<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Oh my gosh, i didn't, did i ? yes i did, i'm so confused :(</span><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
I'll move this subject to strong swan, i did it late last night and i was crossing so much help from both , open and strong that i end up here :( mea culpa </div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Anyway, thanks for your answer, i tried without success :( </div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<div>fc_try trying l2tp-psk-nat:<a href="http://88.185.173.199/32:17/1701" target="_blank" style="color:rgb(17,85,204)">88.185.173.199/32:17/1701</a> -> <a href="http://192.168.1.116/32:17/0" target="_blank" style="color:rgb(17,85,204)">192.168.1.116/32:17/0</a> vs l2tp-psk-nat:<a href="http://192.168.0.20/32:17/1701" target="_blank" style="color:rgb(17,85,204)">192.168.0.20/32:17/1701</a> -> 84.78.198.299/32:17/0</div>
<div>Sep 18 04:59:02 debian pluto[1981]: | fc_try concluding with none [0]</div><div>Sep 18 04:59:02 debian pluto[1981]: | fc_try l2tp-psk-nat gives none</div><div>Sep 18 04:59:02 debian pluto[1981]: | checking hostpair <a href="http://192.168.0.20/32" target="_blank" style="color:rgb(17,85,204)">192.168.0.20/32</a> -> <a href="http://84.78.198.224/32" target="_blank" style="color:rgb(17,85,204)">84.78.198.224/32</a> is found</div>
<div>Sep 18 04:59:02 debian pluto[1981]: | fc_try trying l2tp-psk-nat:<a href="http://88.185.173.162/32:17/1701" target="_blank" style="color:rgb(17,85,204)">88.185.173.162/32:17/1701</a> -> <a href="http://192.168.1.116/32:17/0" target="_blank" style="color:rgb(17,85,204)">192.168.1.116/32:17/0</a> vs l2tp-psk-nat:<a href="http://192.168.0.20/32:17/1701" target="_blank" style="color:rgb(17,85,204)">192.168.0.20/32:17/1701</a> -> <a href="http://0.0.0.0/32:17/0" target="_blank" style="color:rgb(17,85,204)">0.0.0.0/32:17/0</a></div>
<div>Sep 18 04:59:02 debian pluto[1981]: | fc_try concluding with none [0]</div><div>Sep 18 04:59:02 debian pluto[1981]: | fc_try_oppo trying l2tp-psk-nat:<a href="http://88.185.173.162/32" target="_blank" style="color:rgb(17,85,204)">88.185.173.162/32</a> -> <a href="http://192.168.1.116/32" target="_blank" style="color:rgb(17,85,204)">192.168.1.116/32</a> vs l2tp-psk-nat:<a href="http://192.168.0.20/32" target="_blank" style="color:rgb(17,85,204)">192.168.0.20/32</a> -><a href="http://0.0.0.0/32" target="_blank" style="color:rgb(17,85,204)">0.0.0.0/32</a></div>
<div>Sep 18 04:59:02 debian pluto[1981]: | fc_try_oppo concluding with none [0]</div><div>Sep 18 04:59:02 debian pluto[1981]: | concluding with d = none</div><div>Sep 18 04:59:02 debian pluto[1981]: "l2tp-psk-nat"[2] <a href="tel:84.78.198.299" value="+18478198299" target="_blank" style="color:rgb(17,85,204)">84.78.198.299</a>:4502 #1: cannot respond to IPsec SA request because no connection is known for <a href="http://88.185.173.199/32===192.168.0.20:4500%5B192.168.0.20%5D:17/1701...84.78.198.299:4502%5B192.168.1.116%5D:17/%any===192.168.1.116/32" target="_blank" style="color:rgb(17,85,204)">88.185.173.199/32===192.168.0.20:4500[192.168.0.20]:17/1701...84.78.198.299:4502[192.168.1.116]:17/%any===192.168.1.116/32</a></div>
</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Thanks again for your help, i'll move this subject to the good place ;)</div><br><div class="gmail_quote">
On Tue, Sep 18, 2012 at 2:01 AM, Willie Gillespie <span dir="ltr"><<a href="mailto:wgillespie+openswan@es2eng.com" target="_blank">wgillespie+openswan@es2eng.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Steve,<br>
<br>
This list is for Openswan, not Strongswan -- although products with the same functionality. Are you wanting to switch your Strongswan config to Openswan?<br>
<br>
Willie<div><div class="h5"><br>
<br>
On 09/17/2012 04:52 PM, Jthemovie wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Hi all,<br>
<br>
<br>
I think i really did my best but even after having read so (too) much of<br>
the mailing list, i finish posting here :)<br>
<br>
To sum up quickly :<br>
<br>
<br>
OS running strongswan : debian 6.0.3<br>
<br>
<br>
I installed strongswan this way:<br>
<br>
<br>
apt-get install build-essential fakeroot dpkg-dev devscripts<br>
