using RFC 3947: pe
er is NATed
Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#47: byte 2 of ISAKMP Hash Payload must be ze
ro, but is not
Sep 26 09:48:04 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#47: malformed payload in packet
Sep 26 09:48:12 vpngw pluto[32319]: "roadwarrior"[6] 79.40.165.31:5344 
#42: max number of retransmissions (2) reache
d STATE_MAIN_R2


_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to