<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Not by any chance <a
href="https://bugs.libreswan.org/show_bug.cgi?id=86">bug #86</a>?
Try also setting leftnexthop=%defaultroute.<br>
<br>
<div class="moz-cite-prefix">On 06/05/2014 21:23, Nels Lindquist
wrote:<br>
</div>
<blockquote cite="mid:536944AA.4070903@maei.ca" type="cite">
<pre wrap="">
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5/6/2014 1:38 PM, Paul Wouters wrote:
</pre>
<blockquote type="cite">
<pre wrap="">can you provide a plutodebug=all logs that show a failed
connection. It should allow us to see what is being mismatched and
causing the rejection.
</pre>
</blockquote>
<pre wrap="">
(File sent directly)
Looking through it, I noticed that the connection definition was using
the wrong IP address for the host. The default interface has multiple
IP aliases, and it didn't pick the "defaultroute" IP.
I changed the "left=" directive in the %default conn config to specify
the correct IP address explicitly and now we get much further, though
there's still no certificate exchange, etc.:
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
received Vendor ID payload [RFC 3947]
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
received Vendor ID payload [FRAGMENTATION]
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
May 6 14:12:15 host_a pluto[1828]: packet from 203.0.113.89:500:
ignoring Vendor ID payload [IKE CGA version 1]
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
responding to Main Mode from unknown peer 203.0.113.89
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 6 14:12:15 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
May 6 14:13:25 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89 #1:
max number of retransmissions (2) reached STATE_MAIN_R2
May 6 14:13:25 host_a pluto[1828]: "L2TP-Win2KXP"[1] 203.0.113.89:
deleting connection "L2TP-Win2KXP" instance with peer 203.0.113.89
{isakmp=#0/ipsec=#0}
Nels Lindquist
- ----
<a class="moz-txt-link-rfc2396E" href="mailto:nlindq@maei.ca"><nlindq@maei.ca></a>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - <a class="moz-txt-link-freetext" href="http://www.enigmail.net/">http://www.enigmail.net/</a>
iEYEARECAAYFAlNpRKkACgkQh6z5POoOLgQe7gCgti3EBFSQ4JC4yL7ljGgZL5Cc
nRIAn3Sh0wn6O3i55Hy8xz3G+UowAach
=uGsc
-----END PGP SIGNATURE-----
_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
</blockquote>
<br>
</body>
</html>