<br>
apt-get source strongswan<br>
<br>
apt-get install libcurl4-openssl-dev<br>
<br>
apt-get build-dep strongswan<br>
<br>
vi strongswan-4.4.1/debian/rules<br>
<br>
<br>
/*****[strongswan-4.4.1/<u></u>debian/rules]******/<br>
<br>
CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \<br>
<br>
--libexecdir=/usr/lib \<br>
<br>
--enable-ldap --enable-curl \<br>
<br>
--with-capabilities=libcap \<br>
<br>
--enable-smartcard \<br>
<br>
--with-default-pkcs11=/usr/<u></u>lib/opensc-pkcs11.so \<br>
<br>
--enable-mediation --enable-medsrv --enable-medcli \<br>
<br>
--enable-openssl --enable-agent \<br>
<br>
--enable-eap-radius --enable-eap-identity<br>
--enable-eap-md5 \<br>
<br>
--enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \<br>
<br>
--enable-sql --enable-integrity-test \<br>
<br>
--enable-nm --enable-ha --enable-dhcp --enable-farp \<br>
<br>
--enable-test-vectors \<br>
<br></div></div>
*--enable-nat-transport*<div class="im"><br>
<br>
/***********/<br>
<br>
dpkg-buildpackage -rfakeroot -uc -b<br>
<br>
Then installed everything with :<br>
<br>
<br>
dpkg -i *.deb<br>
<br>
<br>
Results :<br>
<br></div>
*dpkg -l | grep strong*<br>
<br>
**<div class="im"><br>
<br>
ii libstrongswan 4.4.1-5.2<br>
strongSwan utility and crypto library<br>
<br>
rc network-manager-strongswan 1.1.2-1<br>
network management framework (strongSwan plugin)<br>
<br>
ii strongswan 4.4.1-5.2<br>
IPsec VPN solution metapackage<br>
<br>
ii strongswan-dbg 4.4.1-5.2<br>
strongSwan library and binaries - debugging symbols<br>
<br>
ii strongswan-ikev1 4.4.1-5.2<br>
strongSwan Internet Key Exchange (v1) daemon<br>
<br>
ii strongswan-ikev2 4.4.1-5.2<br>
strongSwan Internet Key Exchange (v2) daemon<br>
<br>
ii strongswan-nm 4.4.1-5.2<br>
strongSwan plugin to interact with NetworkManager<br>
<br>
ii strongswan-starter 4.4.1-5.2<br>
strongSwan daemon starter and configuration file parser<br>
<br>
<br>
From here, everything fine, my setup is he following :<br>
<br>
<br>
On one side :<br>
<br>
<br></div>
Debian strongswan vpn server : <a href="http://192.168.0.20/24" target="_blank">192.168.0.20/24</a> <<a href="http://192.168.0.20/24" target="_blank">http://192.168.0.20/24</a>><br>
<br>
ADSL Gateway : <a href="http://192.168.0.254/24" target="_blank">192.168.0.254/24</a> <<a href="http://192.168.0.254/24" target="_blank">http://192.168.0.254/24</a>><div class="im"><br>
<br>
Public IP : 88.185.173.199<br>
<br>
<br>
On the other side, the client (OSX 10.6.8 native client) one :<br>
<br>
<br>
PUBLIC IP : <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a><br>
<br></div>
ADSL Gateway : <a href="http://192.168.1.1/24" target="_blank">192.168.1.1/24</a> <<a href="http://192.168.1.1/24" target="_blank">http://192.168.1.1/24</a>><br>
<br>
OSX Client : <a href="http://192.168.1.100/24" target="_blank">192.168.1.100/24</a> <<a href="http://192.168.1.100/24" target="_blank">http://192.168.1.100/24</a>><div class="im"><br>
<br>
<br>
so according some post in the mailing list, i configured as follow :<br>
<br>
<br></div>
*/etc/ipsec.conf*<br>
<br>
/*****/******/<br>
<br>
config setup<br>
<br>
*nat_traversal=yes*<div class="im"><br>
<br>
charonstart=yes<br>
<br>
plutostart=yes<br>
<br>
#higher debug level mode<br>
<br>
plutodebug="control controlmore"<br>
<br>
<br>
conn l2tp-psk-nat<br>
<br>
authby=psk<br>
<br>
pfs=no<br>
<br>
#keyexchange=ikev1<br>
<br>
rekey=no<br>
<br>
type=transport<br>
<br>
#esp=aes128-sha1<br>
<br>
#ike=aes128-sha-modp1024<br>
<br>
left=%defaultroute<br>
<br></div>
leftsubnet=<a href="http://88.185.173.199/32" target="_blank">88.185.173.199/32</a> <<a href="http://88.185.173.199/32" target="_blank">http://88.185.173.199/32</a>><br>
<br>
leftprotoport=17/1701<br>
<br>
rightprotoport=17/%any<br>
<br>
auto=add<br>
<br>
/***********/<br>
<br>
<br>
*/etc/ipsec.secrets *<div class="im"><br>
<br>
/******chmod 600*****/<br>
<br>
192.168.0.20 %any : PSK "mySecretKey"<br>
<br>
/***********/<br>
<br>
<br></div>
*/etc/xl2tpd/xl2tpd.conf*<div class="im"><br>
<br>
/***********/<br>
<br>
[global]<br>
<br>
debug network = yes<br>
<br>
debug tunnel = yes<br>
<br>
port = 1701<br>
<br>
ipsec saref = no<br>
<br>
<br>
[lns default]<br>
<br>
ip range = 192.168.2.35-192.168.2.39<br>
<br>
