<div dir="ltr"><br>Hello sir,<br><br>Thanks for reply,<br>But when I am adding leftsourceip=192.168.5.X where X is my ip of other interface in server. At that time client can not establish VPN connection with server. At server side this error is coming on /var/log/auth.log file<br>
<br><span style="color: rgb(0, 0, 102);">tailf /var/log/auth.log</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: STATE_MAIN_R2: sent MR2, expecting MI3</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: STATE_MAIN_R2: sent MR2, expecting MI3</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.22'</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: the peer proposed: <a href="http://192.168.1.121/32:17/1701">192.168.1.121/32:17/1701</a> -> <a href="http://192.168.1.22/32:17/0">192.168.1.22/32:17/0</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.121<192.168.1.121>[+S=C]:17/1701...192.168.1.22[+S=C]:17/%any</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://192.168.1.22:500">192.168.1.22:500</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: the peer proposed: <a href="http://192.168.1.121/32:17/1701">192.168.1.121/32:17/1701</a> -> <a href="http://192.168.1.22/32:17/0">192.168.1.22/32:17/0</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.121<192.168.1.121>[+S=C]:17/1701...192.168.1.22[+S=C]:17/%any</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:01 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://192.168.1.22:500">192.168.1.22:500</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:03 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: the peer proposed: <a href="http://192.168.1.121/32:17/1701">192.168.1.121/32:17/1701</a> -> <a href="http://192.168.1.22/32:17/0">192.168.1.22/32:17/0</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:03 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.121<192.168.1.121>[+S=C]:17/1701...192.168.1.22[+S=C]:17/%any</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:03 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://192.168.1.22:500">192.168.1.22:500</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:03 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.121<192.168.1.121>[+S=C]:17/1701...192.168.1.22[+S=C]:17/%any</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:03 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://192.168.1.22:500">192.168.1.22:500</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:05 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: the peer proposed: <a href="http://192.168.1.121/32:17/1701">192.168.1.121/32:17/1701</a> -> <a href="http://192.168.1.22/32:17/0">192.168.1.22/32:17/0</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:05 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.121<192.168.1.121>[+S=C]:17/1701...192.168.1.22[+S=C]:17/%any</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:05 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://192.168.1.22:500">192.168.1.22:500</a></span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Sep 13 10:37:05 UTM pluto[4908]: "L2TP-PSK-NAT"[2] 192.168.1.22 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.121<192.168.1.121>[+</span><br>
<br>And /var/log/debug this error is coming.<br><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: Call established with 192.168.1.22, Local: 30238, Remote: 1, Serial: 0</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: check_control: Received out of order control packet on tunnel 1 (got 5, expected 4)</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">xl2tpd[3623]: handle_packet: bad control packet!</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: check_control: Received out of order control packet on tunnel 1 (got 5, expected 4)</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">xl2tpd[3623]: handle_packet: bad control packet!</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: Maximum retries exceeded for tunnel 12846. Closing.</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">xl2tpd[3623]: control_finish: Connection closed to 192.168.1.22, serial 0 ()</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: Terminating pppd: sending TERM signal to pid 4597</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">xl2tpd[3623]: Connection 1 closed to 192.168.1.22, port 1701 (Timeout)</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: control_finish: Connection closed to 192.168.1.22, port 1701 (), Local: 12846, Remote: 1</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">xl2tpd[3623]: Can not find tunnel 12846 (refhim=0)</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd[3623]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 12846 Dumping.</span><br>
<br>And I cannot add leftsubnet tag . When I am adding leftsubnet client cannot able to establish connection .<br>Is any IPSEC version problem or some configuration problem.<br><br><span style="color: rgb(0, 0, 102);">ipsec --version</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Linux Openswan U2.6.35/K2.6.28.4-enjay (netkey)</span><br style="color: rgb(0, 0, 102);"><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd --version</span><br style="color: rgb(0, 0, 102);">
<br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">xl2tpd version: xl2tpd-1.2.8</span><br><br><br><div class="gmail_quote">On Mon, Sep 12, 2011 at 9:24 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">On Mon, 12 Sep 2011, heta shah wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Please help me I am doing some error or not . I am facing this one way communication. Is any route add at server side is required<br>
or not ?? My internal network is <a href="http://192.168.5.0/24" target="_blank">192.168.5.0/24</a> and I want to apply remote network VPN client from this network . In this setup I<br>
can communicate from client to server but I cannot communicate from server to client But still VPN connection is showing up.<br>
</blockquote>
<br></div>
You should never attempt or need to add routes manually.<br>
<br>
You might want to add on the server a leftsourceip=192.168.5.X (X is whatever IP your server has in that range)<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">Thanks and Regards.<br><br>Heta <br><br><br><br></div><br>
</div>