Hi all;<br><br>From few days I'm trying to get working openswan + l2tpd with certificates.<br>Firth I have installed openswan +l2tpd like I made before and I tested connetcion with PSK - it work's great.<br>Next I modified config file ipsec.conf liek below:<br>
<br>config setup<br> interfaces=%defaultroute<br> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:172.16.0.0/12,!%v4:192.168.0.0/16">10.0.0.0/8,%v4:172.16.0.0/12,!%v4:192.168.0.0/16</a><br> nat_traversal=yes<br>
protostack=netkey<br> plutodebug=private<br> OE=off<br>#conn l2tp<br># rightsubnet=vhost:%priv<br># also=l2tp-X.509<br><br>conn l2tp-X.509<br> #<br> # Configuration for one user with any type of IPsec/L2TP client<br>
# including the updated Windows 2000/XP (MS KB Q818043), but<br> # excluding the non-updated Windows 2000/XP.<br> #<br> #<br> # Use a certificate. Disable Perfect Forward Secrecy.<br> #<br> #auth=esp<br>
authby=rsasig<br> pfs=no<br> auto=add<br> # we cannot rekey for %any, let client rekey<br> rekey=no<br> # Set ikelifetime and keylife to same defaults windows has<br> ikelifetime=8h<br> keylife=1h<br>
# l2tp-over-ipsec is transport mode<br> # See <a href="http://bugs.xelerance.com/view.php?id=466">http://bugs.xelerance.com/view.php?id=466</a><br> type=transport<br> #<br> left=83.230.105.135<br> leftnexthop=83.230.105.129<br>
leftid=%fromcert<br> <br> leftca=/etc/ipsec.d/cacert/cacert.pem<br> leftrsasigkey=%cert<br> leftcert=/etc/ipsec.d/certs/vpntest.pem<br> leftprotoport=17/1701<br> #<br> # The remote user.<br> #<br>
right=%any<br> rightca=%same<br> rightid=%fromcert<br> rightrsasigkey=%cert<br> # Using the magic port of "0" means "any one single port". This is<br> # a work around required for Apple OSX clients that use a randomly<br>
# high port, but propose "0" instead of their port. If that does<br> # not work, try 17/%any<br> rightprotoport=17/0<br> rightsubnet=vhost:%priv,%no<br><br>I didn't change my xl2tpd config file.<br>
Because I used openvpn vpn server I want to use the same certificates to openswan. So earlier generated certificates (via easy-rsa tool from openswan) I copied:<br>cacert.pem to /etc/ipsed.d/cacert, vpntest.pem to /etc/ipsec.d/certs and key file i put into /etc/ipsec.d/private. I don't use pass for vpntest key I also put a line into ipsec.secrets<br>
<br>: RSA /etc/ipsec.d/private/vpntest.key *<br><br>Next I added the connection<br>ipsec setup start<br><br>and in /var/log/secure I got<br><br>Dec 7 13:28:58 slack13 pluto[26544]: Starting Pluto (Openswan Version 2.6.31; Vendor ID OE}GnD\177ZAYe[) pid:26544<br>
Dec 7 13:28:58 slack13 pluto[26544]: LEAK_DETECTIVE support [enabled]<br>Dec 7 13:28:58 slack13 pluto[26544]: SAref support [disabled]: Protocol not available<br>Dec 7 13:28:58 slack13 pluto[26544]: SAbind support [disabled]: Protocol not available<br>