local ip = 192.168.2.34<br>
<br>
refuse chap = yes<br>
<br>
refuse pap = yes<br>
<br>
require authentication = yes<br>
<br>
ppp debug = yes<br>
<br>
pppoptfile = /etc/ppp/options.xl2tpd<br>
<br>
length bit = yes<br>
<br>
/***********/<br>
<br>
<br>
<br></div>
*/etc/ppp/options.xl2tpd*<div class="im"><br>
<br>
/***********/<br>
<br>
ipcp-accept-local<br>
<br>
ipcp-accept-remote<br>
<br>
ms-dns <a href="tel:212.27.40.240" value="+12122740240" target="_blank">212.27.40.240</a><br>
<br>
noccp<br>
<br>
auth<br>
<br>
crtscts<br>
<br>
idle 1800<br>
<br>
mtu 1500<br>
<br>
mru 1500<br>
<br>
nodefaultroute<br>
<br>
debug<br>
<br>
lock<br>
<br>
proxyarp<br>
<br>
connect-delay 5000<br>
<br>
/***********/<br>
<br>
<br></div>
*/etc/ppp/chap-secrets*<div class="im"><br>
<br>
/*****chmod 600******/<br>
<br>
# client server secret IP addresses<br>
<br>
myUser l2tpd myUserSecret *<br>
<br>
/***********/<br>
<br>
<br>
Logs results :<br>
<br>
<br>
command<br>
<br></div>
**<br>
<br>
*ipsec statusall*<div class="im"><br>
<br>
<br>
000 Status of IKEv1 pluto daemon (strongSwan 4.4.1):<br>
<br>
000 interface lo/lo ::1:500<br>
<br></div>
000 interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a> <<a href="http://127.0.0.1:4500" target="_blank">http://127.0.0.1:4500</a>><br>
<br>
000 interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a> <<a href="http://127.0.0.1:500" target="_blank">http://127.0.0.1:500</a>><br>
<br>
000 interface eth0/eth0 <a href="http://192.168.0.20:4500" target="_blank">192.168.0.20:4500</a> <<a href="http://192.168.0.20:4500" target="_blank">http://192.168.0.20:4500</a>><br>
<br>
000 interface eth0/eth0 <a href="http://192.168.0.20:500" target="_blank">192.168.0.20:500</a> <<a href="http://192.168.0.20:500" target="_blank">http://192.168.0.20:500</a>><div class="im"><br>
<br>
000 %myid = '%any'<br>
<br>
000 loaded plugins: curl ldap aes des sha1 sha2 md5 random x509 pubkey<br>
pkcs1 pgp dnskey pem openssl hmac gmp xauth attr resolve<br>
<br>
000 debug options: control+controlmore<br>
<br>
000<br>
<br>
000 "l2tp-psk-nat":<br>
<a href="http://88.185.173.199/32===192.168.0.20%5B192.168.0.20%5D:17/1701---192.168.0.254...%any[%any]:17/%any" target="_blank">88.185.173.199/32===192.168.0.<u></u>20[192.168.0.20]:17/1701---<u></u>192.168.0.254...%any[%any]:17/<u></u>%any</a><br>
</div>
<<a href="http://88.185.173.199/32===192.168.0.20%5B192.168.0.20%5D:17/1701---192.168.0.254...%any[%any]:17/%any" target="_blank">http://88.185.173.199/32===<u></u>192.168.0.20[192.168.0.20]:17/<u></u>1701---192.168.0.254...%any[%<u></u>any]:17/%any</a>>;<div class="im">
<br>
unrouted; eroute owner: #0<br>
<br>
000 "l2tp-psk-nat": ike_life: 10800s; ipsec_life: 3600s; rekey_margin:<br>
540s; rekey_fuzz: 100%; keyingtries: 3<br>
<br>
000 "l2tp-psk-nat": policy: PSK+ENCRYPT+DONTREKEY; prio: 32,32;<br>
interface: eth0;<br>
<br>
000 "l2tp-psk-nat": newest ISAKMP SA: #0; newest IPsec SA: #0;<br>
<br>
000<br>
<br>
Status of IKEv2 charon daemon (strongSwan 4.4.1):<br>
<br>
uptime: 12 seconds, since Sep 18 00:32:37 2012<br>
<br>
malloc: sbrk 270336, mmap 0, used 175544, free 94792<br>
<br>
worker threads: 6 idle of 16, job queue load: 0, scheduled events: 0<br>
<br>
loaded plugins: curl ldap aes des sha1 sha2 md5 random x509 pubkey<br>
pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac agent gmp attr resolve<br>
kernel-netlink socket-raw farp stroke updown eap-identity eap-aka<br>
eap-md5 eap-gtc eap-mschapv2 nm dhcp<br>
<br>
Listening IP addresses:<br>
<br>
192.168.0.20<br>
<br>
Connections:<br>
<br>
Security Associations:<br>
<br>
none<br>
<br>
<br></div>
*auth.log when i start the service :*<br>
<br>
**<div><div class="h5"><br>
<br>
Sep 17 18:34:55 debian ipsec_starter[11137]: Starting strongSwan 4.4.1<br>
IPsec [starter]...<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: Starting IKEv1 pluto daemon<br>
(strongSwan 4.4.1) THREADS SMARTCARD VENDORID<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: plugin 'test-vectors' failed to<br>
load: /usr/lib/ipsec/plugins/<u></u>libstrongswan-test-vectors.so: cannot open<br>
shared object file: No such file or directory<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: attr-sql plugin: database URI not set<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: plugin 'attr-sql': failed to load -<br>
attr_sql_plugin_create returned NULL<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loaded plugins: curl ldap aes des<br>
sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl hmac gmp<br>
xauth attr resolve<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | inserting event<br>
EVENT_REINIT_SECRET, timeout in 3600 seconds<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: including NAT-Traversal patch<br>
(Version 0.6c)<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | pkcs11 module<br>
'/usr/lib/opensc-pkcs11.so' loading...<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | pkcs11 module initializing...<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | pkcs11 module loaded and initialized<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 0<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 1<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 2<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 3<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 4<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 5<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 6<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 7<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 8<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 9<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 10<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 11<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 12<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 13<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 14<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: no token present in slot 15<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: Using Linux 2.6 IPsec interface code<br>
<br>
Sep 17 18:34:55 debian ipsec_starter[11150]: pluto (11151) started after<br>
20 ms<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loading ca certificates from<br>
'/etc/ipsec.d/cacerts'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loading aa certificates from<br>
'/etc/ipsec.d/aacerts'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loading ocsp certificates from<br>
'/etc/ipsec.d/ocspcerts'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: Changing to directory<br>
'/etc/ipsec.d/crls'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loading attribute certificates from<br>
'/etc/ipsec.d/acerts'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | inserting event EVENT_LOG_DAILY,<br>
timeout in 84305 seconds<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | next event EVENT_REINIT_SECRET in<br>
3600 seconds<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: |<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | *received whack message<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: listening for IKE messages<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | found lo with address 127.0.0.1<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | found eth0 with address 192.168.0.20<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: adding interface eth0/eth0<br>
</div></div><a href="http://192.168.0.20:500" target="_blank">192.168.0.20:500</a> <<a href="http://192.168.0.20:500" target="_blank">http://192.168.0.20:500</a>><div class="im"><br>
<br>
Sep 17 18:34:55 debian pluto[11151]: adding interface eth0/eth0<br>
</div><a href="http://192.168.0.20:4500" target="_blank">192.168.0.20:4500</a> <<a href="http://192.168.0.20:4500" target="_blank">http://192.168.0.20:4500</a>><div class="im"><br>
<br>
Sep 17 18:34:55 debian pluto[11151]: adding interface lo/lo<br>
</div><a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a> <<a href="http://127.0.0.1:500" target="_blank">http://127.0.0.1:500</a>><div class="im"><br>
<br>
Sep 17 18:34:55 debian pluto[11151]: adding interface lo/lo<br>
</div><a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a> <<a href="http://127.0.0.1:4500" target="_blank">http://127.0.0.1:4500</a>><div><div class="h5"><br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | found lo with address<br>
