<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Iam trying to get dialin vpn running. I have installed
openswan and l2tpd on the vpn server. How can I solve this problem<o:p></o:p></p>
<p class=MsoNormal>The network is as below<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Client --------------------------------------------<span
style='font-family:Wingdings'>à</span>internet-------------------------<span
style='font-family:Wingdings'>à</span>Linux Server(VPN)-----------------<span
style='font-family:Wingdings'>à</span>internal network<o:p></o:p></p>
<p class=MsoNormal>192.168.254.0/24 (tba through
l2tpd)
1.1.1.99
192.168.0.251
192.168.0.0/24 <o:p></o:p></p>
<p class=MsoNormal>(also isp assigned ip address
)
<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Below is my ipsec.conf<o:p></o:p></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>config setup<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> # Debug-logging
controls: "none" for (almost) none, "all" for lots.<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> klipsdebug=none<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
plutodebug="controlmore"<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
#interfaces=%defaultroute<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
nat_traversal=yes<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
virtual_private=%v4:192.168.254.0/24,%v4:!192.168.0.0/24<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>conn %default<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
disablearrivalcheck=no<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
keyingtries=3<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
authby=secret<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
compress=no<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'> keyexchange=ike<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
left=%defaultroute<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
rightnexthop=%defaultroute<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
leftsubnet=192.168.0.0/24<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>conn net<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
type=tunnel<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
pfs=no<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
right=%any<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
#rightsubnet=vhost:%no,%priv<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>
auto=add<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>include /etc/ipsec.d/*.conf<o:p></o:p></span></p>
<p class=MsoNormal>result<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>un 27 17:24:15 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #2: only OAKLEY_GROUP_MODP1024 and
OAKLEY_GROUP_MODP1536 supported. Attribute OAKLEY_GROUP_DESCRIPTION<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:15 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #2: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536
supported. Attribute OAKLEY_GROUP_DESCRIPTION<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:15 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #2: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:15 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #2: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:17 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #1: NAT-Traversal: Result using 3: peer is NATed<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:17 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #1: discarding packet received during asynchronous
work (DNS or crypto) in STATE_MAIN_R1<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:17 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #1: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:17 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #1: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #1: Main mode peer ID is ID_IPV4_ADDR:
'192.168.0.25'<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: I did not send a certificate because I do not
have one.<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]: | NAT-T: new
mapping x.y.96.31:500/4500)<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: retransmitting in response to duplicate
packet; already STATE_MAIN_R3<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: cannot respond to IPsec SA request because no
connection is known for
1.1.1.99:17/1701...x.y.96.31[192.168.0.25]:17/1701===192.168.0.25/32<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: sending encrypted notification
INVALID_ID_INFORMATION to x.y.96.31:4500<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: Quick Mode I1 message is unacceptable because
it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:19 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: sending encrypted notification
INVALID_MESSAGE_ID to x.y.96.31:4500<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:21 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: Quick Mode I1 message is unacceptable because
it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated
packet)<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:21 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: sending encrypted notification
INVALID_MESSAGE_ID to x.y.96.31:4500<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:21 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: Quick Mode I1 message is unacceptable because
it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated
packet)<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:21 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: sending encrypted notification
INVALID_MESSAGE_ID to x.y.96.31:4500<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:23 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: Quick Mode I1 message is unacceptable because
it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated
packet)<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:23 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: sending encrypted notification
INVALID_MESSAGE_ID to x.y.96.31:4500<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:23 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: Quick Mode I1 message is unacceptable because
it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated
packet)<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:23 yoafrica pluto[20957]:
"net"[2] x.y.96.31 #1: sending encrypted notification
INVALID_MESSAGE_ID to x.y.96.31:4500<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;
font-family:"Courier New"'>Jun 27 17:24:25 yoafrica pluto[20957]:
"net"[1] x.y.96.31 #2: ERROR: asynchronous network error report on
eth1 (sport=500) for message to x.y.96.31 port 4500, complainant x.y.96.31: No
route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]<o:p></o:p></span></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>