Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] MS L2TP/IPSec VPN client configuration issue?

From: Sam Sgro (sam_at_freeswan.org)
Date: Mon Jul 15 2002 - 22:43:02 CEST

Next message: Stephen J Bevan: "AW: [Users] fragmentation"
Previous message: Stephen J Bevan: "[Users] IPSEC routing trouble"
In reply to: Jason A. Pattie: "[Users] MS L2TP/IPSec VPN client configuration issue?"
Next in thread: Jason A. Pattie: "Re: [Users] MS L2TP/IPSec VPN client configuration issue?"
Reply: Jason A. Pattie: "Re: [Users] MS L2TP/IPSec VPN client configuration issue?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 2002, Jason A. Pattie wrote:

> I tried using the L2TP/IPSec VPN client from Microsoft on a VMware
> session running Win98. However, when the client attempts to connect,
> I'm getting the following from my FreeS/WAN logs:
>
> Jul 16 08:46:08 test810 Pluto[13334]: "test810-vmware-msl2tp" #1: sent
> MR3, ISAKMP SA established
> Jul 16 08:46:08 test810 Pluto[13334]: "test810-vmware-msl2tp" #1: peer
> client ID payload ID_IPV4_ADDR specifies protocol 17; we only support 0
> Jul 16 08:46:13 test810 Pluto[13334]: "test810-vmware-msl2tp" #1: Quick
> Mode I1 message is unacceptable because it uses a previously used
> Message ID 0x5ca8a66c (perhaps this is a duplicated packet)

The error you are receiving has to do with L2TP; Windows wants to use L2TP to
encapsulate the real encrypted traffic, which only uses UDP port 1701. We
don't accept any restrictions on ports/protocols in Phase 2; FreeS/WAN
will accept UDP/1701 traffic through the tunnel, but won't restrict its
communications as the Windows box is requesting.

Take a look at this link:

http://lists.freeswan.org/pipermail/users/2002-January/006921.html

Some additional information would help here: what version of FreeS/WAN are you
using, and what are you trying to do, exactly? Are you trying to use L2TP, or
are you aiming to do a simple IPSec connection between the two machines via
X.509 certificates? If you are using the new MS released IPSec client, read
this message if you haven't already:

http://lists.freeswan.org/pipermail/users/2002-July/012250.html

Jacco mentions that he ignored most of the settings in the MS configuration, as
they seemed to relate to L2TP specifically.

Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPTMz2EOSC4btEQUtAQHXSgP8Dj2vDNnH8oBxPvX/shLLjX2nhwHmvp8d
5PaZYWPyz93UxlHXYvp4G6gWOZT27YlnkPeqgd3fBTw0mDGGMsUoRf3Gx1WMtuG8
AdlLn2bqByVaX/eZAHjN3Lv8FmWr6QH8wS0T2FF9OY0lShH7Kh1tLnHl8/2Q/jiF
lM4u5eKbHEc=
=NCVJ
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Stephen J Bevan: "AW: [Users] fragmentation"
Previous message: Stephen J Bevan: "[Users] IPSEC routing trouble"
In reply to: Jason A. Pattie: "[Users] MS L2TP/IPSec VPN client configuration issue?"
Next in thread: Jason A. Pattie: "Re: [Users] MS L2TP/IPSec VPN client configuration issue?"
Reply: Jason A. Pattie: "Re: [Users] MS L2TP/IPSec VPN client configuration issue?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:23 CEST