<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=big5" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19400">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff size=2 face=Verdana>Dear Sirs,</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT size=2><FONT color=#0000ff face=Verdana>The configuration of
L2TP/IPSec are as below. I always could not make the L2TP/IPSec
connection.I tried to search the informations in internet.but It did not
seem to have the good effect.So could someone help me this
question.R</FONT><SPAN
style="LINE-HEIGHT: 115%; FONT-FAMILY: Courier; COLOR: #333333; FONT-SIZE: 10pt"><FONT
color=#0000ff face=Verdana>eally appreciate for any
help..</FONT></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Best Regards,</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Ozai</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>openswan(2.6.38)+l2tp(1.3.1) server
(172.17.21.81)-----------client (172.17.21.80)</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana># cat ipsec.conf<BR>config
setup<BR>
nat_traversal=no<BR>
oe=off<BR>
protostack=netkey<BR>
interfaces=%defaultroute</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>conn
L2TP-PSK-NAT<BR>
rightsubnet=vhost:%no,%priv<BR>
also=L2TP-PSK-noNAT</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>conn
L2TP-PSK-noNAT<BR>
left=172.17.21.81<BR>
leftprotoport=17/1701<BR>
rightprotoport=17/1701<BR>
right=172.17.21.80<BR>
pfs=no<BR>
keylife=1h<BR>
keyingtries=3<BR>
rekey=no<BR>
ikelifetime=60m<BR>
type=transport<BR>
authby=secret<BR>
auto=add<BR>#</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Jan 1 04:12:15 daemon err
ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...<BR>Jan 1 04:12:15
daemon err ipsec_setup: Using NETKEY(XFRM) stack<BR>Jan 1 04:12:17
authpriv err ipsec__plutorun: Starting Pluto subsystem...<BR>Jan 1
04:12:17 user warn syslog: adjusting ipsec.d to /var/ipsec.d<BR>Jan 1
04:12:17 authpriv warn pluto[8314]: LEAK_DETECTIVE support
[disabled]<BR>Jan 1 04:12:17 authpriv warn pluto[8314]: OCF support for
IKE [disabled]<BR>Jan 1 04:12:17 authpriv warn pluto[8314]: NSS support
[disabled]<BR>Jan 1 04:12:17 authpriv warn pluto[8314]: HAVE_STATSD
notification support not compiled in<BR>Jan 1 04:12:17 authpriv warn
pluto[8314]: Setting NAT-Traversal port-4500 floating to off<BR>Jan 1
04:12:17 authpriv warn pluto[8314]: port floating activation
criteria nat_t=0/port_float=1<BR>Jan 1 04:12:17 authpriv warn
pluto[8314]: NAT-Traversal support
[disabled]<BR>Jan 1 04:12:17 authpriv warn pluto[8314]: using /dev/urandom
as source of random entropy<BR>Jan 1 04:12:17 daemon err ipsec__plutorun:
adjusting ipsec.d to /var/ipsec.d<BR>Jan 1 04:12:17 authpriv warn
pluto[8314]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
(ret=0)<BR>Jan 1 04:12:17 authpriv warn pluto[8314]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<BR>Jan 1
04:12:17 authpriv warn pluto[8314]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)<BR>Jan 1 04:12:17 authpriv warn pluto[8314]:
starting up 1 cryptographic helpers<BR>Jan 1 04:12:17 authpriv warn
pluto[8314]: started helper pid=8319 (fd:6)<BR>Jan 1 04:12:17 authpriv
warn pluto[8319]: using /dev/urandom as source of random entropy<BR>Jan 1
04:12:17 daemon err ipsec_setup: ...Openswan IPsec started<BR>Jan 1
04:12:17 authpriv warn pluto[8314]: Using Linux 2.6 IPsec interface code on
2.6.30 (experimental code)<BR>Jan 1 04:12:19 authpriv warn pluto[8314]:
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)<BR>Jan 1 04:12:19
authpriv warn pluto[8314]: ike_alg_add(): ERROR: algo_type '0', algo_id '0',