Dec 7 13:28:58 slack13 pluto[26544]: NSS support [disabled]<br>Dec 7 13:28:58 slack13 pluto[26544]: HAVE_STATSD notification support not compiled in<br>Dec 7 13:28:58 slack13 pluto[26544]: Setting NAT-Traversal port-4500 floating to on<br>
Dec 7 13:28:58 slack13 pluto[26544]: port floating activation criteria nat_t=1/port_float=1<br>Dec 7 13:28:58 slack13 pluto[26544]: NAT-Traversal support [enabled]<br>Dec 7 13:28:58 slack13 pluto[26544]: 1 bad entries in virtual_private - none loaded<br>
Dec 7 13:28:58 slack13 pluto[26544]: using /dev/urandom as source of random entropy<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br>
Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<br>
Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)<br>Dec 7 13:28:58 slack13 pluto[26544]: starting up 1 cryptographic helpers<br>
Dec 7 13:28:58 slack13 pluto[26544]: started helper pid=26548 (fd:7)<br>Dec 7 13:28:58 slack13 pluto[26544]: Using Linux 2.6 IPsec interface code on 2.6.33.4 (experimental code)<br>Dec 7 13:28:58 slack13 pluto[26548]: using /dev/urandom as source of random entropy<br>
Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_add(): ERROR: Algorithm already exists<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)<br>
Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_add(): ERROR: Algorithm already exists<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_add(): ERROR: Algorithm already exists<br>
Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_add(): ERROR: Algorithm already exists<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)<br>
Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_add(): ERROR: Algorithm already exists<br>Dec 7 13:28:58 slack13 pluto[26544]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)<br>Dec 7 13:28:58 slack13 pluto[26544]: Changed path to directory '/etc/ipsec.d/cacerts'<br>
Dec 7 13:28:58 slack13 pluto[26544]: loaded CA cert file 'cacert.pem' (1334 bytes)<br>Dec 7 13:28:58 slack13 pluto[26544]: Changed path to directory '/etc/ipsec.d/aacerts'<br>Dec 7 13:28:58 slack13 pluto[26544]: Changed path to directory '/etc/ipsec.d/ocspcerts'<br>
Dec 7 13:28:58 slack13 pluto[26544]: Changing to directory '/etc/ipsec.d/crls'<br>Dec 7 13:28:58 slack13 pluto[26544]: loaded crl file 'crl.crl' (528 bytes)<br>Dec 7 13:28:58 slack13 pluto[26544]: loading certificate from /etc/ipsec.d/certs/vpntest.pem <br>
Dec 7 13:28:58 slack13 pluto[26544]: loaded host cert file '/etc/ipsec.d/certs/vpntest.pem' (3802 bytes)<br>Dec 7 13:28:58 slack13 pluto[26544]: no subjectAltName matches ID '%fromcert', replaced by subject DN<br>
Dec 7 13:28:58 slack13 pluto[26544]: | keyid: *AwEAAZ+GM<br>Dec 7 13:28:58 slack13 pluto[26544]: | Modulus: 9f863338df000812eb92b66a4f91b55e174f23e0ae53889b9626245e2a8e4fccc561af89af8dada925614c3b781bc01b9edb28e1dcde07aac17cbbd71a6b4350a28573afd195131d84f5f425fb0065a52431dfdbe1a74f6224bf379976c9be1af56c8067c78ef851f0c482d34299b418aa9d33f898e5d57803b2967ab3824eeb<br>
