<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2627" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>Here is my problem
</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>it's worked from my
home for a while and now it;s now working,</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>but my colleague
never get connected</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>we are using winXP
SP2 as VPN client .</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>where can be the
problem ?</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>Thanks in
Advance.</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2><A
href="mailto:root@fw">root@fw</A>:~# tcpdump -n -f -i eth0 host
84.252.57.99<BR>tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode<BR>listening on eth0, link-type EN10MB (Ethernet), capture size
96 bytes<BR>18:02:18.894628 IP 84.252.57.99.500 > 213.91.208.250.500: isakmp:
phase 1 I ident<BR>18:02:18.896515 IP 213.91.208.250.500 > 84.252.57.99.500:
isakmp: phase 1 R ident<BR>18:02:19.128649 IP 84.252.57.99.500 >
213.91.208.250.500: isakmp: phase 1 I ident<BR>18:02:19.225235 IP
213.91.208.250.500 > 84.252.57.99.500: isakmp: phase 1 R
ident<BR>18:02:19.323317 IP 84.252.57.99.500 > 213.91.208.250.500: isakmp:
phase 1 I ident[E]<BR>18:02:19.325528 IP 213.91.208.250.500 >
84.252.57.99.500: isakmp: phase 1 R ident[E]<BR>18:02:19.364660 IP 84.252.57.99
> 213.91.208.250: udp<BR>18:02:19.420126 IP 84.252.57.99.500 >
213.91.208.250.500: isakmp: phase 2/others I oakley-quick[E]<BR>18:02:19.425628
IP 213.91.208.250.500 > 84.252.57.99.500: isakmp: phase 2/others R
oakley-quick[E]<BR>18:02:19.467523 IP 84.252.57.99.500 > 213.91.208.250.500:
isakmp: phase 2/others I oakley-quick[E]<BR>18:02:19.474631 IP 84.252.57.99 >
213.91.208.250: ESP(spi=0x9dc03add,seq=0x1)<BR>18:02:19.478614 IP
213.91.208.250.1701 > 84.252.57.99.1701: l2tp:[TLS](3/0)Ns=0,Nr=1
*MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP()
|...<BR>18:02:20.478615 IP 213.91.208.250.1701 > 84.252.57.99.1701:
l2tp:[TLS](3/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...<BR>18:02:20.481420 IP 84.252.57.99 > 213.91.208.250:
ESP(spi=0x9dc03add,seq=0x2)<BR>18:02:20.485501 IP 213.91.208.250.1701 >
84.252.57.99.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 ZLB<BR>18:02:21.478825 IP
213.91.208.250.1701 > 84.252.57.99.1701: l2tp:[TLS](3/0)Ns=0,Nr=1
*MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP()
|...<BR>18:02:22.516747 IP 84.252.57.99 > 213.91.208.250:
ESP(spi=0x9dc03add,seq=0x3)<BR>18:02:26.561328 IP 84.252.57.99 >
213.91.208.250: ESP(spi=0x9dc03add,seq=0x4)<BR>18:02:34.475383 IP 84.252.57.99
> 213.91.208.250: ESP(spi=0x9dc03add,seq=0x5)<BR>18:02:44.482796 IP
84.252.57.99 > 213.91.208.250: ESP(spi=0x9dc03add,seq=0x6)<BR>18:02:54.504596
IP 84.252.57.99.500 > 213.91.208.250.500: isakmp: phase 2/others I
inf[E]<BR>18:02:54.506424 IP 213.91.208.250.500 > 84.252.57.99.500: isakmp:
