Discussion:
[Openswan Users] ignoring Vendor ID payload
Norbert Wegener
2005-10-06 14:29:27 UTC
Permalink
Sometimes I get this messages on the server side. In this case no
further communication is possible for the client.
This happens as well with the latest strongswan as with the latest
openswan. The client here is a Windows XP.
A connection to a *swan gateway that is configured identically works for
the client.
Any ideas, what might cause this?
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [FRAGMENTATION]
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 6 16:21:39 lnxhan pluto[30400]: "ad-l2tp-linuxnat"[1] 203.92.85.138
#1: responding to Main Mode from unknown peer 203.92.85.138
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [FRAGMENTATION]
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 6 16:21:43 lnxhan pluto[30400]: "ad-l2tp-linuxnat"[1] 203.92.85.138
#2: responding to Main Mode from unknown peer 203.92.85.138
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [FRAGMENTATION]
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
ignoring Vendor ID payload [Vid-Initial-Contact]

ipsec auto --status shows at the end:

000 #8: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 15s
000 #5: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 8s
000 #9: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 3s
000 #7: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 11s
000 #6: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 9s
000

Norbert
Paul Wouters
2005-10-06 15:08:10 UTC
Permalink
Sometimes I get this messages on the server side. In this case no further
communication is possible for the client.
This happens as well with the latest strongswan as with the latest openswan.
The client here is a Windows XP.
A connection to a *swan gateway that is configured identically works for the
client.
Any ideas, what might cause this?
No, but there are a few reports about l2tp (ipsec transport mode), packet size,
icmp/fragmentation issues.

Paul
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [FRAGMENTATION]
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
responding to Main Mode from unknown peer 203.92.85.138
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [FRAGMENTATION]
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
responding to Main Mode from unknown peer 203.92.85.138
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [FRAGMENTATION]
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
000 #8: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 15s
000 #5: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 8s
000 #9: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 3s
000 #7: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 11s
000 #6: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 9s
000
Norbert
_______________________________________________
Users mailing list
http://lists.openswan.org/mailman/listinfo/users
--
"Happiness is never grand"

--- Mustapha Mond, World Controller (Brave New World)
Norbert Wegener
2005-10-06 19:59:56 UTC
Permalink
Maybe I can give a partial answer myself:
At least in one case I could confirm, that there has been a temporary
problem with the routing on one machine. The server answered the
client's requests on the wrong interface, so that the answer never
reached the client.

Norbert
Post by Paul Wouters
Post by Norbert Wegener
Sometimes I get this messages on the server side. In this case no
further communication is possible for the client.
This happens as well with the latest strongswan as with the latest
openswan. The client here is a Windows XP.
A connection to a *swan gateway that is configured identically works
for the client.
Any ideas, what might cause this?
No, but there are a few reports about l2tp (ipsec transport mode), packet size,
icmp/fragmentation issues.
Paul
Post by Norbert Wegener
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
ignoring Vendor ID payload [FRAGMENTATION]
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 6 16:21:39 lnxhan pluto[30400]: "ad-l2tp-linuxnat"[1]
203.92.85.138 #1: responding to Main Mode from unknown peer
203.92.85.138
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
ignoring Vendor ID payload [FRAGMENTATION]
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 6 16:21:43 lnxhan pluto[30400]: "ad-l2tp-linuxnat"[1]
203.92.85.138 #2: responding to Main Mode from unknown peer
203.92.85.138
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
ignoring Vendor ID payload [FRAGMENTATION]
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
ignoring Vendor ID payload [Vid-Initial-Contact]
000 #8: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 15s
000 #5: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 8s
000 #9: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 3s
000 #7: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 11s
000 #6: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
expecting MI2); EVENT_RETRANSMIT in 9s
000
Norbert
_______________________________________________
Users mailing list
http://lists.openswan.org/mailman/listinfo/users
Loading...