Dec 7 13:28:58 slack13 pluto[26544]: | PublicExponent: 10001<br>Dec 7 13:28:58 slack13 pluto[26544]: added connection description "l2tp-X.509"<br>Dec 7 13:28:58 slack13 pluto[26544]: listening for IKE messages<br>
Dec 7 13:28:58 slack13 pluto[26544]: | invalid listen= option ignored: empty string <br>Dec 7 13:28:58 slack13 pluto[26544]: NAT-Traversal: Trying new style NAT-T<br>Dec 7 13:28:58 slack13 pluto[26544]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)<br>
Dec 7 13:28:58 slack13 pluto[26544]: NAT-Traversal: Trying old style NAT-T<br>Dec 7 13:28:58 slack13 pluto[26544]: adding interface bond0/bond0 <a href="http://192.168.1.19:500">192.168.1.19:500</a><br>Dec 7 13:28:58 slack13 pluto[26544]: adding interface bond0/bond0 <a href="http://192.168.1.19:4500">192.168.1.19:4500</a><br>
Dec 7 13:28:58 slack13 pluto[26544]: adding interface eth3/eth3 MYIPADDRESS:500<br>Dec 7 13:28:58 slack13 pluto[26544]: adding interface eth3/eth3 MYIPADDRESS:4500<br>Dec 7 13:28:58 slack13 pluto[26544]: adding interface lo/lo <a href="http://127.0.0.1:500">127.0.0.1:500</a><br>
Dec 7 13:28:58 slack13 pluto[26544]: adding interface lo/lo <a href="http://127.0.0.1:4500">127.0.0.1:4500</a><br>Dec 7 13:28:58 slack13 pluto[26544]: adding interface lo/lo ::1:500<br>Dec 7 13:28:58 slack13 pluto[26544]: loading secrets from "/etc/ipsec.secrets"<br>
Dec 7 13:28:58 slack13 pluto[26544]: loaded private key file '/etc/ipsec.d/private/vpntest.key' (887 bytes)<br>Dec 7 13:28:58 slack13 pluto[26544]: | 30 82 02 5b 02 01 00 02 81 81 00 9f 86 33 38 df<br>Dec 7 13:28:58 slack13 pluto[26544]: | 00 08 12 eb 92 b6 6a 4f 91 b5 5e 17 4f 23 e0 ae<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 53 88 9b 96 26 24 5e 2a 8e 4f cc c5 61 af 89 af<br>Dec 7 13:28:58 slack13 pluto[26544]: | 8d ad a9 25 61 4c 3b 78 1b c0 1b 9e db 28 e1 dc<br>Dec 7 13:28:58 slack13 pluto[26544]: | de 07 aa c1 7c bb d7 1a 6b 43 50 a2 85 73 af d1<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 95 13 1d 84 f5 f4 25 fb 00 65 a5 24 31 df db e1<br>Dec 7 13:28:58 slack13 pluto[26544]: | a7 4f 62 24 bf 37 99 76 c9 be 1a f5 6c 80 67 c7<br>Dec 7 13:28:58 slack13 pluto[26544]: | 8e f8 51 f0 c4 82 d3 42 99 b4 18 aa 9d 33 f8 98<br>
Dec 7 13:28:58 slack13 pluto[26544]: | e5 d5 78 03 b2 96 7a b3 82 4e eb 02 03 01 00 01<br>Dec 7 13:28:58 slack13 pluto[26544]: | 02 81 80 3b 4d fc c4 eb c2 6b 3d fd 6d f1 7a dc<br>Dec 7 13:28:58 slack13 pluto[26544]: | 51 e3 07 33 cb 2c 1f 5f 2f 96 dd a0 98 55 74 dc<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 85 43 8d 70 e3 bc 0a 87 c5 38 06 65 eb 22 18 09<br>Dec 7 13:28:58 slack13 pluto[26544]: | b2 e7 5c 5d 56 44 80 93 47 c7 b9 e7 6c a3 b8 78<br>Dec 7 13:28:58 slack13 pluto[26544]: | 0d e0 5c 07 81 06 6b c0 60 4b ad 0b 57 cf 4a 