I'm trying to get vpnc-nortel working with the company's VPN. On Windows we
use the Nortel Conivity client but I prefer working with Linux and want to
get that going. I tried vpnc-nortel a few months ago and had no issue with
it working, however I got a cease and desist e-mail from the administrators
saying it was causing an issue but no details. A couple of months later
they said a patch had been applied to fix the problem and I could now
proceed. However now when I try the client it disconnects after
approximately 30 seconds, during that 30 seconds the tunnel works fine but
it always terminates. Here is the output of a session on debug 2, any ideas
what I could be doing wrong?
vpnc version 0.5.3-469M
S1 init_sockaddr
[2011-11-08 20:06:49]
S2 make_socket
[2011-11-08 20:06:49]
S3 setup_tunnel
[2011-11-08 20:06:49]
using interface tun0
S4 do_phase1_am
[2011-11-08 20:06:49]
S4.1 create_nonce
[2011-11-08 20:06:49]
S4.2 dh setup
[2011-11-08 20:06:49]
S4.3 AM packet_1
[2011-11-08 20:06:49]
S4.4 AM_packet2
[2011-11-08 20:06:49]
(Nortel Contivity)
(Netlock NaT-SI)
IKE SA selected psk-3des-sha1
peer is Netlock NaT-SI
NAT status: NaT-SI
S4.5 AM_packet3
[2011-11-08 20:06:49]
S4.6 cleanup
[2011-11-08 20:06:49]
S5 do_phase2_xauth [1]
[2011-11-08 20:06:49]
S5.1 xauth_request
[2011-11-08 20:06:49]
S5.2 notice_check
[2011-11-08 20:06:49]
S5.3 type-is-xauth check
[2011-11-08 20:06:49]
S5.4 xauth type check
[2011-11-08 20:06:49]
S5.5 do xauth reply
[2011-11-08 20:06:49]
S5.2 notice_check
[2011-11-08 20:06:51]
S5.3 type-is-xauth check
[2011-11-08 20:06:51]
S5.6 process xauth set
[2011-11-08 20:06:51]
S5.8 xauth done
[2011-11-08 20:06:51]
S6 do_phase2_config [1]
[2011-11-08 20:06:51]
S6.2 phase2_config receive modecfg
[2011-11-08 20:06:51]
unknown attribute 6 / 0x6
unknown attribute 16392 / 0x4008
unknown attribute 16393 / 0x4009
unknown attribute 16394 / 0x400A
unknown attribute 16396 / 0x400C
QOTD server: run:
telnet x.x.x.x 17
Alternate server: x.x.x.x
unknown attribute 16399 / 0x400F
unknown attribute 16403 / 0x4013
unknown attribute 16400 / 0x4010
got address x.x.x.x
S6 do_phase2
[2011-11-08 20:06:51]
do_phase2: S7.5 QM_packet2 check reject offer
[2011-11-08 20:06:51]
do_phase2: S7.6 QM_packet2 check and process proposal
[2011-11-08 20:06:51]
got ipsec lifetime attributes: 28800 seconds
got peer udp encapsulation port: 10001
IPSEC SA selected aes256-sha1
do_phase2: S7.1 QM_packet1
[2011-11-08 20:06:51]
do_phase2: S7.7 QM_packet3 sent - run script
[2011-11-08 20:06:51]
S7 setup_link (phase 2 + main_loop)
[2011-11-08 20:06:51]
S7.0 run interface setup script
[2011-11-08 20:06:51]
S7.8 setup ipsec tunnel
[2011-11-08 20:06:51]
S7.9 main loop (receive and transmit ipsec packets)
[2011-11-08 20:06:51]
remote -> local spi: 0xd732c8b9
local -> remote spi: 0x8eafeead
VPNC started in foreground...
lifetime status: 0 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 0 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 0 of 28800 seconds used, 0|0 of 0 kbytes used
....
lifetime status: 22 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 22 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 23 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 23 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 23 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 26 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 27 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 27 of 28800 seconds used, 6|8 of 0 kbytes used
got late ike packet: 68 bytes
S7.8 setup ipsec tunnel
[2011-11-08 20:07:18]
lifetime status: 27 of 28800 seconds used, 6|8 of 0 kbytes used
got late ike packet: 84 bytes
got isakmp-delete, terminating...
