I am trying to configure an Ipsec VPN On Centos 5.4 Machine.The Ipsec server is setup behind Firewall and ports were redirected to internal Server(192.168.2.100).The detailes of the Gateway machine were,<br><br>
eth0 --> Public IP<br>eth1---> 192.168.2.81<br> <br>Ipsec Configuration <br><br>version 2.0<br>config setup<br> interfaces=%defaultroute<br> klipsdebug=none<br> plutodebug=none<br> nat_traversal=yes<br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.2.0/24">10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.2.0/24</a><br>conn %default<br> keyingtries=3<br>
compress=yes<br> disablearrivalcheck=no<br> authby=secret<br> type=tunnel<br> keyexchange=ike<br> ikelifetime=240m<br> keylife=60m<br><br>conn l2tp-psk<br> pfs=no<br>
left=192.168.2.100<br> leftnexthop=192.168.2.81<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/1701<br> rightsubnet=vhost:%no,%priv<br> auto=add<br><br>For thae sake of testing i have disbaled other firewall rules and only redirection is enabled. The firewall rules on Gateway Machine were,<br>
<br>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br>iptables -t nat -A PREROUTING -i eth0 -p udp --dport 4500 -j DNAT --to 192.168.2.100<br>iptables -t nat -A PREROUTING -i eth0 -p udp --dport 500 -j DNAT --to 192.168.2.100<br>
<br> When i try to connect from Client its showing error,<br>104 "L2TP-PSK-CLIENT" #20: STATE_MAIN_I1: initiate<br>003 "L2TP-PSK-CLIENT" #20: ignoring unknown Vendor ID payload [4f457e717f6b5a4e727d576b]<br>
003 "L2TP-PSK-CLIENT" #20: received Vendor ID payload [Dead Peer Detection]<br>106 "L2TP-PSK-CLIENT" #20: STATE_MAIN_I2: sent MI2, expecting MR2<br>108 "L2TP-PSK-CLIENT" #20: STATE_MAIN_I3: sent MI3, expecting MR3<br>
003 "L2TP-PSK-CLIENT" #20: received Vendor ID payload [CAN-IKEv2]<br>003 "L2TP-PSK-CLIENT" #20: we require peer to have ID 'Public IP XXX', but peer declares '192.168.2.100'<br>218 "L2TP-PSK-CLIENT" #20: STATE_MAIN_I3: INVALID_ID_INFORMATION<br>
<br> and from the Logs from Ipsec server,<br><br>"STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}<br>
next payload type of ISAKMP Hash Payload has an unknown value: 63<br> malformed payload in packet"<br><br> it seems connection is established but the problem with POSTROUTING on Gateway machine.How can i Succssfully redirect and Postroute IPsec server on Gateway machine.<br>
<br>Thanks<br>Ajayan<br>