<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
<br><br><div><div id="SkyDrivePlaceholder"></div><div dir="ltr"><p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">Hello everyone..</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">i’m
new in networking, i want to make a ipsec vpn connection that used ubuntu 12.4
server and for client can use another os like another linux
ubuntu,windows(xp,vista,seven), android and ios device.</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">I allready try to setup the server..but
when connecting from window vista i got err9r 789 and from ubuntu 12.10 i got
error 300. There are no firewall filter setup in server or in router..the
server s behind NAT</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">&nbsp;</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">And then in /var/log/auth.log on server
i got this message :</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">&nbsp;</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;;color:#333333">Feb 19 13:04:36 unsoed-Aspire-M1610
pluto[5705]: loading secrets from "/etc/ipsec.secrets"<br>
Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:
received Vendor ID payload [RFC 3947] method set to=109&nbsp;<br>
Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109<br>
Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using method 109<br>
Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109<br>
Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<br>
Feb 19 13:05:25 unsoed-Aspire-M1610 pluto[5705]: packet from 10.0.8.1:500:
initial Main Mode message received on 192.168.200.194:500 but no connection has
been authorized with policy=PSK<br>
<br>
</span><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333"></span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">This is my scenario :</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">Server (192.168.200.194)---mikrotik
router (10.0.7.253)</span><span style="font-size:10.0pt;font-family:Wingdings;color:#333333">ß</span><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">--------client
(dynamic ip (10.0.8.17))</span></p>

<p class="ecxMsoNormal" style="text-align:justify"><span style="font-size:12pt;font-family:'Times New Roman', serif">|-------------------( NAT&nbsp;10.0.7.251)--------------|</span></p>

<p class="ecxMsoNormal" style="text-align:justify"><span style="font-size:12pt;font-family:'Times New Roman', serif">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; client call to&nbsp;10.0.7.251
get reach the server</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">this is my ipsec.conf set up in server</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">&nbsp;</span></p>

<p class="ecxMsoNormal" style="background-color:white;vertical-align:baseline;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:#333333">etc/ipsec.conf file:</span></p>

<div style="mso-element:para-border-div;border:dashed #C1B496 1.0pt;padding:4.0pt 4.0pt 4.0pt 4.0pt;background:#F3F3F3">

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">config
setup</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; nat_traversal=yes</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp;
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12&nbsp;&nbsp;&nbsp; #contains the networks that are allowed as
subnet= for the remote client. In other words, the address ranges that may live
behind a NAT router through which a client connects.</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; oe=off</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; protostack=netkey</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">conn
L2TP-PSK-NAT</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; rightsubnet=vhost:%priv</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; also=L2TP-PSK-noNAT</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">conn
L2TP-PSK-noNAT</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; authby=secret</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; pfs=no</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; auto=add</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; keyingtries=3</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; rekey=no</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # Apple iOS doesn't send delete notify so
we need dead peer detection</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # to detect vanishing clients</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; dpddelay=30</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; dpdtimeout=120</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; dpdaction=clear</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # Set ikelifetime and keylife to same
defaults windows has</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; ikelifetime=8h</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; keylife=1h</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; type=transport</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # Replace IP address with your local IP
(private, behind NAT IP is okay as well)</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; leftid=@server1</span></p><p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; left=10.0.7.251</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # For updated Windows 2000/XP clients,</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; # to support old clients as well, use
leftprotoport=17/%any</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; leftprotoport=17/1701</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; right</span><span style="color:rgb(51, 51, 51);font-family:Courier;font-size:10pt">id=@client1</span></p><p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp; &nbsp; right=%any</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; rightprotoport=17/%any</span></p>

<p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="font-size:10.0pt;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp; #force all to be nat'ed. because of iOS</span></p><p class="ecxMsoNormal" style="line-height:12pt;vertical-align:baseline;border:none;padding:0cm;background-position:initial initial;background-repeat:initial initial"><span style="color:rgb(51, 51, 51);font-family:Courier;line-height:14px">&nbsp; &nbsp; forceencaps=yes</span></p>

</div>

<span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">&nbsp;&nbsp;&nbsp;&nbsp;</span><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">i really get stuck with this..</span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">really appreciate for any help..</span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333"><br></span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">regrads</span></div><div><span style="font-size:10.0pt;line-height:115%;font-family:Courier;color:#333333">erlangga</span></div>                                               </div></div><style><!--
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}

--></style>                                               </div></body>
</html>