0000:0000:0000:0000:0000:0000:<u></u>0000:0001<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: adding interface lo/lo ::1:500<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | certs and keys locked by<br>
'free_preshared_secrets'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | certs and keys unlocked by<br>
'free_preshard_secrets'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loading secrets from<br>
"/etc/ipsec.secrets"<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: loaded PSK secret for<br>
192.168.0.20 %any<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | certs and keys locked by<br>
'process_secret'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | certs and keys unlocked by<br>
'process_secrets'<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | next event EVENT_REINIT_SECRET in<br>
3600 seconds<br>
<br>
Sep 17 18:34:55 debian ipsec_starter[11150]: charon (11162) started<br>
after 40 ms<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: |<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | *received whack message<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | from whack: got --esp=aes128-sha1<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | esp proposal: AES_CBC_128/HMAC_SHA1,<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | from whack: got<br>
--ike=aes128-sha-modp1024<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | ike proposal:<br>
AES_CBC_128/HMAC_SHA1/MODP_<u></u>1024,<br>
<br></div></div>
Sep 17 18:34:55 debian pluto[11151]: *added connection description<br>
"l2tp-psk-nat"*<div class="im"><br>
<br>
Sep 17 18:34:55 debian pluto[11151]: |<br>
<a href="http://88.185.173.199/32===192.168.0.20%5B192.168.0.20%5D:17/1701---192.168.0.254...%any[%any]:17/%any" target="_blank">88.185.173.199/32===192.168.0.<u></u>20[192.168.0.20]:17/1701---<u></u>192.168.0.254...%any[%any]:17/<u></u>%any</a><br>
</div>
<<a href="http://88.185.173.199/32===192.168.0.20%5B192.168.0.20%5D:17/1701---192.168.0.254...%any[%any]:17/%any" target="_blank">http://88.185.173.199/32===<u></u>192.168.0.20[192.168.0.20]:17/<u></u>1701---192.168.0.254...%any[%<u></u>any]:17/%any</a>><div class="im">
<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | ike_life: 10800s; ipsec_life:<br>
3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy:<br>
PSK+ENCRYPT+DONTREKEY<br>
<br>
Sep 17 18:34:55 debian pluto[11151]: | next event EVENT_REINIT_SECRET in<br>
3600 seconds<br>
<br>
<br>
<br></div>
*auth.log when a client try to connect :*<div><div class="h5"><br>
<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | *received 300 bytes from<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500 on eth0<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
received Vendor ID payload [RFC 3947]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [<u></u>4df37928e9fc4fd1b3262170d515c6<u></u>62]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [<u></u>8f8d83826d246b6fc7a8a6a428c11d<u></u>e8]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [<u></u>439b59f8ba676c4c7737ae22eab8f5<u></u>82]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [<u></u>4d1e0e136deafa34c4f3ea9f02ec72<u></u>85]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [<u></u>80d0bb3def54565ee84645d4c85ce3<u></u>ee]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [<u></u>9909b64eed937c6573de52ace952fa<u></u>6b]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-<u></u>03]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-<u></u>02]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-<u></u>02_n]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: packet from <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500:<br>
received Vendor ID payload [Dead Peer Detection]<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | preparse_isakmp_policy: peer<br>
requests PSK authentication<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | instantiated "l2tp-psk-nat" for<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a><br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | creating state object #1 at<br>
0xb8d9c320<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | inserting event EVENT_SO_DISCARD,<br>
