<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Sorry,<br>I forgot to mention the most important cnfig.. lt2p.<br><br> cat /etc/ppp/options.xl2tpd<br>require-mschap-v2<br>ms-dns 8.8.8.8<br>ms-dns 8.8.4.4<br>asyncmap 0<br>auth<br>crtscts<br>lock<br>hide-password<br>modem<br>debug<br>name l2tpd<br>proxyarp<br>lcp-echo-interval 30<br>lcp-echo-failure 4<br><br><br>Also, I was told that my version of openswan could have a bug on how l2tp communicates. I uninstalled and installed <code>openswan</code> 2.6.24 same error.<br><br>Gunther<code></code><br><br><br><br><hr id="stopSpelling">From: jprollerskate@hotmail.com<br>To: users@openswan.org<br>Date: Mon, 3 Jan 2011 05:11:13 +0000<br>Subject: [Openswan Users] lt2p ipsec vpn does not connect. Cannot find whats wrong.<br><br>
<meta http-equiv="Content-Type" content="text/html; charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML">
<style>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</style>
Hello,<br><br>Iam trying to get this configuration to work in a server behind a NAT, also the server is behind a router that only accepts ICMP, UDP, and TCP connections. For this last reason Iam using forceencaps=yes , and offcourse nat_traversal=yes ... am getting the messages below after it appears to negotiate the ipsec connection correctly. Please note that I have tested the below config witha server in my home LAN (no nat/firewalls in between off course) and it works perfectly.<br><br>Openswan version 2.6.23<br>Lt2p version: 1.2.5<br>Kernel: 2.6.32-24<br><br>Here is my ipsec config:<br><br>ubuntu@ip-10-112-49-52:~$ cat /etc/ipsec.conf<br>version 2.0<br>config setup<br> nat_traversal=yes<br> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br> oe=off<br> protostack=netkey<br><br>conn L2TP-PSK-NAT<br> rightsubnet=vhost:%priv<br> also=L2TP-PSK-noNAT<br><br>conn L2TP-PSK-noNAT<br> authby=secret<br> pfs=no<br> auto=add<br> keyingtries=3<br> rekey=no<br> ikelifetime=8h<br> keylife=1h<br> type=transport<br> left=10.112.49.52<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/%any<br> forceencaps=yes<br><br>auth.log<br>NOTE: Some IPs have been replaced for security reasons:<br>189.199.62.74 is a fake public IP representing the remote server<br>181.199.62.74 is a fake public IP representing the public IP of my home router.<br><br><br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #53: responding to Main Mode from unknown peer 181.199.62.74<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #53: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #53: STATE_MAIN_R1: sent MR1, expecting MI2<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #52: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #52: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0cae746c <0xc70e0aa0 xfrm=3DES_0-HMAC_MD5 NATOA=192.170.1.3 NATD=181.199.62.74:4500 DPD=none}<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: received Delete SA(0x0cae746c) payload: deleting IPSEC State #52<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: | raw_eroute result=0 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #49: received Delete SA(0x3026ac20) payload: deleting IPSEC State #50<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #49: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #49: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: | raw_eroute result=0 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #49: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #47: received Delete SA(0x99f52203) payload: deleting IPSEC State #48<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #47: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #47: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: | raw_eroute result=0 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #47: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #45: received Delete SA(0x39497c19) payload: deleting IPSEC State #46<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #45: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #45: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: | raw_eroute result=0 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #45: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #43: received Delete SA(0x944681bc) payload: deleting IPSEC State #44<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #43: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #43: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: | raw_eroute result=0 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #43: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #41: received Delete SA(0xbf5f0234) payload: deleting IPSEC State #42<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #41: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #41: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@10.112.49.52 was too long: 168 > 36<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: | raw_eroute result=0 <br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #41: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x3362d7ee<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x62e101ae<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x13335b0d<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xbbdba4d8<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x9f9b1385<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xaff01be8<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x6b605417<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x53f3de1c<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x5dc88fda<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xbf0d6282<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x99dc2e71<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xcf73a1fe<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x5e0e2b61<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x3a6290eb<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x479a71ba<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x2bf119ba<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x5602aea4<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:500: ignoring Delete SA payload: not encrypted<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:500: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xe451d0cf<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xb3409413<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x12af66a1<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #51: received Delete SA payload: deleting ISAKMP State #51<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #49: received Delete SA payload: deleting ISAKMP State #49<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #47: received Delete SA payload: deleting ISAKMP State #47<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #45: received Delete SA payload: deleting ISAKMP State #45<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #43: received Delete SA payload: deleting ISAKMP State #43<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: received and ignored informational message<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: "L2TP-PSK-NAT"[2] 181.199.62.74 #41: received Delete SA payload: deleting ISAKMP State #41<br>Jan 3 04:54:50 ip-10-112-49-52 pluto[3797]: packet from 181.199.62.74:4500: received and ignored informational message<br><br><br>Thanks<br>Gunther<br><br><br><br>
<br>_______________________________________________
Users@openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 </body>
</html>