[Swan] Problems converting from OpenSWAN to LibreSWAN

Nels Lindquist nlindq at maei.ca
Wed May 7 22:51:41 EEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/7/2014 12:04 PM, Paul Wouters wrote:

> I did notice:
> 
> May  7 07:57:10 mail pluto[28834]: | sending IKE fragment id '1',
> number '1'
> 
> Can you try with both ike_frag=force and ike_frag=no ?

With ike_frag=force we get additional lines (discarding duplicate
packet; already STATE_MAIN_R2); with ike_frag=no the behaviour is the
same as before.  Would you like "plutodebug=all" logs for either or
both of these settings?

May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
responding to Main Mode from unknown peer 209.82.26.89
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
STATE_MAIN_R1: sent MR1, expecting MI2
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May  7 13:44:55 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
STATE_MAIN_R2: sent MR2, expecting MI3
May  7 13:44:57 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
discarding duplicate packet; already STATE_MAIN_R2
May  7 13:45:00 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
discarding duplicate packet; already STATE_MAIN_R2
May  7 13:45:04 mail pluto[14792]: "L2TP-Win2KXP"[1] 209.82.26.89 #6:
discarding duplicate packet; already STATE_MAIN_R2


- -- 
Nels Lindquist
<nlindq at maei.ca>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNqjsoACgkQh6z5POoOLgT5ZgCfd3XQ6qJ9XRvonF9LOppWMxQW
W7AAnik1QfdBkJ50bsp43ashXWpqGJVk
=NTdc
-----END PGP SIGNATURE-----

More information about the Swan mailing list