5f<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 13 1a 9b a0 60 29 f1 2d 76 a0 ae e2 39 7c eb bd<br>Dec 7 13:28:58 slack13 pluto[26544]: | 15 0f 42 c7 fe 88 94 7c d1 cc 6d f6 7d 89 1a db<br>Dec 7 13:28:58 slack13 pluto[26544]: | d1 d3 37 30 95 14 10 0e 9a fa fe 5c d7 19 ef 45<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 21 da 81 02 41 00 cf 60 88 e1 bc 73 43 96 04 de<br>Dec 7 13:28:58 slack13 pluto[26544]: | 33 79 f2 87 fd 9a 71 e4 f6 f3 96 39 27 fc 6d 02<br>Dec 7 13:28:58 slack13 pluto[26544]: | 13 6f 25 6a 60 67 11 ff 56 cf 6b c3 9b 65 81 a8<br>
Dec 7 13:28:58 slack13 pluto[26544]: | ed 96 8e 00 2e 48 3f ae a5 f6 44 44 e3 a9 fb ae<br>Dec 7 13:28:58 slack13 pluto[26544]: | 64 cb 81 35 b5 b1 02 41 00 c4 ed 60 5a 43 3c d5<br>Dec 7 13:28:58 slack13 pluto[26544]: | bc 4c a3 d9 b2 d1 24 f5 f2 1e bc ef 73 2a 5a f7<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 4c ce 4d fb a2 e0 ef 9b 51 b7 48 2b b4 f7 3c 88<br>Dec 7 13:28:58 slack13 pluto[26544]: | d8 bb d0 fc 3f 22 29 a6 ab 9a 2b 7d 85 8f 4f c4<br>Dec 7 13:28:58 slack13 pluto[26544]: | f2 0d 56 b5 d7 62 df 89 5b 02 40 4f a9 1e 8b d0<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 4f 5a bc 0b 1c ac 1b 81 2d fa 1e 54 f8 06 61 25<br>Dec 7 13:28:58 slack13 pluto[26544]: | e8 c8 d2 6f b1 67 73 bf a4 b0 69 87 81 55 80 92<br>Dec 7 13:28:58 slack13 pluto[26544]: | 3d ee b8 bc 68 fe f3 61 92 f2 34 70 ba 0f 28 9d<br>
Dec 7 13:28:58 slack13 pluto[26544]: | aa f4 e5 7c 37 ce a2 59 fd 1e d1 02 40 39 13 a0<br>Dec 7 13:28:58 slack13 pluto[26544]: | 10 a9 5a 51 8c b1 1d f0 74 1e a0 3a d4 c1 49 fb<br>Dec 7 13:28:58 slack13 pluto[26544]: | 91 02 9e b8 fc be f2 e5 53 51 24 c1 7c ce c5 91<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 3d 73 47 4d 56 9c 21 37 6b 49 08 8f 71 3f 4f 09<br>Dec 7 13:28:58 slack13 pluto[26544]: | a3 93 65 08 6d 2b a6 8d 2f ef 4d 60 ef 02 40 7e<br>Dec 7 13:28:58 slack13 pluto[26544]: | a8 84 d9 d7 76 93 96 50 1a 50 40 6d ba db ec 66<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 37 2c 7d 77 f9 88 9e 2f e8 43 26 64 96 92 35 4b<br>Dec 7 13:28:58 slack13 pluto[26544]: | 84 59 e1 6a 44 e1 0d 8e fb 70 bb ca 27 7c 96 75<br>Dec 7 13:28:58 slack13 pluto[26544]: | a6 15 db 9e 79 d1 01 73 0c ff a0 ca cd c1 c8<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 00<br>Dec 7 13:28:58 slack13 pluto[26544]: | 00 9f 86 33 38 df 00 08 12 eb 92 b6 6a 4f 91 b5<br>Dec 7 13:28:58 slack13 pluto[26544]: | 5e 17 4f 23 e0 ae 53 88 9b 96 26 24 5e 2a 8e 4f<br>
Dec 7 13:28:58 slack13 pluto[26544]: | cc c5 61 af 89 af 8d ad a9 25 61 4c 3b 78 1b c0<br>Dec 7 13:28:58 slack13 pluto[26544]: | 1b 9e db 28 e1 dc de 07 aa c1 7c bb d7 1a 6b 43<br>Dec 7 13:28:58 slack13 pluto[26544]: | 50 a2 85 73 af d1 95 13 1d 84 f5 f4 25 fb 00 65<br>
