<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Hello Paul,<br><br>I have upgraded to the openswan version 2.6.31 as you suggested.<br><br>> I dont see any mru/mtu options in here? Please look at<br>> the sample that came with xl2tpd and use that as much<br>> as possible.<br>> <br>> You actually didnt post /etc/xl2tpd/xl2tpd.conf<br><br>cat /etc/xl2tpd/xl2tpd.conf<br>[global]<br>ipsec saref = yes<br><br>[lns default]<br>ip range = 10.1.2.2-10.1.2.255<br>local ip = 10.194.5.212<br>refuse chap = yes<br>refuse pap = yes<br>require authentication = yes<br>ppp debug = yes<br>pppoptfile = /etc/ppp/options.xl2tpd<br>length bit = yes<br><br><br>Also... while I was doing tests and reconfiguring with this version... I ran a test before actually installing xl2tpd and just invoking an ipsec connection with my windows client. Normally when I did this exact text on my home server (same lan) I would just get 1 try and then the IPSEC establishment confirmation and nothing after that. Interesting enough in the server I get the IPsec establishment and then many many tries of the same... so its pretty much the same output with NO xl2tp.. which leads me to believe the problem is on ipsec.<br><br>Here is the outpout of that test:<br><br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]<br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 <br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]<br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: responding to Main Mode from unknown peer 145.356.62.74<br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Jan 3 19:39:27 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: STATE_MAIN_R1: sent MR1, expecting MI2<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: STATE_MAIN_R2: sent MR2, expecting MI3<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: Main mode peer ID is ID_FQDN: '@JP1'<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: new NAT mapping for #104, was 145.356.62.74:500, now 145.356.62.74:4500<br>Jan 3 19:39:28 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: peer client type is FQDN<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: Applying workaround for MS-818043 NAT-T bug<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: IDci was FQDN: 2\020\205\356, using NAT_OA=192.170.1.3/32 0 as IDci<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: the peer proposed: 123.16.133.238/32:17/1701 -> 192.170.1.3/32:17/1701<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: responding to Quick Mode proposal {msgid:5e03ecee}<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: us: 10.194.5.212<10.194.5.212>[+S=C]:17/1701<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: them: 145.356.62.74[@JP1,+S=C]:17/1701===192.170.1.3/32<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: keeping refhim=4294901761 during rekey<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #92: received Delete SA payload: deleting ISAKMP State #92<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: netlink_raw_eroute: WARNING: that_client port 0 and that_host port 4500 don't match. Using that_client port.<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #105: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xed0da1c2 <0xc877b36b xfrm=3DES_0-HMAC_MD5 NATOA=192.170.1.3 NATD=145.356.62.74:4500 DPD=none}<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [FRAGMENTATION]<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 <br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:500: ignoring Vendor ID payload [Vid-Initial-Contact]<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: responding to Main Mode from unknown peer 145.356.62.74<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: STATE_MAIN_R1: sent MR1, expecting MI2<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>Jan 3 19:39:29 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: STATE_MAIN_R2: sent MR2, expecting MI3<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: received Delete SA(0xed0da1c2) payload: deleting IPSEC State #105<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #102: received Delete SA(0x63f10221) payload: deleting IPSEC State #103<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #102: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #100: received Delete SA(0x43cab8f8) payload: deleting IPSEC State #101<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #100: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #98: received Delete SA(0x0c1e06a2) payload: deleting IPSEC State #99<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #98: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #96: received Delete SA(0xe46a5c07) payload: deleting IPSEC State #97<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #96: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #94: received Delete SA(0x0eca1c27) payload: deleting IPSEC State #95<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #94: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xd372f3da<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xccc8a7e6<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x7e8ad2ea<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xe011fc68<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x0e88551a<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xc0c3f66b<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x2a93bede<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xdb6f4674<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xe13dfd1a<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x7d4531a9<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x16a779fa<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x19d04ff7<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x418e977e<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x878a1ecd<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x89f7a47b<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x65278311<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1405bd6b<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1e16bb72<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x72157811<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: Main mode peer ID is ID_FQDN: '@JP1'<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: new NAT mapping for #106, was 145.356.62.74:500, now 145.356.62.74:4500<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: next payload type of ISAKMP Hash Payload has an unknown value: 183<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: malformed payload in packet<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: | payload malformed after IV<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: | d4 07 93 92 be b5 e8 51<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #106: sending notification PAYLOAD_MALFORMED to 145.356.62.74:4500<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #104: received Delete SA payload: deleting ISAKMP State #104<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #102: received Delete SA payload: deleting ISAKMP State #102<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #100: received Delete SA payload: deleting ISAKMP State #100<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #98: received Delete SA payload: deleting ISAKMP State #98<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #96: received Delete SA payload: deleting ISAKMP State #96<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: "L2TP-PSK-NAT"[2] 145.356.62.74 #94: received Delete SA payload: deleting ISAKMP State #94<br>Jan 3 19:39:30 ip-10-194-5-212 pluto[12204]: packet from 145.356.62.74:4500: received and ignored informational message<br><br><br><br>Gunther<br> </body>
</html>