Issue #106

Invalid Exchange Type or non-existent (expired?) ISAKMP SA?

Added by Terje Rosenlund about 7 years ago. Updated almost 4 years ago.

Status:ClosedStart date:10.02.2010
Assignee:Andreas Steffen
Affected version: Resolution:


Client: XP-Pro, L2TP IPSec VPN
Server: Linux strongSwan U4.3.6rc2/K2.6.27.25-78.2.56.fc9.i686

modeconfig=push problem for Windows XP L2TP IPSec VPN
(Complete config and logs in attached file)

Problem occures in linux-log, line 894 - 948, StrongSwan sending:

Feb 10 21:00:58 trixi pluto[24009]: "L2TP_Terje"[1] #1: assigning virtual IP to peer
Feb 10 21:00:58 trixi pluto[24009]: "L2TP_Terje"[1] #1: sending ModeCfg set

Reflected in oakley.log, line 1404 - 1454, XP-replying:

1451: 2-10: 23:00:58:288:1d0 Invalid Exchange Type

linux-log, line 992, StrongSwan interprets as:

Feb 10 21:00:58 trixi pluto[24009]: packet from Quick Mode message is for a non-existent (expired?) ISAKMP SA

ipsec statusall

000 #1: "L2TP_Terje"[1] STATE_MODE_CFG_R3 (sent ModeCfg set, expecting ack); EVENT_RETRANSMIT in 6s; newest ISAKMP

StrongSwan.logs - Config, Secure-log, Oakly.log, ipsec statusall (108 KB) Terje Rosenlund, 11.02.2010 00:10


#1 Updated by Andreas Steffen about 7 years ago

  • Status changed from New to Closed

Windows XP does not support ModeConfig. Virtual IPs are assigned by the L2TP protocol.

#2 Updated by Andreas Steffen almost 4 years ago

  • Tracker changed from Bug to Issue
  • Assignee set to Andreas Steffen

Also available in: Atom PDF