phase 2/others R inf[E]<BR>18:02:54.510630 IP 84.252.57.99.500 >
213.91.208.250.500: isakmp: phase 2/others I inf[E]<BR>18:02:54.613795 IP
213.91.208.250.500 > 84.252.57.99.500: isakmp: phase 2/others R
inf[E]</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2><BR><A
href="mailto:root@fw">root@fw</A>:~# tcpdump -n -f -i ipsec0 host
84.252.57.99<BR>tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode<BR>listening on ipsec0, link-type EN10MB (Ethernet), capture
size 96 bytes<BR>18:03:44.588528 IP 84.252.57.99.1701 >
213.91.208.250.1701: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ)
*PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...<BR>18:03:45.592545 IP
84.252.57.99.1701 > 213.91.208.250.1701: l2tp:[TLS](0/0)Ns=0,Nr=0
*MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP()
|...<BR>18:03:47.587679 IP 84.252.57.99.1701 > 213.91.208.250.1701:
l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S)
*BEARER_CAP() |...<BR>18:03:47.592293 IP 213.91.208.250.1701 >
84.252.57.99.1701: l2tp:[TLS](4/0)Ns=0,Nr=1 ZLB<BR>18:03:47.592512 IP
213.91.208.250 > 84.252.57.99: ESP(spi=0xa7bcae4e,seq=0x1)<BR>18:03:47.598581
IP 213.91.208.250.1701 > 84.252.57.99.1701: l2tp:[TLS](4/0)Ns=0,Nr=1
*MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP()
|...<BR>18:03:47.598797 IP 213.91.208.250 > 84.252.57.99:
ESP(spi=0xa7bcae4e,seq=0x2)<BR>18:03:48.598769 IP 213.91.208.250.1701 >
84.252.57.99.1701: l2tp:[TLS](4/0)Ns=0,Nr=1 *MSGTYPE(SCCRP)
*PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |...<BR>18:03:48.599007 IP
213.91.208.250 > 84.252.57.99: ESP(spi=0xa7bcae4e,seq=0x3)<BR>18:03:49.608666
IP 213.91.208.250.1701 > 84.252.57.99.1701: l2tp:[TLS](4/0)Ns=1,Nr=1
*MSGTYPE(StopCCN) *ASSND_TUN_ID(23967) *RESULT_CODE(1/0
Timeout)<BR>18:03:49.608877 IP 213.91.208.250 > 84.252.57.99:
ESP(spi=0xa7bcae4e,seq=0x4)<BR>18:03:50.608773 IP 213.91.208.250.1701 >
84.252.57.99.1701: l2tp:[TLS](4/0)Ns=1,Nr=1 *MSGTYPE(StopCCN)
*ASSND_TUN_ID(23967) *RESULT_CODE(1/0 Timeout)<BR>18:03:50.608982 IP
213.91.208.250 > 84.252.57.99: ESP(spi=0xa7bcae4e,seq=0x5)<BR>18:03:51.590446
IP 84.252.57.99.1701 > 213.91.208.250.1701: l2tp:[TLS](0/0)Ns=0,Nr=0
*MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP()
|...<BR>18:03:51.595079 IP 213.91.208.250.1701 > 84.252.57.99.1701:
l2tp:[TLS](4/0)Ns=0,Nr=1 ZLB<BR>18:03:51.595288 IP 213.91.208.250 >
84.252.57.99: ESP(spi=0xa7bcae4e,seq=0x6)<BR>18:03:51.618544 IP
213.91.208.250.1701 > 84.252.57.99.1701: l2tp:[TLS](4/0)Ns=1,Nr=1
*MSGTYPE(StopCCN) *ASSND_TUN_ID(23967) *RESULT_CODE(1/0
Timeout)<BR>18:03:51.618747 IP 213.91.208.250 > 84.252.57.99:
ESP(spi=0xa7bcae4e,seq=0x7)<BR>18:03:52.618589 IP 213.91.208.250.1701 >
84.252.57.99.1701: l2tp:[TLS](4/0)Ns=1,Nr=1 *MSGTYPE(StopCCN)
*ASSND_TUN_ID(23967) *RESULT_CODE(1/0 Timeout)<BR>18:03:52.618796 IP
213.91.208.250 > 84.252.57.99: ESP(spi=0xa7bcae4e,seq=0x8)<BR>18:03:53.618756
IP 213.91.208.250.1701 > 84.252.57.99.1701: l2tp:[TLS](4/0)Ns=1,Nr=1