Algorithm type already exists<BR>Jan 1 04:12:19 authpriv warn pluto[8314]:
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)<BR>Jan 1
04:12:19 authpriv warn pluto[8314]: ike_alg_add(): ERROR: algo_type '0', algo_id
'0', Algorithm type already exists<BR>Jan 1 04:12:19 authpriv warn
pluto[8314]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED
(ret=-17)<BR>Jan 1 04:12:19 authpriv warn pluto[8314]: ike_alg_add():
ERROR: algo_type '0', algo_id '0', Algorithm type already exists<BR>Jan 1
04:12:19 authpriv warn pluto[8314]: ike_alg_register_enc(): Activating
aes_gcm_8: FAILED (ret=-17)<BR>Jan 1 04:12:19 authpriv warn pluto[8314]:
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already
exists<BR>Jan 1 04:12:19 authpriv warn pluto[8314]:
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)<BR>Jan 1
04:12:19 authpriv warn pluto[8314]: ike_alg_add(): ERROR: algo_type '0', algo_id
'0', Algorithm type already exists<BR>Jan 1 04:12:19 authpriv warn
pluto[8314]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED
(ret=-17)<BR>Jan 1 04:12:19 authpriv warn pluto[8314]: Could not change to
directory '/var/ipsec.d/cacerts': No such file or directory<BR>Jan 1
04:12:19 authpriv warn pluto[8314]: Could not change to directory
'/var/ipsec.d/aacerts': No such file or directory<BR>Jan 1 04:12:19
authpriv warn pluto[8314]: Could not change to directory
'/var/ipsec.d/ocspcerts': No such file or directory<BR>Jan 1 04:12:19
authpriv warn pluto[8314]: Could not change to directory '/var/ipsec.d/crls': 2
No such file or directory<BR>Jan 1 04:12:19 authpriv warn pluto[8314]:
added connection description "L2TP-PSK-NAT"<BR>Jan 1 04:12:19 daemon err
ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"<BR>Jan 1
04:12:19 authpriv warn pluto[8314]: added connection description
"L2TP-PSK-noNAT"<BR>Jan 1 04:12:19 daemon err ipsec__plutorun: 002 added
connection description "L2TP-PSK-noNAT"<BR>Jan 1 04:12:20 authpriv warn
pluto[8314]: listening for IKE messages<BR>Jan 1 04:12:20 authpriv warn
pluto[8314]: adding interface eth0.1/eth0.1 172.17.21.81:500<BR>Jan 1
04:12:20 authpriv warn pluto[8314]: adding interface br0/br0
192.168.1.254:500<BR>Jan 1 04:12:20 authpriv warn pluto[8314]: adding
interface lo/lo 127.0.0.1:500<BR>Jan 1 04:12:20 authpriv warn pluto[8314]:
adding interface lo/lo ::1:500<BR>Jan 1 04:12:20 authpriv warn
pluto[8314]: loading secrets from "/var/ipsec.secrets"<BR>Jan 1 04:12:21
authpriv warn pluto[8314]: packet from 172.17.21.80:500: received Vendor ID
payload [RFC 3947] meth=115, but port floating is off<BR>Jan 1 04:12:21
authpriv warn pluto[8314]: packet from 172.17.21.80:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is
off<BR>Jan 1 04:12:21 authpriv warn pluto[8314]: packet from
172.17.21.80:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
meth=106, but port floating is off<BR>Jan 1 04:12:21 authpriv warn
pluto[8314]: packet from 172.17.21.80:500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]<BR>Jan 1 04:12:21 authpriv warn
pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: responding to Main Mode from
unknown peer 172.17.21.80<BR>Jan 1 04:12:21 authpriv warn pluto[8314]:
"L2TP-PSK-NAT"[1] 172.17.21.80 #1: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<BR>Jan 1 04:12:21 authpriv warn pluto[8314]:
"L2TP-PSK-NAT"[1] 172.17.21.80 #1: STATE_MAIN_R1: sent MR1, expecting
MI2<BR>Jan 1 04:12:21 authpriv warn pluto[8314]: packet from
172.17.21.80:500: Quick Mode message is for a non-existent (expired?) ISAKMP
SA<BR>Jan 1 04:12:21 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1]
