<BR>Hello,All!<BR><BR>I got a problem when try to init a L2TP_over_IPsec tunnel between WindowsXP &linux VPN gateway.<BR><BR>linux gw ip 192.168.10.152,windows client ip 192.168.10.103 auth by PSK,<BR>openswan 2.3.1 on linux-2.4.20 with NAT-T support,l2tpd-0.69<BR>config setup<BR>#klipsdebug=none<BR>plutodebug="control"<BR>nat_traversal=yes<BR>conn L2TP-PSK<BR>#use a preshared key<BR>#disable PFS for windows client<BR>type=tunnel<BR>authby=secret<BR>pfs=no<BR>#<BR>#left means local<BR>left=192.168.10.152<BR>leftsubnet=192.168.10.0/24<BR>leftprotoport=17/0<BR>#<BR>#remote user: %any for dyn ip<BR>right=%any<BR>rightprotoport=17/1701<BR>#<BR>auto=add<BR>When I start the connect from WindowsXP,i got this in the /var/log/secure (not all of them ,just those lines i think important:)<BR><BR>Jul 11 15:39:49 vpn-router pluto[1710]: packet from 192.168.10.103:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: responding to Main Mode from unknown peer 192.168.10.103<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.10.103'<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: sent MR3, ISAKMP SA established<BR>******************* so far so good *******************************<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | *received 1300 bytes from 192.168.10.103:500 on eth0 (port=500)Jul 11 15:39:49 vpn-router pluto[1710]: | ICOOKIE: e0 d3 7f 60 b8 54 73 d9<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | RCOOKIE: 4f c5 62 4e 7a 47 98 df<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | peer: c0 a8 0a 67<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | state hash entry 5<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | peer and cookies match on #3, provided msgid d37b1763 vs 00000000<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | state object not found<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | ICOOKIE: e0 d3 7f 60 b8 54 73 d9<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | RCOOKIE: 4f c5 62 4e 7a 47 98 df<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | peer: c0 a8 0a 67<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | state hash entry 5<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | peer and cookies match on #3, provided msgid 00000000 vs 00000000<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | state object #3 found, in STATE_MAIN_R3<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | processing connection L2TP-PSK[3] 192.168.10.103<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | peer client is 192.168.10.103<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | peer client protocol/port is 17/1701<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | our client is 192.168.10.152<BR>Jul 11 15:39:49 vpn-router pluto[1710]: | our client protocol/port is 17/0<BR>*********************Error comes out!*************************************************<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: cannot respond to IPsec SA request because no connection is known for 192.168.10.152:17/0...192.168.10.103:17/1701<BR><BR>Jul 11 15:39:49 vpn-router pluto[1710]: | complete state transition with (null)<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: sending encrypted notification INVALID_ID_INFORMATION to 192.168.10.103:500<BR>Jul 11 15:39:49 vpn-router pluto[1710]: "L2TP-PSK"[3] 192.168.10.103 #3: failed to build notification for spisize=0 <BR>Jul 11 15:39:49 vpn-router pluto[1710]: | state transition function for STATE_QUICK_R0 failed: INVALID_ID_INFORMATION<BR><BR>so far as i know,i got a ISAKMP main mode success,but when client try to negotiate quick mode it failed.what wrong within the "1300 bytes from 192.168.10.103:500 "??<BR><BR>Thanks in advance!<BR><BR><br><!-- footer --><br><br><br>
<font style="font-size:14.8px">
<!--广告footer 开始-->
<!--广告footer 结束-->
<!--内部footer开始-->
<br>
<br><p style="line-height:160%;">
<a href="http://mail.163.com" target="_blank">
<font color=blue>需要一个<span style="color:red">2000兆的免费</span>邮箱吗?<br>网易免费邮箱是<span style="color:red">中国最多人使用</span>的电子邮箱。</a>
</p>
<!--内部footer结束-->
</font>