Dec 7 13:28:58 slack13 pluto[26544]: | a5 24 31 df db e1 a7 4f 62 24 bf 37 99 76 c9 be<br>Dec 7 13:28:58 slack13 pluto[26544]: | 1a f5 6c 80 67 c7 8e f8 51 f0 c4 82 d3 42 99 b4<br>Dec 7 13:28:58 slack13 pluto[26544]: | 18 aa 9d 33 f8 98 e5 d5 78 03 b2 96 7a b3 82 4e<br>
Dec 7 13:28:58 slack13 pluto[26544]: | eb<br>Dec 7 13:28:58 slack13 pluto[26544]: | 01 00 01<br>Dec 7 13:28:58 slack13 pluto[26544]: | 3b 4d fc c4 eb c2 6b 3d fd 6d f1 7a dc 51 e3 07<br>Dec 7 13:28:58 slack13 pluto[26544]: | 33 cb 2c 1f 5f 2f 96 dd a0 98 55 74 dc 85 43 8d<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 70 e3 bc 0a 87 c5 38 06 65 eb 22 18 09 b2 e7 5c<br>Dec 7 13:28:58 slack13 pluto[26544]: | 5d 56 44 80 93 47 c7 b9 e7 6c a3 b8 78 0d e0 5c<br>Dec 7 13:28:58 slack13 pluto[26544]: | 07 81 06 6b c0 60 4b ad 0b 57 cf 4a 5f 13 1a 9b<br>
Dec 7 13:28:58 slack13 pluto[26544]: | a0 60 29 f1 2d 76 a0 ae e2 39 7c eb bd 15 0f 42<br>Dec 7 13:28:58 slack13 pluto[26544]: | c7 fe 88 94 7c d1 cc 6d f6 7d 89 1a db d1 d3 37<br>Dec 7 13:28:58 slack13 pluto[26544]: | 30 95 14 10 0e 9a fa fe 5c d7 19 ef 45 21 da 81<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 00 cf 60 88 e1 bc 73 43 96 04 de 33 79 f2 87 fd<br>Dec 7 13:28:58 slack13 pluto[26544]: | 9a 71 e4 f6 f3 96 39 27 fc 6d 02 13 6f 25 6a 60<br>Dec 7 13:28:58 slack13 pluto[26544]: | 67 11 ff 56 cf 6b c3 9b 65 81 a8 ed 96 8e 00 2e<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 48 3f ae a5 f6 44 44 e3 a9 fb ae 64 cb 81 35 b5<br>Dec 7 13:28:58 slack13 pluto[26544]: | b1<br>Dec 7 13:28:58 slack13 pluto[26544]: | 00 c4 ed 60 5a 43 3c d5 bc 4c a3 d9 b2 d1 24 f5<br>
Dec 7 13:28:58 slack13 pluto[26544]: | f2 1e bc ef 73 2a 5a f7 4c ce 4d fb a2 e0 ef 9b<br>Dec 7 13:28:58 slack13 pluto[26544]: | 51 b7 48 2b b4 f7 3c 88 d8 bb d0 fc 3f 22 29 a6<br>Dec 7 13:28:58 slack13 pluto[26544]: | ab 9a 2b 7d 85 8f 4f c4 f2 0d 56 b5 d7 62 df 89<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 5b<br>Dec 7 13:28:58 slack13 pluto[26544]: | 4f a9 1e 8b d0 4f 5a bc 0b 1c ac 1b 81 2d fa 1e<br>Dec 7 13:28:58 slack13 pluto[26544]: | 54 f8 06 61 25 e8 c8 d2 6f b1 67 73 bf a4 b0 69<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 87 81 55 80 92 3d ee b8 bc 68 fe f3 61 92 f2 34<br>Dec 7 13:28:58 slack13 pluto[26544]: | 70 ba 0f 28 9d aa f4 e5 7c 37 ce a2 59 fd 1e d1<br>Dec 7 13:28:58 slack13 pluto[26544]: | 39 13 a0 10 a9 5a 51 8c b1 1d f0 74 1e a0 3a d4<br>
Dec 7 13:28:58 slack13 pluto[26544]: | c1 49 fb 91 02 9e b8 fc be f2 e5 53 51 24 c1 7c<br>Dec 7 13:28:58 slack13 pluto[26544]: | ce c5 91 3d 73 47 4d 56 9c 21 37 6b 49 08 8f 71<br>Dec 7 13:28:58 slack13 pluto[26544]: | 3f 4f 09 a3 93 65 08 6d 2b a6 8d 2f ef 4d 60 ef<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 7e a8 84 d9 d7 76 93 96 50 1a 50 40 6d ba db ec<br>Dec 7 13:28:58 slack13 pluto[26544]: | 66 37 2c 7d 77 f9 88 9e 2f e8 43 26 64 96 92 35<br>Dec 7 13:28:58 slack13 pluto[26544]: | 4b 84 59 e1 6a 44 e1 0d 8e fb 70 bb ca 27 7c 96<br>
