IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] MS L2TP/IPSec VPN client configuration issue?

From: Stephen J Bevan (stephen_at_etunnels.com)
Date: Tue Jul 16 2002 - 19:23:21 CEST

Jason A. Pattie writes:
> I tried using the L2TP/IPSec VPN client from Microsoft on a VMware
> session running Win98. However, when the client attempts to connect,
> I'm getting the following from my FreeS/WAN logs:
>
> Jul 16 08:46:08 test810 Pluto[13334]: "test810-vmware-msl2tp" #1: sent
> MR3, ISAKMP SA established
> Jul 16 08:46:08 test810 Pluto[13334]: "test810-vmware-msl2tp" #1: peer
> client ID payload ID_IPV4_ADDR specifies protocol 17; we only support 0
> Jul 16 08:46:13 test810 Pluto[13334]: "test810-vmware-msl2tp" #1: Quick
> Mode I1 message is unacceptable because it uses a previously used
> Message ID 0x5ca8a66c (perhaps this is a duplicated packet)
>
> Any ideas?

It looks like the MS VPN client is including the protocol of the
packet that triggered the IKE negotiation in the ID payload (17 is
UDP). That facility can be used to create protocol specific IPsec
tunnels. However, FreeS/WAN doesn't support protocol specific
tunnels, it encrypts everything between points A and B. See if you
can find some (advanced?) configuration option in the VPN client which
turns off including the protocol in the ID. It should then send a 0
for the protocol which FreeS/WAN will accept.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:23 CEST