172.17.21.80 #1: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<BR>Jan 1 04:12:21 authpriv warn pluto[8314]:
"L2TP-PSK-NAT"[1] 172.17.21.80 #1: STATE_MAIN_R2: sent MR2, expecting
MI3<BR>Jan 1 04:12:21 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1]
172.17.21.80 #1: Main mode peer ID is ID_IPV4_ADDR: '172.17.21.80'<BR>Jan
1 04:12:21 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<BR>Jan 1
04:12:21 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<BR>Jan 1
04:12:25 authpriv warn pluto[8314]: packet from 172.17.21.80:500: Quick Mode
message is for a non-existent (expired?) ISAKMP SA<BR>Jan 1 04:12:29
authpriv warn pluto[8314]: packet from 172.17.21.80:500: Quick Mode message is
for a non-existent (expired?) ISAKMP SA<BR>Jan 1 04:12:33 authpriv warn
pluto[8314]: packet from 172.17.21.80:500: Quick Mode message is for a
non-existent (expired?) ISAKMP SA<BR>Jan 1 04:12:37 authpriv warn
pluto[8314]: packet from 172.17.21.80:500: Quick Mode message is for a
non-existent (expired?) ISAKMP SA<BR>Jan 1 04:12:41 authpriv warn
pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: the peer proposed:
172.17.21.81/32:17/1701 -> 172.17.21.80/32:17/1701<BR>Jan 1 04:12:41
authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: cannot respond to
IPsec SA request because no connection is known for
172.17.21.81<172.17.21.81>...172.17.21.80<172.17.21.80><BR>Jan
1 04:12:41 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: sending
encrypted notification INVALID_ID_INFORMATION to 172.17.21.80:500<BR>Jan 1
04:12:45 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: the peer
proposed: 172.17.21.81/32:17/1701 -> 172.17.21.80/32:17/1701<BR>Jan 1
04:12:45 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: cannot
respond to IPsec SA request because no connection is known for
172.17.21.81<172.17.21.81>...172.17.21.80<172.17.21.80><BR>Jan
1 04:12:45 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: sending
encrypted notification INVALID_ID_INFORMATION to 172.17.21.80:500<BR>Jan 1
04:12:49 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: the peer
proposed: 172.17.21.81/32:17/1701 -> 172.17.21.80/32:17/1701<BR>Jan 1
04:12:49 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: cannot
respond to IPsec SA request because no connection is known for
172.17.21.81<172.17.21.81>...172.17.21.80<172.17.21.80><BR>Jan
1 04:12:49 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: sending
encrypted notification INVALID_ID_INFORMATION to 172.17.21.80:500<BR>Jan 1
04:12:53 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: the peer
proposed: 172.17.21.81/32:17/1701 -> 172.17.21.80/32:17/1701<BR>Jan 1
04:12:53 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: cannot
respond to IPsec SA request because no connection is known for
172.17.21.81<172.17.21.81>...172.17.21.80<172.17.21.80><BR>Jan
1 04:12:53 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: sending
encrypted notification INVALID_ID_INFORMATION to 172.17.21.80:500<BR>Jan 1
04:12:57 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: the peer
proposed: 172.17.21.81/32:17/1701 -> 172.17.21.80/32:17/1701<BR>Jan 1
04:12:57 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: cannot
respond to IPsec SA request because no connection is known for
172.17.21.81<172.17.21.81>...172.17.21.80<172.17.21.80><BR>Jan
1 04:12:57 authpriv warn pluto[8314]: "L2TP-PSK-NAT"[1] 172.17.21.80 #1: sending
encrypted notification INVALID_ID_INFORMATION to 172.17.21.80:500</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV></BODY></HTML>