*MSGTYPE(StopCCN) *ASSND_TUN_ID(23967) *RESULT_CODE(1/0
Timeout)<BR>18:03:53.618967 IP 213.91.208.250 > 84.252.57.99:
ESP(spi=0xa7bcae4e,seq=0x9)</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>Here is the
configuration files.</FONT></SPAN></DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2><A
href="mailto:root@fw">root@fw</A>:~# cat
/etc/l2tpd/l2tpd.conf<BR> [global]<BR> port = 1701<BR> access
control = no<BR> rand source = dev<BR> [lns
default]<BR> exclusive = no<BR> ip range =
192.168.0.200-192.168.0.250<BR> local ip = 192.168.0.3<BR> require
chap = yes<BR> refuse pap = yes<BR> ppp debug =
yes<BR> pppoptfile = /etc/ppp/options.l2tpd<BR> length bit =
yes</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2><BR></FONT></SPAN> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2><A
href="mailto:root@fw">root@fw</A>:~# cat /etc/ipsec.conf<BR># /etc/ipsec.conf -
FreeS/WAN IPsec configuration file</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2># More elaborate and
more varied sample configurations can be found<BR># in FreeS/WAN's doc/examples
file, and in the HTML documentation.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV> </DIV>
<DIV><SPAN class=828422215-02062005><FONT face=Arial size=2># basic
configuration<BR>config setup<BR> #
THIS SETTING MUST BE CORRECT or almost nothing will
work;<BR> # %defaultroute is okay for
most simple cases.<BR> # def
interfaces=%defaultroute<BR>
interfaces="ipsec0=eth0"<BR> #
Debug-logging controls: "none" for (almost) none, "all" for
lots.<BR>
klipsdebug=none<BR>
plutodebug=none<BR> # Use auto=
parameters in conn descriptions to control startup
actions.<BR>
plutoload=%search<BR>
plutostart=%search<BR> # Close down
old connection when new one using same ID shows
up.<BR>
uniqueids=yes<BR>
nat_traversal=yes<BR>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16</FONT></SPAN></DIV>
<DIV> </DIV><SPAN class=828422215-02062005><FONT face=Arial size=2>
<DIV><BR># defaults for subsequent connection descriptions<BR># (these defaults
will soon go away)<BR>conn
%default<BR>
keyingtries=0<BR> # def
disablearrivalcheck=no<BR> # def
authby=rsasig<BR> # def
leftrsasigkey=%dns<BR> #
rightrsasigkey=%dns</DIV>
<DIV> </DIV>
<DIV><BR>conn RoadWar<BR> left=
213.91.208.250<BR> leftnexthop=
213.91.208.249<BR>
authby=secret<BR>
auto=add<BR>
keyingtries=1<BR>
pfs=no<BR>
right=%any<BR>
leftprotoport=17/1701<BR>
rightsubnet=vhost:%no,%priv<BR>
rightprotoport=17/1701</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR><A href="mailto:root@fw">root@fw</A>:~# cat
/etc/ppp/options.l2tpd<BR>ipcp-accept-local<BR>ipcp-accept-remote<BR>#ms-dns
192.168.0.10<BR>#ms-wins 192.168.0.10<BR>#noccp<BR>auth<BR>crtscts<BR>idle
1800<BR>mtu 1410<BR>mru
1410<BR>#nodefaultroute<BR>debug<BR>lock<BR>proxyarp<BR>connect-delay
5000<BR>#silent<BR>logfd 2<BR>logfile /var/log/l2tpd.log<BR><A
href="mailto:root@fw">root@fw</A>:~#<BR></DIV>
<DIV> </DIV>
<DIV> </DIV></FONT></SPAN></BODY></HTML>