You are not logged in.
- Topics: Active | Unanswered
#1 2016-08-12 20:56:45
- stewSquared
- Member
- Registered: 2011-07-05
- Posts: 16
ipsec "EXPECTATION FAILED" from pluto/kernel.c
Hi! I'm folliwing instruction to set up a VPN with Openswan here: https://wiki.archlinux.org/index.php/Op … ient_setup
Everything seems fine, but after I run `ipsec auto --up L2TP-PSK`, I see the following:
002 "L2TP-PSK" #16: initiating Main Mode
105 "L2TP-PSK" #16: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #16: received Vendor ID payload [RFC 3947] method set to=115
003 "L2TP-PSK" #16: received Vendor ID payload [Dead Peer Detection]
002 "L2TP-PSK" #16: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "L2TP-PSK" #16: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
107 "L2TP-PSK" #16: STATE_MAIN_I2: sent MI2, expecting MR2
003 "L2TP-PSK" #16: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
002 "L2TP-PSK" #16: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
109 "L2TP-PSK" #16: STATE_MAIN_I3: sent MI3, expecting MR3
003 "L2TP-PSK" #16: received Vendor ID payload [Dead Peer Detection]
002 "L2TP-PSK" #16: Main mode peer ID is ID_IPV4_ADDR: '204.28.125.106'
002 "L2TP-PSK" #16: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "L2TP-PSK" #16: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
002 "L2TP-PSK" #16: Dead Peer Detection (RFC 3706): enabled
002 "L2TP-PSK" #17: initiating Quick Mode PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#16 msgid:c77e0626 proposal=defaults pfsgroup=no-pfs}
118 "L2TP-PSK" #17: STATE_QUICK_I1: initiate
002 "L2TP-PSK" #17: byte 7 of ISAKMP NAT-OA Payload should have been zero, but was not
002 "L2TP-PSK" #17: byte 8 of ISAKMP NAT-OA Payload should have been zero, but was not
002 "L2TP-PSK" #17: byte 7 of ISAKMP NAT-OA "
002 "L2TP-PSK" #17: byte 8 of ISAKMP NAT-OA Payload should have been zero, but was not
003 "L2TP-PSK" #17: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
003 "L2TP-PSK" #17: EXPECTATION FAILED at /home/stew/builds/openswan/src/openswan-2.6.47/programs/pluto/kernel.c:2959: sr->eroute_owner == SOS_NOBODY || sr->routing >= RT_ROUTED_TUNNEL
002 "L2TP-PSK" #17: Dead Peer Detection (RFC 3706): enabled
002 "L2TP-PSK" #17: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "L2TP-PSK" #17: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x0640bf9a <0x5c102c9e xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}Running ip link confirms that no new pppX device was added.
The only hints I get that something is wrong is "Payload should have been zero, but was not" and what looks like an assertion failure in some C program -- From these "error messages" I can't really figure out what I might have done wrong. I've double-checked my configs, restarted and rerun everything and get the same result.
Offline
#2 2016-08-13 14:44:02
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,911
Re: ipsec "EXPECTATION FAILED" from pluto/kernel.c
What is the output of ipsec verify ?
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline