Issue #106

Invalid Exchange Type or non-existent (expired?) ISAKMP SA?

Added by Terje Rosenlund about 4 years ago. Updated 12 months ago.

Status:ClosedStart date:10.02.2010
Priority:Normal
Assignee:Andreas Steffen
Category:-
Affected version: Resolution:

Description

Client: XP-Pro, L2TP IPSec VPN
Server: Linux strongSwan U4.3.6rc2/K2.6.27.25-78.2.56.fc9.i686

modeconfig=push problem for Windows XP L2TP IPSec VPN
(Complete config and logs in attached file)

Problem occures in linux-log, line 894 - 948, StrongSwan sending:

Feb 10 21:00:58 trixi pluto[24009]: "L2TP_Terje"[1] 192.168.1.1:4500 #1: assigning virtual IP  10.20.30.128 to peer
Feb 10 21:00:58 trixi pluto[24009]: "L2TP_Terje"[1] 192.168.1.1:4500 #1: sending ModeCfg set

Reflected in oakley.log, line 1404 - 1454, XP-replying:

1451: 2-10: 23:00:58:288:1d0 Invalid Exchange Type

linux-log, line 992, StrongSwan interprets as:

Feb 10 21:00:58 trixi pluto[24009]: packet from 192.168.1.1:4500: Quick Mode message is for a non-existent (expired?) ISAKMP SA

ipsec statusall

000 #1: "L2TP_Terje"[1] 192.168.1.1:4500 STATE_MODE_CFG_R3 (sent ModeCfg set, expecting ack); EVENT_RETRANSMIT in 6s; newest ISAKMP

StrongSwan.logs - Config, Secure-log, Oakly.log, ipsec statusall (108 KB) Terje Rosenlund, 11.02.2010 00:10

History

#1 Updated by Andreas Steffen about 4 years ago

  • Status changed from New to Closed

Windows XP does not support ModeConfig. Virtual IPs are assigned by the L2TP protocol.

#2 Updated by Andreas Steffen 12 months ago

  • Tracker changed from Bug to Issue
  • Assignee set to Andreas Steffen

Also available in: Atom PDF