Dec 7 13:28:58 slack13 pluto[26544]: | 75 a6 15 db 9e 79 d1 01 73 0c ff a0 ca cd c1 c8<br>Dec 7 13:28:58 slack13 pluto[26544]: | keyid: *AwEAAZ+GM<br>Dec 7 13:28:58 slack13 pluto[26544]: | Modulus: 9f863338df000812eb92b66a4f91b55e174f23e0ae53889b9626245e2a8e4fccc561af89af8dada925614c3b781bc01b9edb28e1dcde07aac17cbbd71a6b4350a28573afd195131d84f5f425fb0065a52431dfdbe1a74f6224bf379976c9be1af56c8067c78ef851f0c482d34299b418aa9d33f898e5d57803b2967ab3824eeb<br>
Dec 7 13:28:58 slack13 pluto[26544]: | PublicExponent: 10001<br>Dec 7 13:28:58 slack13 pluto[26544]: | PrivateExponent: 3b4dfcc4ebc26b3dfd6df17adc51e30733cb2c1f5f2f96dda0985574dc85438d70e3bc0a87c5380665eb221809b2e75c5d5644809347c7b9e76ca3b8780de05c0781066bc0604bad0b57cf4a5f131a9ba06029f12d76a0aee2397cebbd150f42c7fe88947cd1cc6df67d891adbd1d337309514100e9afafe5cd719ef4521da81<br>
Dec 7 13:28:58 slack13 pluto[26544]: | Prime1: cf6088e1bc73439604de3379f287fd9a71e4f6f3963927fc6d02136f256a606711ff56cf6bc39b6581a8ed968e002e483faea5f64444e3a9fbae64cb8135b5b1<br>Dec 7 13:28:58 slack13 pluto[26544]: | Prime2: c4ed605a433cd5bc4ca3d9b2d124f5f21ebcef732a5af74cce4dfba2e0ef9b51b7482bb4f73c88d8bbd0fc3f2229a6ab9a2b7d858f4fc4f20d56b5d762df895b<br>
Dec 7 13:28:58 slack13 pluto[26544]: | Exponent1: 4fa91e8bd04f5abc0b1cac1b812dfa1e54f8066125e8c8d26fb16773bfa4b06987815580923deeb8bc68fef36192f23470ba0f289daaf4e57c37cea259fd1ed1<br>Dec 7 13:28:58 slack13 pluto[26544]: | Exponent2: 3913a010a95a518cb11df0741ea03ad4c149fb91029eb8fcbef2e5535124c17ccec5913d73474d569c21376b49088f713f4f09a39365086d2ba68d2fef4d60ef<br>
Dec 7 13:28:58 slack13 pluto[26544]: | Coefficient: 7ea884d9d7769396501a50406dbadbec66372c7d77f9889e2fe84326649692354b8459e16a44e10d8efb70bbca277c9675a615db9e79d101730cffa0cacdc1c8<br>Dec 7 13:28:58 slack13 pluto[26544]: loaded private key for keyid: PPK_RSA:AwEAAZ+GM<br>
<br><br>On windows side I imported my certificate (from p12 format) and also ca.crt and placed they in right place.<br>After configuring vpn connection in windows side<br>I tryed to connect but with no luck. On windows side I get error "792 the l2tp connection attempt failed because security negotiation timed out"<br>
<br>on linux side in var /log/secure I get:<br><br>acket from <a href="http://131.207.242.5:59780">131.207.242.5:59780</a>: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>Dec 7 13:34:14 slack13 pluto[26544]: packet from 131.207.xx.xx:59780: ignoring Vendor ID payload [FRAGMENTATION]<br>
Dec 7 13:34:14 slack13 pluto[26544]: packet from 131.207.xx.xx:59780: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 <br>Dec 7 13:34:14 slack13 pluto[26544]: packet from 131.207.xx.xx:59780: ignoring Vendor ID payload [Vid-Initial-Contact]<br>
Dec 7 13:34:14 slack13 pluto[26544]: | processing connection l2tp-X.509[1] 131.207.xx.xx<br>Dec 7 13:34:14 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207xx.xx #1: responding to Main Mode from unknown peer 131.207.xx.xx<br>
