
<html>

<head>

<style><!--

.hmmessage P

{

margin:0px;

padding:0px

}

body.hmmessage

{

font-size: 10pt;

font-family:Tahoma

}

--></style></head>

<body class='hmmessage'><div dir='ltr'>

<br><br><div><div id="SkyDrivePlaceholder"></div><div dir="ltr"><p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">Hello everyone..</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">i’m

new in networking, i want to make a ipsec vpn connection that used ubuntu 12.4

server and for client can use another os like another linux

ubuntu,windows(xp,vista,seven), android and ios device.</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">I allready try to setup the server..but

when connecting from window vista i got err9r 789 and from ubuntu 12.10 i got

error 300. There are no firewall filter setup in server or in router..the

server s behind NAT</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">&nbsp;</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">And then in /var/log/auth.log on server

i got this message :</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">&nbsp;</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;;color:#333333">Feb 19 13:04:36 unsoed-Aspire-M1610

pluto[5705]: loading secrets from "/etc/ipsec.secrets"<br>

Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:

received Vendor ID payload [RFC 3947] method set to=109&nbsp;<br>

Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:

received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but

already using method 109<br>

Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:

received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but

already using method 109<br>

Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:

received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but

already using method 109<br>

Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:

received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<br>

Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:

initial Main Mode message received on 192.168.200.194:500 but no connection has

been authorized with policy=PSK<br>

<br>

</span><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333"></span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">This is my scenario :</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">Server (192.168.200.194)---mikrotik

router (10.0.7.253)</span><span style="font-size:10.0pt;font-family:Wingdings;color:#333333">ß</span><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">--------client

(dynamic ip (10.0.8.17))</span></p>


<p class="ecxMsoNormal" style="text-align:justify"><span style="font-size:12pt;font-family:'Times New Roman', serif">|-------------------( NAT&nbsp;10.0.7.251)--------------|</span></p>


<p class="ecxMsoNormal" style="text-align:justify"><span style="font-size:12pt;font-family:'Times New Roman', serif">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; client call to&nbsp;10.0.7.251

get reach the server</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">this is my ipsec.conf set up in server</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">&nbsp;</span></p>


<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">etc/ipsec.conf file:</span></p>


<div style="mso-element:para-border-div;border:dashed #C1B496 1.0pt;padding:4.0pt 4.0pt 4.0pt 4.0pt;background:#F3F3F3">


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">config

setup</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; nat_traversal=yes</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp;

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12&nbsp;&nbsp;&nbsp; #contains the networks that are allowed as

subnet= for the remote client. In other words, the address ranges that may live

behind a NAT router through which a client connects.</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; oe=off</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; protostack=netkey</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">conn

L2TP-PSK-NAT</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; rightsubnet=vhost:%priv</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; also=L2TP-PSK-noNAT</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">conn

L2TP-PSK-noNAT</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; authby=secret</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; pfs=no</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; auto=add</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; keyingtries=3</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; rekey=no</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # Apple iOS doesn't send delete notify so

we need dead peer detection</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # to detect vanishing clients</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; dpddelay=30</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; dpdtimeout=120</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; dpdaction=clear</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # Set ikelifetime and keylife to same

defaults windows has</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; ikelifetime=8h</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; keylife=1h</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; type=transport</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # Replace IP address with your local IP

(private, behind NAT IP is okay as well)</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; leftid=@server1</span></p><p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; left=10.0.7.251</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # For updated Windows 2000/XP clients,</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # to support old clients as well, use

leftprotoport=17/%any</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; leftprotoport=17/1701</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; right</span><span style="color:rgb(51, 51, 51);font-family:Courier;font-size:10pt">id=@client1</span></p><p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; right=%any</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; rightprotoport=17/%any</span></p>


<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; #force all to be nat'ed. because of iOS</span></p><p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="color:rgb(51, 51, 51);font-family:Courier;line-height:14px">&nbsp; &nbsp; forceencaps=yes</span></p>


</div>


<span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp;&nbsp;</span><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">i really get stuck with this..</span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">really appreciate for any help..</span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333"><br></span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">regrads</span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">erlangga</span></div>                                               </div></div><style><!--

.ExternalClass .ecxhmmessage P

{padding:0px;}

.ExternalClass body.ecxhmmessage

{font-size:10pt;font-family:Tahoma;}


--></style>                                               </div></body>

</html>