<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div>Hello,</div><div>I'm trying to set up a tunnel from an iPad to a Linux Box xl2tpd server (attached to the network)</div><div> - Debian 5.0.7</div><div> - kernel 2.6.26-2-xen-amd64</div><div> - self compiled version of Linux Openswan 2.6.32 (klips)</div><div> - self compiled version 1.2.7 of xl2tpd (but strangely reporting xl2tpd version xl2tpd-1.2.6)</div><div> - debian pppd version 2.4.4</div><div> - eth0 = mypublicip (X.y.z.a)</div><div> - dummy0 = myprivateip (10.31.135.254) - testbox</div><div><br></div><div>Ipsec tunnel is up without any trouble…. (so ipsec.secrets is ok)</div><div>But l2tp never worked</div><div><br></div><div><br></div><div>**************</div><div><div><span class="Apple-style-span" style="font-family: Courier; ">/etc/ipsec.conf</span></div><div><font class="Apple-style-span" face="Courier"><span class="Apple-style-span" style="font-family: Calibri, sans-serif; "><div>**************</div><div></div></span></font></div><div><font class="Apple-style-span" face="Courier">config setup</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">interfaces="%defaultroute"</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">protostack=klips</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">OE=off</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">nat_traversal=yes</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.31.135.0/24</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">interfaces="ipsec0=eth0"</font></div><div><font class="Apple-style-span" face="Courier"><br></font></div><div><font class="Apple-style-span" face="Courier">conn L2TP-PSK-NAT</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">rightsubnet=vhost:%priv</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">also=L2TP-PSK-noNAT</font></div><div><font class="Apple-style-span" face="Courier"><br></font></div><div><font class="Apple-style-span" face="Courier">conn L2TP-PSK-noNAT</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">authby=secret</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">pfs=no</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">auto=add</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">keyingtries=3</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">rekey=no</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">ikelifetime=8h</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">keylife=1h</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">type=transport</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">left=X.y.z.a</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">leftprotoport=17/1701</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">right=%any</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">rightprotoport=17/%any</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">forceencaps=yes</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">dpddelay=40</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">dpdtimeout=130</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="Courier">        </font></span><font class="Apple-style-span" face="Courier">dpdaction=clear</font></div><div><font class="Apple-style-span" face="Courier"><br></font></div><div><font class="Apple-style-span" face="Courier"><br></font></div><div><font class="Apple-style-span" face="Courier"><span class="Apple-style-span" style="font-family: Calibri, sans-serif; "><div><span style="font-family: Courier; ">**************</span></div><div><div><span class="Apple-style-span" style="font-family: Courier; ">/etc/ipsec.secrets</span></div><div><font class="Apple-style-span" face="Courier"><span class="Apple-style-span" style="font-family: Calibri, sans-serif; "><div><span style="font-family: Courier; ">**************</span></div><span style="font-family: Courier; "><div></div></span></span></font></div></div></span></font></div><div><span style="font-family: Courier; ">X.y.z.a %any : PSK "AVerySecretPassword"</span></div></div><div><br></div><div><div><span style="font-family: Courier; ">**************</span></div><span style="font-family: Courier; "><div></div></span><div><font class="Apple-style-span" face="Courier">/etc/xl2tpd/xl2tpd.conf </font></div><div><span style="font-family: Courier; ">**************</span></div><span style="font-family: Courier; "><div></div></span><div><span class="Apple-style-span" style="font-family: Courier; ">[global]</span></div><div><span class="Apple-style-span" style="font-family: Courier; ">debug tunnel = yes</span></div><div><font class="Apple-style-span" face="Courier">debug network = yes</font></div><div><font class="Apple-style-span" face="Courier">debug state = yes</font></div><div><font class="Apple-style-span" face="Courier">debug avp = yes</font></div><div><font class="Apple-style-span" face="Courier"><br></font></div><div><font class="Apple-style-span" face="Courier">[lns default]</font></div><div><font class="Apple-style-span" face="Courier">ip range = 10.31.135.2-10.31.135.250</font></div><div><font class="Apple-style-span" face="Courier">local ip = 10.31.135.1</font></div><div><font class="Apple-style-span" face="Courier">require chap = yes</font></div><div><font class="Apple-style-span" face="Courier">refuse pap = yes</font></div><div><font class="Apple-style-span" face="Courier">require authentication = yes</font></div><div><font class="Apple-style-span" face="Courier">name = l2tpsvr</font></div><div><font class="Apple-style-span" face="Courier">ppp debug = yes</font></div><div><font class="Apple-style-span" face="Courier">pppoptfile = /etc/ppp/options.xl2tpd</font></div><div><font class="Apple-style-span" face="Courier">length bit = yes</font></div></div><div><font class="Apple-style-span" face="Courier"><br></font></div><div><font class="Apple-style-span" face="Courier"><span class="Apple-style-span" style="font-family: Calibri, sans-serif; "><div><span style="font-family: Courier; ">**************</span></div><span style="font-family: Courier; "><div></div></span><div><font class="Apple-style-span" face="Courier">/etc/ppp/options.xl2tpd </font></div><div><span style="font-family: Courier; ">**************</span></div><span style="font-family: