[Swan] Connecting to Amazon AWS VPN

Behnam Ahmad Khan Beigi yottanami at gmail.com
Sat Jul 18 13:45:11 EEST 2015


Hey all

I want to connect to Amazon AWS VPN on Debian sid but it can not work,
Here is my configuration/log files:

* ipsec.conf*
# /etc/ipsec.conf on Amazon EC2 instance
version 2.0

config setup
     nat_traversal=yes
     virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd08,%v6:fe80::/10
     protostack=netkey

conn L2TP-PSK
     authby=secret
     auto=start
     forceencaps=yes
     left=%defaultroute
     leftid=172.16.XXX.XXX
     # remote endpoint IP
     right=vpn.XXXdomain.com
_______________________________________________
*xlt2tpd.conf*
[global]
; listen-addr = 192.168.178.28
debug avp = no
debug network = no
debug packet = no
debug state = no
debug tunnel = no

[lac vpn-connection]
lns = vpn.XXXdomain.com
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
_______________________________________________

*/etc/ppp/options.l2tpd.client*
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name XXXXX
password XXXXXX
_____________________________________________________
*dmesg*
[ 7055.870449] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 7056.007729] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 7056.009783] ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES)
succeeded
[ 7056.009791] ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE
LOCK) filtered out
[ 7056.009796] ata1.00: ACPI cmd ef/10:03:00:00:00:a0 (SET FEATURES)
filtered out
[ 7056.014050] ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES)
succeeded
[ 7056.014057] ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE
LOCK) filtered out
[ 7056.014062] ata1.00: ACPI cmd ef/10:03:00:00:00:a0 (SET FEATURES)
filtered out
[ 7056.015864] ata1.00: configured for UDMA/100
[ 7056.044554] blk_update_request: I/O error, dev sdb, sector 0
[ 7056.085469] iwlwifi 0000:02:00.0: L1 Enabled - LTR Disabled
[ 7056.085686] iwlwifi 0000:02:00.0: Radio type=0x1-0x3-0x1
[ 7056.110278] sd 7:0:0:0: [sdb] Synchronizing SCSI cache
[ 7056.110330] sd 7:0:0:0: [sdb] Synchronize Cache(10) failed: Result:
hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 7056.111460] usb 1-1.2: USB disconnect, device number 3
[ 7056.125127] Buffer I/O error on dev sdb2, logical block 109608960, lost
sync page write
[ 7056.125134] JBD2: Error -5 detected when updating journal superblock for
sdb2-8.
[ 7056.297706] iwlwifi 0000:02:00.0: L1 Enabled - LTR Disabled
[ 7056.297912] iwlwifi 0000:02:00.0: Radio type=0x1-0x3-0x1
[ 7059.707795] wlp2s0: authenticate with 00:eb:2d:eb:f9:eb
[ 7059.709144] wlp2s0: send auth to 00:eb:2d:eb:f9:eb (try 1/3)
[ 7059.711823] wlp2s0: authenticated
[ 7059.713907] wlp2s0: associate with 00:eb:2d:eb:f9:eb (try 1/3)
[ 7059.734442] wlp2s0: RX AssocResp from 00:eb:2d:eb:f9:eb (capab=0x431
status=0 aid=4)
[ 7059.739442] wlp2s0: associated
[ 7472.445859] usb 1-1.2: new high-speed USB device number 10 using ehci-pci
[ 7472.539520] usb 1-1.2: New USB device found, idVendor=0fce,
idProduct=5186
[ 7472.539526] usb 1-1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[ 7472.539530] usb 1-1.2: Product: Xperia V
[ 7472.539534] usb 1-1.2: Manufacturer: Sony
[ 7472.539537] usb 1-1.2: SerialNumber: BX903FWGF9
[10167.390147] AVX instructions are not detected.
[10167.428782] AVX instructions are not detected.
[10167.463186] AVX instructions are not detected.
[10167.508050] AVX instructions are not detected.
[10167.545873] AVX instructions are not detected.
[10167.591303] AVX or AES-NI instructions are not detected.
[10167.626352] AVX or AES-NI instructions are not detected.
[10167.686239] AVX or AES-NI instructions are not detected.
[10167.726868] AVX or AES-NI instructions are not detected.
[10167.766477] AVX instructions are not detected.
[10167.794359] AVX instructions are not detected.
[10167.839375] AVX instructions are not detected.
[10167.866213] AVX instructions are not detected.
[10167.913878] AVX instructions are not detected.
[10168.434551] AVX instructions are not detected.
[10168.480789] AVX instructions are not detected.
[10168.535386] AVX or AES-NI instructions are not detected.
[10168.563500] AVX or AES-NI instructions are not detected.
[10168.603637] AVX or AES-NI instructions are not detected.
[10168.634667] AVX or AES-NI instructions are not detected.
[10168.681172] AVX instructions are not detected.
[10168.714865] AVX instructions are not detected.
[10168.771773] AVX instructions are not detected.
[10168.807140] AVX instructions are not detected.
[10168.858347] AVX instructions are not detected.
_____________________________________________________________________________________
*/var/log/auth.log*
Jul 18 15:09:47 yottanami-laptop pluto[17788]: "L2TP-PSK" #6:
STATE_MAIN_I3: sent MI3, expecting MR3
Jul 18 15:09:47 yottanami-laptop pluto[17788]: "L2TP-PSK" #6: received 1
malformed payload notifies
Jul 18 15:09:56 yottanami-laptop pluto[17788]: "L2TP-PSK" #6: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:09:58 yottanami-laptop pluto[17788]: "L2TP-PSK" #6: received 2
malformed payload notifies
Jul 18 15:10:17 yottanami-laptop pluto[17788]: "L2TP-PSK" #6: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #6: max number of
retransmissions (2) reached STATE_MAIN_I3.  Possible authentication
failure: no acceptable response to our first encrypted message
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #6: starting
keying attempt 7 of an unlimited number
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: initiating
Main Mode to replace #6
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: ignoring
unknown Vendor ID payload [4f4576795c6b677a57715c73]
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: received
Vendor ID payload [Dead Peer Detection]
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: received
Vendor ID payload [RFC 3947]
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: enabling
possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 18 15:10:28 yottanami-laptop pluto[17788]: "L2TP-PSK" #7:
STATE_MAIN_I2: sent MI2, expecting MR2
Jul 18 15:10:29 yottanami-laptop pluto[17788]: "L2TP-PSK" #7:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am
behind NAT+peer behind NAT
Jul 18 15:10:29 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 18 15:10:29 yottanami-laptop pluto[17788]: "L2TP-PSK" #7:
STATE_MAIN_I3: sent MI3, expecting MR3
Jul 18 15:10:29 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: received 1
malformed payload notifies
Jul 18 15:10:39 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:10:39 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: received 2
malformed payload notifies
Jul 18 15:10:49 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: received 3
malformed payload notifies
Jul 18 15:10:59 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: max number of
retransmissions (2) reached STATE_MAIN_I3.  Possible authentication
failure: no acceptable response to our first encrypted message
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #7: starting
keying attempt 8 of an unlimited number
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: initiating
Main Mode to replace #7
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: ignoring
unknown Vendor ID payload [4f4576795c6b677a57715c73]
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: received
Vendor ID payload [Dead Peer Detection]
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: received
Vendor ID payload [RFC 3947]
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: enabling
possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8:
STATE_MAIN_I2: sent MI2, expecting MR2
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am
behind NAT+peer behind NAT
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 18 15:11:09 yottanami-laptop pluto[17788]: "L2TP-PSK" #8:
STATE_MAIN_I3: sent MI3, expecting MR3
Jul 18 15:11:10 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: received 1
malformed payload notifies
Jul 18 15:11:20 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:11:20 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: received 2
malformed payload notifies
Jul 18 15:11:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: received 3
malformed payload notifies
Jul 18 15:11:40 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:11:49 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: max number of
retransmissions (2) reached STATE_MAIN_I3.  Possible authentication
failure: no acceptable response to our first encrypted message
Jul 18 15:11:49 yottanami-laptop pluto[17788]: "L2TP-PSK" #8: starting
keying attempt 9 of an unlimited number
Jul 18 15:11:49 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: initiating
Main Mode to replace #8
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: ignoring
unknown Vendor ID payload [4f4576795c6b677a57715c73]
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: received
Vendor ID payload [Dead Peer Detection]
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: received
Vendor ID payload [RFC 3947]
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: enabling
possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9:
STATE_MAIN_I2: sent MI2, expecting MR2
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am
behind NAT+peer behind NAT
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3

Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9:
STATE_MAIN_I3: sent MI3, expecting MR3
Jul 18 15:11:50 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: received 1
malformed payload notifies
Jul 18 15:11:59 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:12:01 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: received 2
malformed payload notifies
Jul 18 15:12:11 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: received 3
malformed payload notifies
Jul 18 15:12:20 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: max number of
retransmissions (2) reached STATE_MAIN_I3.  Possible authentication
failure: no acceptable response to our first encrypted message
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #9: starting
keying attempt 10 of an unlimited number
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: initiating
Main Mode to replace #9
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: ignoring
unknown Vendor ID payload [4f4576795c6b677a57715c73]
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: received
Vendor ID payload [Dead Peer Detection]
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: received
Vendor ID payload [RFC 3947]
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: enabling
possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 18 15:12:30 yottanami-laptop pluto[17788]: "L2TP-PSK" #10:
STATE_MAIN_I2: sent MI2, expecting MR2
Jul 18 15:12:31 yottanami-laptop pluto[17788]: "L2TP-PSK" #10:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am
behind NAT+peer behind NAT
Jul 18 15:12:31 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 18 15:12:31 yottanami-laptop pluto[17788]: "L2TP-PSK" #10:
STATE_MAIN_I3: sent MI3, expecting MR3
Jul 18 15:12:31 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: received 1
malformed payload notifies
Jul 18 15:12:40 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: discarding
duplicate packet; already STATE_MAIN_I3
Jul 18 15:12:40 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: received 2
malformed payload notifies
Jul 18 15:12:51 yottanami-laptop pluto[17788]: "L2TP-PSK" #10: received 3
malformed payload notifies
Jul 18 15:12:59 yottanami-laptop sudo: yottanami : TTY=pts/5 ;
PWD=/home/yottanami ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
-n 100
Jul 18 15:12:59 yottanami-laptop sudo: pam_unix(sudo:session): session
opened for user root by yottanami(uid=0)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150718/b62c2297/attachment-0001.html>


More information about the Swan mailing list