timeout in 0 seconds for #1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: "l2tp-psk-nat"<a href="tel:%5B1%5D%2084.78.198.299%20%231" value="+18478198299" target="_blank">[1] 84.78.198.299 #1</a>:<br>
responding to Main Mode from unknown peer <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a><br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | inserting event EVENT_RETRANSMIT,<br>
timeout in 10 seconds for #1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | next event EVENT_RETRANSMIT in 10<br>
seconds for #1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | *received 228 bytes from<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500 on eth0<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | state object #1 found, in<br>
STATE_MAIN_R1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: "l2tp-psk-nat"<a href="tel:%5B1%5D%2084.78.198.299%20%231" value="+18478198299" target="_blank">[1] 84.78.198.299 #1</a>:<br>
NAT-Traversal: Result using RFC 3947: both are NATed<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | inserting event<br>
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | inserting event EVENT_RETRANSMIT,<br>
timeout in 10 seconds for #1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | next event EVENT_RETRANSMIT in 10<br>
seconds for #1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | *received 100 bytes from<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 on eth0<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | state object #1 found, in<br>
STATE_MAIN_R2<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: "l2tp-psk-nat"<a href="tel:%5B1%5D%2084.78.198.299%20%231" value="+18478198299" target="_blank">[1] 84.78.198.299 #1</a>:<br>
ignoring informational payload, type IPSEC_INITIAL_CONTACT<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: "l2tp-psk-nat"<a href="tel:%5B1%5D%2084.78.198.299%20%231" value="+18478198299" target="_blank">[1] 84.78.198.299 #1</a>:<br>
Peer ID is ID_IPV4_ADDR: '192.168.1.110'<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | peer CA: %none<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | l2tp-psk-nat: no match (id: no,<br>
auth: ok, trust: ok, request: ok, prio: 2048)<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | l2tp-psk-nat: full match (id: ok,<br>
auth: ok, trust: ok, request: ok, prio: 1216)<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | offered CA: %none<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | switched from "l2tp-psk-nat" to<br>
"l2tp-psk-nat"<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | instantiated "l2tp-psk-nat" for<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a><br>
<br>
Sep 17 18:37:27 debian pluto[11151]: "l2tp-psk-nat"[2] <a href="tel:84.78.198.299%20%231" value="+18478198299" target="_blank">84.78.198.299 #1</a>:<br>
deleting connection "l2tp-psk-nat" instance with peer <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a><br>
{isakmp=#0/ipsec=#0}<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | certs and keys locked by<br>
'delete_connection'<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | certs and keys unlocked by<br>
'delete_connection'<br>
<br></div></div>
Sep 17 18:37:27 debian pluto[11151]: | *NAT-T: *new mapping<div><div class="h5"><br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:500/4501)<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | inserting event EVENT_SA_EXPIRE,<br>
timeout in 3600 seconds for #1<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 #1: sent MR3, ISAKMP SA established<br>
<br>
Sep 17 18:37:27 debian pluto[11151]: | next event EVENT_NAT_T_KEEPALIVE<br>
in 20 seconds<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | *received 252 bytes from<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 on eth0<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | state object not found<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | state object #1 found, in<br>
STATE_MAIN_R3<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | peer client is 192.168.1.110<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | peer client protocol/port is 17/53734<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | our client is 88.185.173.199<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | our client protocol/port is 17/1701<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | find_client_connection starting<br>