Courier; "><div></div></span></span></font></div><div><div><span class="Apple-style-span" style="font-family: Courier; ">ipcp-accept-local</span></div><div><span style="font-family: Courier; ">ipcp-accept-remote</span></div><div><span style="font-family: Courier; ">ms-dns 81.92.x.y</span></div><div><span style="font-family: Courier; ">ms-dns 81.92.a.b</span></div><div><span style="font-family: Courier; ">noccp</span></div><div><span style="font-family: Courier; ">auth</span></div><div><span style="font-family: Courier; ">crtscts</span></div><div><span style="font-family: Courier; ">idle 1800</span></div><div><span style="font-family: Courier; ">mtu 1200</span></div><div><span style="font-family: Courier; ">mru 1200</span></div><div><span style="font-family: Courier; ">nodefaultroute</span></div><div><span style="font-family: Courier; ">debug</span></div><div><span style="font-family: Courier; ">lock</span></div><div><span style="font-family: Courier; ">proxyarp</span></div><div><span style="font-family: Courier; ">connect-delay 5000</span></div><div><font class="Apple-style-span" face="Courier"><br></font></div></div><div><br></div><div><div><span style="font-family: Courier; ">l2tp:/usr/src/xl2tpd-1.2.7# xl2tpd -D</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: setsockopt recvref[22]: Protocol not available</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: This binary does not support kernel L2TP.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: xl2tpd version xl2tpd-1.2.6 started on l2tp.financialart.be PID:5300</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Forked by Scott Balmos and David Stipp, (C) 2001</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Inherited by Jeff McAdams, (C) 2002</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Forked again by Xelerance (www.xelerance.com) (C) 2006</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Listening on IP address 0.0.0.0, port 1701</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 40687, call 0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: sending SCCRP</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 21206, call 0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring second one.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 21206</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 16811, call 58064</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring second one.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 16811</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 54191, call 56833</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring second one.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 54191</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Maximum retries exceeded for tunnel 40687. Closing.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 10323, call 0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring second one.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 10323</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 40687</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Connection 76 closed to 109.129.28.162, port 50750 (Timeout)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 57821, call 4499</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring second one.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 57821</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: select timeout</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: Unable to deliver closing message for tunnel 40687. Destroying anyway.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: network_thread: recv packet from 109.129.28.162, size = 60, tunnel = 0, call = 0 ref=0 refhim=0</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: get_call: allocating new tunnel for host 109.129.28.162, port 50750.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: handle_avps: handling avp's for tunnel 16436, call 38118</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: message_type_avp: message type 1 (Start-Control-Connection-Request)</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: protocol_version_avp: peer is using version 1, revision 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: framing_caps_avp: supported peer frames: async sync</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: hostname_avp: peer reports hostname ''</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: assigned_tunnel_avp: using peer's tunnel 76</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 76, call is 0.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: control_finish: Peer requested tunnel 76 twice, ignoring second one.</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 16436</span></div><div><span style="font-family: Courier; ">xl2tpd[5300]: build_fdset: closing down tunnel 40687</span></div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp ipsec__plutorun: Starting Pluto subsystem...</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:3276</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: LEAK_DETECTIVE support [disabled]</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: OCF support for IKE [disabled]</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: SAref support [disabled]: Protocol not available</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: SAbind support [disabled]: Protocol not available</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: NSS support [disabled]</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: HAVE_STATSD notification support not compiled in</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Setting NAT-Traversal port-4500 floating to on</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: port floating activation criteria nat_t=1/port_float=1</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: NAT-Traversal support [enabled]</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: using /dev/urandom as source of random entropy</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: no helpers will be started, all cryptographic operations will be done inline</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Using KLIPS IPsec interface code on 