<br>Hey guys,<br><br>I've been struggling for a few weeks on getting this to work and I haven't made alot of progress.<br>The setup is as follows:<br><br>REMOTE END = Roadwrrior windows xp clients with the built-in L2TP/IPSEC dialer, set with PSK and
<br> security options are "Optional Encryption" and PAP + SPAP.<br><br>LOCAL END = My linux gateway at home, runing debian 2.4.27 kernel with Openswan 2.4.4 and L2TPns 2.1.13<br><br><br>
<br>Here is the complete configuration:<br>=====================<br><ul><li>Gateway Kernel information:</li></ul><br>[root@localhost:/root] uname -a<br>Linux localhost 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i586 GNU/Linux
<br><br><ul><li>IPsec configuration (/etc/ipsec.conf)<br></li></ul><br>version 2.0<br><br>config setup<br> uniqueids=yes<br> interfaces=%defaultroute<br> nat_traversal=yes<br><br>conn L2TP-PSK<br> ike=aes128-md5-modp1024
<br> esp=aes128-md5<br> ikelifetime=1h<br> keylife=8h<br> dpddelay=30<br> dpdtimeout=120<br> dpdaction=hold<br> auth=esp<br> type=transport<br> authby=secret<br>
pfs=no<br> rekey=no<br> keyingtries=3<br> left=<a href="http://myip.homeunix.org">myip.homeunix.org</a><br> leftprotoport=17/%any<br> right=%any<br> rightprotoport=17/1701
<br> auto=add<br><br>include /etc/ipsec.d/examples/no_oe.conf<br><br><br><ul><li>IPSec.secrets (/etc/ipsec.secrets)</li></ul><br><a href="http://myip.homeunix.org">myip.homeunix.org</a> %any: PSK "thiskeyisonlyatest"
<br><br><br><br><ul><li>Logfile (/var/log/auth.log)<br></li></ul><br>Dec 20 20:19:48 localhost<span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
</span> pluto[15013]: Setting NAT-Traversal port-4500 floating to on<br>Dec 20 20:19:48 localhost pluto[15013]: port floating activation criteria nat_t=1/port_fload=1<br>Dec 20 20:19:48 localhost pluto[15013]: including NAT-Traversal patch (Version
0.6c)<br>Dec 20 20:19:49 localhost pluto[15013]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<br>Dec 20 20:19:49 localhost pluto[15013]: starting up 1 cryptographic helpers<br>Dec 20 20:19:49 localhost pluto[15013]: started helper pid=15020 (fd:6)
<br>Dec 20 20:19:49 localhost pluto[15013]: Using Linux 2.6 IPsec interface code on 2.4.27-2-386<br>Dec 20 20:19:53 localhost pluto[15013]: Changing to directory '/etc/ipsec.d/cacerts'<br>Dec 20 20:19:53 localhost pluto[15013]: Changing to directory '/etc/ipsec.d/aacerts'
<br>Dec 20 20:19:53 localhost pluto[15013]: Changing to directory '/etc/ipsec.d/ocspcerts'<br>Dec 20 20:19:53 localhost pluto[15013]: Changing to directory '/etc/ipsec.d/crls'<br>Dec 20 20:19:53 localhost pluto[15013]: Warning: empty directory
<br>Dec 20 20:19:53 localhost pluto[15013]: added connection description "L2TP-PSK"<br>Dec 20 20:19:53 localhost pluto[15013]: listening for IKE messages<br>Dec 20 20:19:53 localhost pluto[15013]: adding interface ppp0/ppp0
<a href="http://80.179.58.23:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "80.179.58.23:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 80.179.58.23:500</a><br>Dec 20 20:19:53 localhost pluto[15013]: adding interface ppp0/ppp0 <a href="http://80.179.58.23:4500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "80.179.58.23:4500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 80.179.58.23:4500</a><br>Dec 20 20:19:53 localhost pluto[15013]: adding interface eth0/eth0
<a href="http://10.10.1.1:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.1.1:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.1.1:500</a><br>Dec 20 20:19:53 localhost pluto[15013]: adding interface eth0/eth0 <a href="http://10.10.1.1:4500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.1.1:4500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.1.1:4500</a><br>Dec 20 20:19:53 localhost pluto[15013]: adding interface lo/lo
<a href="http://127.0.0.1:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "127.0.0.1:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 127.0.0.1:500</a><br>Dec 20 20:19:53 localhost pluto[15013]: adding interface lo/lo <a href="http://127.0.0.1:4500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "127.0.0.1:4500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 127.0.0.1:4500</a><br>Dec 20 20:19:53 localhost pluto[15013]: loading secrets from "/etc/ipsec.secrets"
<br>Dec 20 20:19:54 localhost pluto[15013]: packet from <a href="http://85.65.23.16:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16:500</a>: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>Dec 20 20:19:54 localhost pluto[15013]: packet from
<a href="http://85.65.23.16:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16:500</a>: ignoring Vendor ID payload [FRAGMENTATION]<br>Dec 20 20:19:54 localhost pluto[15013]: packet from <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span>:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106<br>Dec 20 20:19:54 localhost pluto[15013]: packet from <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span>:500: ignoring Vendor ID payload [Vid-Initial-Contact]<br>Dec 20 20:19:54 localhost pluto[15013]: "L2TP-PSK"[1] <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span> #1: responding to Main Mode from unknown peer <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span><br>Dec 20 20:19:54 localhost pluto[15013]: "L2TP-PSK"[1] <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span> #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Dec 20 20:19:54 localhost pluto[15013]: "L2TP-PSK"[1] <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span> #1: STATE_MAIN_R1: sent MR1, expecting MI2<br>Dec 20 20:19:55 localhost pluto[15013]: "L2TP-PSK"[1] <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed<br>Dec 20 20:19:55 localhost pluto[15013]: "L2TP-PSK"[1] <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span> #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>Dec 20 20:19:55 localhost pluto[15013]: "L2TP-PSK"[1] <span id="__firefox-findbar-search-id" style="padding: 0pt; background-color: yellow; color: black; display: inline; font-size: inherit;">
<a href="http://85.65.23.16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "85.65.23.16" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 85.65.23.16</a></span> #1: STATE_MAIN_R2: sent MR2, expecting MI3<br><br><br><br>And it's just stuck there...<br>On the windows box I'm getting an error 678 if I remember correctly.<br><br><br>
I've tried different configurations from seeing on the web.<br>I've tried connecting from the world (as seen here) and from my local LAN, still the same.<br><br>I've also applied the patch from the debian packages: kernel-patch-openswan - IPSEC kernel support for Openswan
<br><br><br>No idea what else to do.<br>Any help or insight is mostly welcome.<br><br>Thanks in advance.<br>