[Users] FreeS/WAN with Win2k

From: Adam W <woja(at)optusnet.com.au>
Date: Wed Apr 16 2003 - 05:56:51 EDT

Hi All,

I am "trying" to set up a VPN using freeswan and win2k clients - using l2tp over ipsec.

I have nailed the certificates part of the installation and you can clearly see in the logs that the client has been verified.

BUT... I cannot get past this error message, it looks as though freeswan is broken or something!!

This is the log of where it stuffs up, using plutodebug=all:
########################################################################
##############

Apr 16 16:20:23 woja pluto[18569]: | route owner of "roadwarrior" CK_INSTANCE unrouted: NULL; eroute owner: NULL Apr 16 16:20:23 woja pluto[18569]: | finish_pfkey_msg: SADB_ADD message 6 for Add ESP SA esp.89ea5639@10.10.10.2
Apr 16 16:20:23 woja pluto[18569]: | 02 03 00 03 11 00 00 00 06 00 00 00 89 48 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 01 00 89 ea 56 39 40 01 02 03 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 16:20:23 woja pluto[18569]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 08 00 80 00 00 00 a4 2f 88 f6 65 8a d3 dc
Apr 16 16:20:23 woja pluto[18569]: | 91 22 fd 3f d0 45 41 4d 04 00 09 00 c0 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | d3 ca b0 8b 2c ad 26 05 bd 99 66 4c cd c6 0e a9
Apr 16 16:20:23 woja pluto[18569]: | 26 92 07 42 d4 8e e3 b2 Apr 16 16:20:23 woja pluto[18569]: | pfkey_get: SADB_ADD message 6 Apr 16 16:20:23 woja pluto[18569]: | route owner of "roadwarrior" CK_INSTANCE unrouted: NULL; eroute owner: NULL Apr 16 16:20:23 woja pluto[18569]: | add eroute 10.10.10.1/32:0 -> 10.10.10.2/32:0 => esp.89ea5639@10.10.10.2:17 Apr 16 16:20:23 woja pluto[18569]: | finish_pfkey_msg: SADB_X_ADDFLOW message 7 for flow esp.89ea5639@10.10.10.2
Apr 16 16:20:23 woja pluto[18569]: | 02 0e 00 03 17 00 00 00 07 00 00 00 89 48 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 01 00 89 ea 56 39 00 00 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 16:20:23 woja pluto[18569]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 15 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 16:20:23 woja pluto[18569]: | 00 00 00 00 00 00 00 00 03 00 16 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff ff
Apr 16 16:20:23 woja pluto[18569]: | 40 00 00 00 00 00 00 00 03 00 18 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 01 00 1a 00 11 ee 00 00 Apr 16 16:20:23 woja pluto[18569]: ERROR: "roadwarrior"[1] 10.10.10.2
#2: pfkey write() of SADB_X_ADDFLOW message 7 for flow
esp.89ea5639@10.10.10.2 failed. Errno 22: Invalid argument Apr 16 16:20:23 woja pluto[18569]: | delete esp.89ea5639@10.10.10.2 Apr 16 16:20:23 woja pluto[18569]: | finish_pfkey_msg: SADB_DELETE message 8 for Delete SA esp.89ea5639@10.10.10.2
Apr 16 16:20:23 woja pluto[18569]: | 02 04 00 03 0a 00 00 00 08 00 00 00 89 48 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 01 00 89 ea 56 39 00 01 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 16:20:23 woja pluto[18569]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00

Apr 16 16:20:23 woja pluto[18569]: | pfkey_get: SADB_X_ADDFLOW message 7
Apr 16 16:20:23 woja pluto[18569]: | pfkey_get: SADB_DELETE message 8
Apr 16 16:20:23 woja pluto[18569]: | delete esp.cc6da5a9@10.10.10.1 Apr

16 16:20:23 woja pluto[18569]: | finish_pfkey_msg: SADB_DELETE message 9 for Delete SA esp.cc6da5a9@10.10.10.1
Apr 16 16:20:23 woja pluto[18569]: | 02 04 00 03 0a 00 00 00 09 00 00 00 89 48 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 01 00 cc 6d a5 a9 00 01 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 02
Apr 16 16:20:23 woja pluto[18569]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | 02 00 00 00 0a 0a 0a 01 00 00 00 00 00 00 00 00
Apr 16 16:20:23 woja pluto[18569]: | pfkey_get: SADB_DELETE message 9 Apr 16 16:20:23 woja pluto[18569]: | state transition function for STATE_QUICK_R1 had internal error Apr 16 16:20:23 woja pluto[18569]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Apr 16 16:20:23 woja pluto[18569]: | pfkey_async: SADB_X_ADDFLOW len=2, errno=22, satype=3, seq=7, pid=18569
########################################################################
######################