with l2tp-psk-nat<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | looking for<br>
</div></div><a href="http://88.185.173.199/32:17/1701" target="_blank">88.185.173.199/32:17/1701</a> <<a href="http://88.185.173.199/32:17/1701" target="_blank">http://88.185.173.199/32:17/<u></u>1701</a>> -><br>
<a href="http://192.168.1.110/32:17/53734" target="_blank">192.168.1.110/32:17/53734</a> <<a href="http://192.168.1.110/32:17/53734" target="_blank">http://192.168.1.110/32:17/<u></u>53734</a>><div class="im"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | concrete checking against sr#0<br>
</div><a href="http://88.185.173.199/32" target="_blank">88.185.173.199/32</a> <<a href="http://88.185.173.199/32" target="_blank">http://88.185.173.199/32</a>> -> 84.78.198.299/32<div class="im"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try trying<br>
l2tp-psk-nat:<a href="http://88.185.173.199/32:17/1701" target="_blank">88.185.173.199/<u></u>32:17/1701</a><br></div>
<<a href="http://88.185.173.199/32:17/1701" target="_blank">http://88.185.173.199/32:17/<u></u>1701</a>> -> <a href="http://192.168.1.110/32:17/0" target="_blank">192.168.1.110/32:17/0</a><br>
<<a href="http://192.168.1.110/32:17/0" target="_blank">http://192.168.1.110/32:17/0</a>> vs l2tp-psk-nat:<a href="http://88.185.173.199/32:17/1701" target="_blank">88.185.173.199/<u></u>32:17/1701</a><br>
<<a href="http://88.185.173.199/32:17/1701" target="_blank">http://88.185.173.199/32:17/<u></u>1701</a>> -> 84.78.198.299/32:17/0<div class="im"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try concluding with none [0]<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try l2tp-psk-nat gives none<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | checking hostpair<br>
</div><a href="http://88.185.173.199/32" target="_blank">88.185.173.199/32</a> <<a href="http://88.185.173.199/32" target="_blank">http://88.185.173.199/32</a>> -> 84.78.198.299/32 is found<div class="im"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try trying<br>
l2tp-psk-nat:<a href="http://88.185.173.199/32:17/1701" target="_blank">88.185.173.199/<u></u>32:17/1701</a><br></div>
<<a href="http://88.185.173.199/32:17/1701" target="_blank">http://88.185.173.199/32:17/<u></u>1701</a>> -> <a href="http://192.168.1.110/32:17/0" target="_blank">192.168.1.110/32:17/0</a><br>
<<a href="http://192.168.1.110/32:17/0" target="_blank">http://192.168.1.110/32:17/0</a>> vs l2tp-psk-nat:<a href="http://88.185.173.199/32:17/1701" target="_blank">88.185.173.199/<u></u>32:17/1701</a><br>
<<a href="http://88.185.173.199/32:17/1701" target="_blank">http://88.185.173.199/32:17/<u></u>1701</a>> -> <a href="http://0.0.0.0/32:17/0" target="_blank">0.0.0.0/32:17/0</a><br>
<<a href="http://0.0.0.0/32:17/0" target="_blank">http://0.0.0.0/32:17/0</a>><div class="im"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try concluding with none [0]<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try_oppo trying<br></div>
l2tp-psk-nat:<a href="http://88.185.173.199/32" target="_blank">88.185.173.199/32</a> <<a href="http://88.185.173.199/32" target="_blank">http://88.185.173.199/32</a>> -><br>
<a href="http://192.168.1.110/32" target="_blank">192.168.1.110/32</a> <<a href="http://192.168.1.110/32" target="_blank">http://192.168.1.110/32</a>> vs<br>
l2tp-psk-nat:<a href="http://88.185.173.199/32" target="_blank">88.185.173.199/32</a> <<a href="http://88.185.173.199/32" target="_blank">http://88.185.173.199/32</a>> -> <a href="http://0.0.0.0/32" target="_blank">0.0.0.0/32</a><br>
<<a href="http://0.0.0.0/32" target="_blank">http://0.0.0.0/32</a>><div class="im"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | fc_try_oppo concluding with<br>
none [0]<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | concluding with d = none<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 #1: cannot respond to IPsec SA request because no<br>
connection is known for<br>