vpnc[5244]: connection terminated by peer
S7.10 send ipsec termination message
[2011-11-08 20:07:18]
S7.11 send isakmp termination message
[2011-11-08 20:07:18]
S8 close_tunnel
[2011-11-08 20:07:18]
S9 cleanup
[2011-11-08 20:07:19]
use the Nortel Conivity client but I prefer working with Linux and want to
get that going. I tried vpnc-nortel a few months ago and had no issue with
it working, however I got a cease and desist e-mail from the administrators
saying it was causing an issue but no details. A couple of months later
they said a patch had been applied to fix the problem and I could now
proceed. However now when I try the client it disconnects after
approximately 30 seconds, during that 30 seconds the tunnel works fine but
it always terminates. Here is the output of a session on debug 2, any ideas
what I could be doing wrong?
vpnc version 0.5.3-469M
S1 init_sockaddr
[2011-11-08 20:06:49]
S2 make_socket
[2011-11-08 20:06:49]
S3 setup_tunnel
[2011-11-08 20:06:49]
using interface tun0
S4 do_phase1_am
[2011-11-08 20:06:49]
S4.1 create_nonce
[2011-11-08 20:06:49]
S4.2 dh setup
[2011-11-08 20:06:49]
S4.3 AM packet_1
[2011-11-08 20:06:49]
S4.4 AM_packet2
[2011-11-08 20:06:49]
(Nortel Contivity)
(Netlock NaT-SI)
IKE SA selected psk-3des-sha1
peer is Netlock NaT-SI
NAT status: NaT-SI
S4.5 AM_packet3
[2011-11-08 20:06:49]
S4.6 cleanup
[2011-11-08 20:06:49]
S5 do_phase2_xauth [1]
[2011-11-08 20:06:49]
S5.1 xauth_request
[2011-11-08 20:06:49]
S5.2 notice_check
[2011-11-08 20:06:49]
S5.3 type-is-xauth check
[2011-11-08 20:06:49]
S5.4 xauth type check
[2011-11-08 20:06:49]
S5.5 do xauth reply
[2011-11-08 20:06:49]
S5.2 notice_check
[2011-11-08 20:06:51]
S5.3 type-is-xauth check
[2011-11-08 20:06:51]
S5.6 process xauth set
[2011-11-08 20:06:51]
S5.8 xauth done
[2011-11-08 20:06:51]
S6 do_phase2_config [1]
[2011-11-08 20:06:51]
S6.2 phase2_config receive modecfg
[2011-11-08 20:06:51]
unknown attribute 6 / 0x6
unknown attribute 16392 / 0x4008
unknown attribute 16393 / 0x4009
unknown attribute 16394 / 0x400A
unknown attribute 16396 / 0x400C
QOTD server: run:
telnet x.x.x.x 17
Alternate server: x.x.x.x
unknown attribute 16399 / 0x400F
unknown attribute 16403 / 0x4013
unknown attribute 16400 / 0x4010
got address x.x.x.x
S6 do_phase2
[2011-11-08 20:06:51]
do_phase2: S7.5 QM_packet2 check reject offer
[2011-11-08 20:06:51]
do_phase2: S7.6 QM_packet2 check and process proposal
[2011-11-08 20:06:51]
got ipsec lifetime attributes: 28800 seconds
got peer udp encapsulation port: 10001
IPSEC SA selected aes256-sha1
do_phase2: S7.1 QM_packet1
[2011-11-08 20:06:51]
do_phase2: S7.7 QM_packet3 sent - run script
[2011-11-08 20:06:51]
S7 setup_link (phase 2 + main_loop)
[2011-11-08 20:06:51]
S7.0 run interface setup script
[2011-11-08 20:06:51]
S7.8 setup ipsec tunnel
[2011-11-08 20:06:51]
S7.9 main loop (receive and transmit ipsec packets)
[2011-11-08 20:06:51]
remote -> local spi: 0xd732c8b9
local -> remote spi: 0x8eafeead
VPNC started in foreground...
lifetime status: 0 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 0 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 0 of 28800 seconds used, 0|0 of 0 kbytes used
....
lifetime status: 22 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 22 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 23 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 23 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 23 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 26 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 27 of 28800 seconds used, 6|8 of 0 kbytes used
lifetime status: 27 of 28800 seconds used, 6|8 of 0 kbytes used
got late ike packet: 68 bytes
S7.8 setup ipsec tunnel
[2011-11-08 20:07:18]
lifetime status: 27 of 28800 seconds used, 6|8 of 0 kbytes used
got late ike packet: 84 bytes
got isakmp-delete, terminating...
vpnc[5244]: connection terminated by peer
S7.10 send ipsec termination message
[2011-11-08 20:07:18]
S7.11 send isakmp termination message
[2011-11-08 20:07:18]
S8 close_tunnel
[2011-11-08 20:07:18]
S9 cleanup
[2011-11-08 20:07:19]