AND this is the same errors, but with plutodebug=none:

########################################################################
######################

Apr 16 15:55:56 woja pluto[18205]: Starting Pluto (FreeS/WAN Version 1.99)
Apr 16 15:55:56 woja pluto[18205]: including X.509 patch with traffic selectors (Version 0.9.26)
Apr 16 15:55:57 woja pluto[18205]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 16 15:55:57 woja pluto[18205]: loaded cacert file 'cacert.pem' (1545 bytes)
Apr 16 15:55:57 woja pluto[18205]: loaded cacert file 'RootCA.der' (1099 bytes)
Apr 16 15:55:57 woja pluto[18205]: Changing to directory '/etc/ipsec.d/crls'
Apr 16 15:55:57 woja pluto[18205]: loaded crl file 'crl.pem' (662 bytes)
Apr 16 15:55:57 woja pluto[18205]: loaded my default X.509 cert file '/etc/x509cert.der' (1150 bytes)
Apr 16 15:55:57 woja pluto[18205]: loaded host cert file '/etc/ipsec.d/hostcert.pem' (4867 bytes) Apr 16 15:55:57 woja pluto[18205]: loaded host cert file '/etc/ipsec.d/winhostcert.pem' (4875 bytes) Apr 16 15:55:57 woja pluto[18205]: added connection description "roadwarrior" Apr 16 15:55:57 woja pluto[18205]: listening for IKE messages Apr 16 15:55:57 woja pluto[18205]: adding interface ipsec0/eth1 10.10.10.1 Apr 16 15:55:57 woja pluto[18205]: loading secrets from "/etc/ipsec.secrets"
Apr 16 15:55:57 woja pluto[18205]: loaded private key file '/etc/ipsec.d/private/hostcert.key' (2780 bytes) Apr 16 15:56:07 woja pluto[18205]: packet from 10.10.10.2:500: ignoring Vendor ID payload Apr 16 15:56:07 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2 #1: responding to Main Mode from unknown peer 10.10.10.2 Apr 16 15:56:07 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2 #1: Peer ID is ID_DER_ASN1_DN: 'C=AU, ST=NSW, L=SYDNEY, O=MFT, OU=MFT, CN=winhostcert, E=woja@optusnet.com.au' Apr 16 15:56:07 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2 #1: sent MR3, ISAKMP SA established Apr 16 15:56:07 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2 #2: responding to Quick Mode Apr 16 15:56:07 woja pluto[18205]: ERROR: "roadwarrior"[1] 10.10.10.2 #2: pfkey write() of SADB_X_ADDFLOW message 7 for flow esp.42b4c199@10.10.10.2 failed. Errno 22: Invalid argument
Apr 16 15:56:07 woja pluto[18205]: | 02 0e 00 03 17 00 00 00 07 00 00 00 1d 47 00 00
Apr 16 15:56:07 woja pluto[18205]: | 02 00 01 00 42 b4 c1 99 00 00 00 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 15:56:07 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 03 00 15 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 15:56:07 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 16 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff ff
Apr 16 15:56:07 woja pluto[18205]: | 40 00 00 00 00 00 00 00 03 00 18 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 02 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00
Apr 16 15:56:07 woja pluto[18205]: | 01 00 1a 00 11 b3 00 00 Apr 16 15:56:17 woja pluto[18205]: ERROR: "roadwarrior"[1] 10.10.10.2
#2: pfkey write() of SADB_X_ADDFLOW message 11 for flow
esp.42b4c199@10.10.10.2 failed. Errno 22: Invalid argument Apr 16 15:56:17 woja pluto[18205]: | 02 0e 00 03 17 00 00 00 0b 00 00 00 1d 47 00 00
Apr 16 15:56:17 woja pluto[18205]: | 02 00 01 00 42 b4 c1 99 00 00 00 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 15:56:17 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 03 00 15 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 15:56:17 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 16 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff ff
Apr 16 15:56:17 woja pluto[18205]: | 40 00 00 00 00 00 00 00 03 00 18 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 02 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 01 00 1a 00 11 00 00 00 Apr 16 15:56:17 woja pluto[18205]: ERROR: "roadwarrior"[1] 10.10.10.2
#2: pfkey write() of SADB_DELETE message 13 for Delete SA
esp.5543d6ad@10.10.10.1 failed. Errno 3: No such process Apr 16 15:56:17 woja pluto[18205]: | 02 04 00 03 0a 00 00 00 0d 00 00 00 1d 47 00 00
Apr 16 15:56:17 woja pluto[18205]: | 02 00 01 00 55 43 d6 ad 00 01 00 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 02