<a href="http://88.185.173.199/32===192.168.0.20:4500%5B192.168.0.20%5D:17/1701...84.78.198.299:4501%5B192.168.1.110%5D:17/%any===192.168.1.110/32" target="_blank">88.185.173.199/32===192.168.0.<u></u>20:4500[192.168.0.20]:17/1701.<u></u>..84.78.198.299:4501[192.168.<u></u>1.110]:17/%any===192.168.1.<u></u>110/32</a><br>
</div>
<<a href="http://88.185.173.199/32===192.168.0.20:4500%5B192.168.0.20%5D:17/1701...84.78.198.299:4501%5B192.168.1.110%5D:17/%any===192.168.1.110/32" target="_blank">http://88.185.173.199/32===<u></u>192.168.0.20:4500[192.168.0.<u></u>20]:17/1701...84.78.198.299:<u></u>4501[192.168.1.110]:17/%any===<u></u>192.168.1.110/32</a>><div>
<div class="h5"><br>
<br>
Sep 17 18:37:28 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 #1: sending encrypted notification<br>
INVALID_ID_INFORMATION to <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | state transition function for<br>
STATE_QUICK_R0 failed: INVALID_ID_INFORMATION<br>
<br>
Sep 17 18:37:28 debian pluto[11151]: | next event EVENT_NAT_T_KEEPALIVE<br>
in 19 seconds<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | *received 252 bytes from<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 on eth0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state object not found<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state object #1 found, in<br>
STATE_MAIN_R3<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 #1: Quick Mode I1 message is unacceptable because it<br>
uses a previously used Message ID 0x767ae29b (perhaps this is a<br>
duplicated packet)<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 #1: sending encrypted notification INVALID_MESSAGE_ID<br>
to <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | next event EVENT_NAT_T_KEEPALIVE<br>
in 16 seconds<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | *received 84 bytes from<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 on eth0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state object #1 found, in<br>
STATE_MAIN_R3<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state object #1 found, in<br>
STATE_MAIN_R3<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501 #1: received Delete SA payload: deleting ISAKMP State #1<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | ICOOKIE: 96 61 2d 50 c6 46 15 77<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | RCOOKIE: 32 f3 92 fa 6c af 23 86<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | peer: 54 4e c6 e0<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | state hash entry 23<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: "l2tp-psk-nat"[2]<br>
<a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a>:4501: deleting connection "l2tp-psk-nat" instance with<br>
peer <a href="tel:84.78.198.299" value="+18478198299" target="_blank">84.78.198.299</a> {isakmp=#0/ipsec=#0}<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | certs and keys locked by<br>
'delete_connection'<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | certs and keys unlocked by<br>
'delete_connection'<br>
<br>
Sep 17 18:37:31 debian pluto[11151]: | next event EVENT_NAT_T_KEEPALIVE<br>
in 16 seconds<br>
<br>
Sep 17 18:37:47 debian pluto[11151]: |<br>
<br>
Sep 17 18:37:47 debian pluto[11151]: | *time to handle event<br>
<br>
<br>
So here i am, i really tried the best i can, but i'm running out of<br>
ideas :((( I underlined in the latest log what's i think its going<br>
wrong, but despite that it seems to be a NAT problem, everything is<br>
nated correctly on the ADSL router<br>
<br>
the port 1701, 4500, 500 in udp are well nated to my vpn server, any<br>
ideas, any suggestions will be more than welcome ;)<br>
<br>
Thanks a lot in advance for your precious help and sorry for the level<br>
of logs, but the more the debug level of log is, the easier is the way<br>
to find out what is going wrong ;)<br>
<br>
Best Regards<br>
<br>
Steve<br>
<br>
<br>
<br></div></div>
**<br>
<br>
**<br>
<br>
**<br>
<br>
<br>
**<br>
<br>
**<br>
<br>
**<br>
<br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/<u></u>mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/<u></u>38387/IPsec-for-Linux-made-<u></u>easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/<u></u>product/1904811256/104-<u></u>3099591-2946327?n=283155</a><br>
<br>
</blockquote>
</blockquote></div><br>