Dec 7 13:34:14 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207xx.xx #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Dec 7 13:34:14 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: STATE_MAIN_R1: sent MR1, expecting MI2<br>
Dec 7 13:34:14 slack13 pluto[26544]: | processing connection l2tp-X.509[1] 131.207.xx.xx<br>Dec 7 13:34:14 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed<br>
Dec 7 13:34:14 slack13 pluto[26544]: | processing connection l2tp-X.509[1] 131.207.xx.xx<br>Dec 7 13:34:14 slack13 pluto[26544]: | no Preshared Key Found<br>Dec 7 13:34:14 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
Dec 7 13:34:14 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: STATE_MAIN_R2: sent MR2, expecting MI3<br>Dec 7 13:34:14 slack13 pluto[26544]: | processing connection l2tp-X.509[1] 131.207.xx.xx<br>Dec 7 13:34:15 slack13 pluto[26544]: | processing connection l2tp-X.509[1] 131.207.xx.xx<br>
Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=PL, ST=cos, O=name1, OU=it, CN=mycert, E=<a href="mailto:myname@wp.pl">myname@wp.pl</a>'<br>
Dec 7 13:34:15 slack13 pluto[26544]: | keyid: *AwEAAc+Lo<br>Dec 7 13:34:15 slack13 pluto[26544]: | Modulus: cf8ba0b57f057ceb460129baf02daeffe104dcc31313cfccd3687c99525e7a69cf879def286ead78d2e8c06790c3bd4016fca82ed2ec14703ebdbb067e86a7b5c09cb07caa4f49f63a5f03ce2efffff10ba765017f28d20edcb0366490006d2943e4787b278c02e2f0eb1890ab60e62c246a6efd728875bde653e11f1d85f64b<br>
Dec 7 13:34:15 slack13 pluto[26544]: | PublicExponent: 10001<br>Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: no suitable connection for peer 'C=PL, ST=cos, O=name1, OU=it, CN=mycert, E=<a href="mailto:myname@wp.pl">myname@wp.pl</a>'<br>
Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: sending encrypted notification INVALID_ID_INFORMATION to 131.207.xx.xx:59780<br>Dec 7 13:34:15 slack13 pluto[26544]: | processing connection l2tp-X.509[1] 131.207.xx.xx<br>
Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.242.5 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=PL, ST=cos, O=name1, OU=it, CN=mycert, E=<a href="mailto:myname@wp.pl">myname@wp.pl</a>'<br>
Dec 7 13:34:15 slack13 pluto[26544]: | keyid: *AwEAAc+Lo<br>Dec 7 13:34:15 slack13 pluto[26544]: | Modulus: cf8ba0b57f057ceb460129baf02daeffe104dcc31313cfccd3687c99525e7a69cf879def286ead78d2e8c06790c3bd4016fca82ed2ec14703ebdbb067e86a7b5c09cb07caa4f49f63a5f03ce2efffff10ba765017f28d20edcb0366490006d2943e4787b278c02e2f0eb1890ab60e62c246a6efd728875bde653e11f1d85f64b<br>
Dec 7 13:34:15 slack13 pluto[26544]: | PublicExponent: 10001<br><br><br>I tryed to generate new certificate, but with no luck. I don't know what is set wrong but with PSK connection waorks well.<br><br>So please help me, I hope that somebody use openswan+xl2tpd with cert<br>
<br>Regards<br><br>Adam<br>