2.6.26-2-xen-amd64</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Changed path to directory '/etc/ipsec.d/cacerts'</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Changed path to directory '/etc/ipsec.d/aacerts'</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Changed path to directory '/etc/ipsec.d/ocspcerts'</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Changing to directory '/etc/ipsec.d/crls'</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: Warning: empty directory</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: added connection description "L2TP-PSK-NAT"</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: added connection description "L2TP-PSK-noNAT"</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: listening for IKE messages</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: adding interface ipsec0/eth0 81.92.226.188:500</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: adding interface ipsec0/eth0 81.92.226.188:4500</span></div><div><span style="font-family: Courier; ">Jan 10 09:32:08 l2tp pluto[3276]: loading secrets from "/etc/ipsec.secrets"</span></div><div><span class="Apple-style-span" style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: received Vendor ID payload [RFC 3947] method set to=109 </span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 </span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: packet from 109.129.28.162:500: received Vendor ID payload [Dead Peer Detection]</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: responding to Main Mode from unknown peer 109.129.28.162</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: STATE_MAIN_R1: sent MR1, expecting MI2</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: STATE_MAIN_R2: sent MR2, expecting MI3</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[6] 109.129.28.162 #7: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: deleting connection "L2TP-PSK-NAT" instance with peer 109.129.28.162 {isakmp=#0/ipsec=#0}</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: new NAT mapping for #7, was 109.129.28.162:500, now 109.129.28.162:4500</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:31 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: Dead Peer Detection (RFC 3706): enabled</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #7: the peer proposed: 81.92.226.188/32:17/1701 -> 192.168.1.11/32:17/0</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: responding to Quick Mode proposal {msgid:cbe4e6f7}</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: us: 81.92.226.188<81.92.226.188>[+S=C]:17/1701</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: them: 109.129.28.162[192.168.1.11,+S=C]:17/50750===192.168.1.11/32</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:32 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:33 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: Dead Peer Detection (RFC 3706): enabled</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:33 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</span></div><div><span style="font-family: Courier; ">Jan 10 10:10:33 l2tp pluto[3276]: "L2TP-PSK-NAT"[7] 109.129.28.162 #8: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0c8ad036 <0x94f2b892 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=109.129.28.162:4500 DPD=enabled}</span></div></div><div><br></div><div><div><div style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; "><span lang="EN-US" style="font-size: 9pt; color: rgb(80, 80, 255); font-family: 'Lucida Sans Unicode', sans-serif; ">Pascal Fuks<br>Network & Security Consultant,<br>CEO / Administrateur délégué,<br><br></span></div><div style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; "><span lang="EN-US" style="font-size: 9pt; color: rgb(80, 80, 255); font-family: 'Lucida Sans Unicode', sans-serif; ">Tel. : +32 2 387 08 00<br>Fax : +32 2 387 07 06<br>Email : </span><span style="font-size: 9pt; font-family: 'Lucida Sans Unicode', sans-serif; color: rgb(80, 80, 255); "><span lang="EN-US" style="color: blue; "><a href="mailto:veronique@financialart.be" target="_blank" style="color: blue; text-decoration: underline; ">pascal@financial-art.be</a></span></span></div><div style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-family: 'Times New Roman'; font-size: 16px; "><font class="Apple-style-span" color="#0000FF" face="Lucida Sans Unicode,sans-serif" size="3"><span class="Apple-style-span" style="font-size: 12px; ">IM: pascal@financial-art (MSN)</span><span class="Apple-style-span" style="font-size: 12px; "><br></span><span class="Apple-style-span" style="font-size: 12px; ">Free/Busy Time: http://tinyurl.com/pfukscal</span></font></div><div style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 9pt; font-family: 'Lucida Sans Unicode', sans-serif; color: rgb(80, 80, 255); "><span lang="EN-US" style="color: rgb(176, 0, 0); "><br><a href="http://www.financial-art.be/" target="_blank" style="color: blue; text-decoration: underline; "></a></span></span></div><div style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 9pt; font-family: 'Lucida Sans Unicode', sans-serif; color: rgb(80, 80, 255); "><span lang="EN-US" style="color: rgb(176, 0, 0); "><a href="http://www.financial-art.be/" target="_blank" style="text-decoration: none; color: blue; ">www.financial-art.be</a></span></span><span lang="EN-US" style="font-size: 9pt; color: rgb(80, 80, 255); font-family: 'Lucida Sans Unicode', sans-serif; "></span></div><div style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8pt; color: green; ">Avant d’imprimer cet email, réfléchissez à l’impact sur l’environnement. Please consider the environment before printing this mail.</span></div><p class="MsoNormal" style="margin-top: 0cm; margin-bottom: 0.0001pt; margin-right: 0cm; margin-left: 0cm; font-size: 11pt; font-family: Calibri, sans-serif; "> </p></div></div></div></div><br>**** DISCLAIMER ****<br>
<br>
"This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. <br>
Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. <br>
If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer".<br>
<br>
Thank you for your cooperation.<br>
<br>
* This e-mail was scanned against known viruses by MDaemon-DKAV</body></html>