Apr 16 15:56:17 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 15:56:17 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 01 00 00 00 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: ERROR: "roadwarrior"[1] 10.10.10.2
#2: pfkey write() of SADB_X_ADDFLOW message 15 for flow
esp.42b4c199@10.10.10.2 failed. Errno 22: Invalid argument Apr 16 15:56:37 woja pluto[18205]: | 02 0e 00 03 17 00 00 00 0f 00 00 00 1d 47 00 00
Apr 16 15:56:37 woja pluto[18205]: | 02 00 01 00 42 b4 c1 99 00 00 00 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 15:56:37 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 03 00 15 00 00 00 00 00 02 00 00 00 0a 0a 0a 01
Apr 16 15:56:37 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 16 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 02 00 00 00 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff ff
Apr 16 15:56:37 woja pluto[18205]: | 40 00 00 00 00 00 00 00 03 00 18 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 02 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 01 00 1a 00 11 f7 00 00 Apr 16 15:56:37 woja pluto[18205]: ERROR: "roadwarrior"[1] 10.10.10.2
#2: pfkey write() of SADB_DELETE message 17 for Delete SA
esp.5543d6ad@10.10.10.1 failed. Errno 3: No such process Apr 16 15:56:37 woja pluto[18205]: | 02 04 00 03 0a 00 00 00 11 00 00 00 1d 47 00 00
Apr 16 15:56:37 woja pluto[18205]: | 02 00 01 00 55 43 d6 ad 00 01 00 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 02
Apr 16 15:56:37 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 15:56:37 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 01 00 00 00 00 00 00 00 00
Apr 16 15:56:42 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2 #1: ignoring Delete SA payload Apr 16 15:56:42 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2 #1: received and ignored informational message Apr 16 15:56:42 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2
#1: ignoring Delete SA payload Apr 16 15:56:42 woja pluto[18205]:
"roadwarrior"[1] 10.10.10.2 #1: received and ignored informational message Apr 16 15:57:17 woja pluto[18205]: "roadwarrior"[1] 10.10.10.2
#2: max number of retransmissions (2) reached STATE_QUICK_R1 Apr 16
15:57:17 woja pluto[18205]: ERROR: "roadwarrior"[1] 10.10.10.2 #2: pfkey write() of SADB_DELETE message 18 for Delete SA esp.5543d6ad@10.10.10.1 failed. Errno 3: No such process
Apr 16 15:57:17 woja pluto[18205]: | 02 04 00 03 0a 00 00 00 12 00 00 00 1d 47 00 00
Apr 16 15:57:17 woja pluto[18205]: | 02 00 01 00 55 43 d6 ad 00 01 00 00 00 00 00 00
Apr 16 15:57:17 woja pluto[18205]: | 03 00 05 00 00 00 00 00 02 00 00 00 0a 0a 0a 02
Apr 16 15:57:17 woja pluto[18205]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Apr 16 15:57:17 woja pluto[18205]: | 02 00 00 00 0a 0a 0a 01 00 00 00 00 00 00 00 00

########################################################################
######################

Anyone have any clues??

I am using Mandrake 9.1 - freeswan 1.99 patched with X509.

My config file is as follows:

config setup

        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        interfaces="ipsec0=eth1"
        # Debug-logging controls:  "none" for (almost) none, "all" for
lots.
        klipsdebug=none
        plutodebug=all
        # Use auto= parameters in conn descriptions to control startup
actions.
        plutoload=%search
        plutostart=%search
        # Close down old connection when new one using same ID shows up.
        uniqueids=yes

# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default

        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior
        pfs=no
        keyingtries=3
        authby=rsasig
        right=%any
        rightrsasigkey=%cert
        rightprotoport=17/1701
        rightcert=/etc/ipsec.d/winhostcert.pem
        left=10.10.10.1
        leftcert=/etc/ipsec.d/hostcert.pem
        leftrsasigkey=%cert
        leftprotoport=17/0
        auto=add

ANY help would be greatly appreciated.

---

---

Routing table:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

---

---

Regards,

Adam W.

---

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Wed Apr 16 12:08:15 2003