<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Rescued from the Spam bucket.  Please remember to subscribe to the mailing list before posting to it.<br class=""><div><br class=""><div class=""><div class=""><span class="" style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);"><b class="">Date: </b></span><span class="" style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;">January 9, 2015 at 3:40:01 AM GMT-5</span></div><div class=""><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">Cannot connect to L2TP/IPSec VPN (OpenSwan, xl2tpd, Ubuntu)</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Luke Chai <<a href="mailto:huijin.mrd@gmail.com" class="">huijin.mrd@gmail.com</a>><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><a href="mailto:users@lists.openswan.org" class="">users@lists.openswan.org</a><br class=""></span></div><br class=""><br class=""><div dir="ltr" class=""><div class="">Hi,</div><div class=""><br class=""></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">I'm using OpenSwan & xL2tpd to build a VPN server and both of them can be started properly.</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">But I cannot connect from PC. It will try to connect, then failed after some time. (l2tp-vpn server did not respond...)</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">As the syslog is not updating while connecting, seems like OpenSwan IPSec isn't passing the traffic to xl2tpd.</span><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">The IPSec log looks OK as below.</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [RFC 3947] method set to=115 </span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02n] meth=106, but already using method 115</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: ignoring Vendor ID payload [FRAGMENTATION 80000000]</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: packet from <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>: received Vendor ID payload [Dead Peer Detection]</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: responding to Main Mode from unknown peer 121.204.130.139</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: transition from state STATEMAINR0 to state STATEMAINR1</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: STATEMAINR1: sent MR1, expecting MI2</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: transition from state STATEMAINR1 to state STATEMAINR2</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: STATEMAINR2: sent MR2, expecting MI3</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: ignoring informational payload, type IPSECINITIALCONTACT msgid=00000000</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: Main mode peer ID is IDIPV4ADDR: '192.168.0.105'</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: transition from state STATEMAINR2 to state STATEMAINR3</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: new NAT mapping for #2, was <a href="http://121.204.130.139:500/" class="">121.204.130.139:500</a>, now <a href="http://121.204.130.139:4500/" class="">121.204.130.139:4500</a></span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: STATEMAINR3: sent MR3, ISAKMP SA established {auth=OAKLEYPRESHAREDKEY cipher=aes256 prf=oakleysha group=modp1024}</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: Dead Peer Detection (RFC 3706): enabled</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: the peer proposed: <a href="http://104.236.82.206/32:17/1701" class="">104.236.82.206/32:17/1701</a> -> <a href="http://192.168.0.105/32:17/0" class="">192.168.0.105/32:17/0</a></span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: NAT-Traversal: received 2 NAT-OA. using first, ignoring others</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: responding to Quick Mode proposal {msgid:deb619d7}</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: us: 104.236.82.206<104.236.82.206>:17/1701</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: them: 121.204.130.139[192.168.0.105]:17/51822===<a href="http://192.168.0.105/32" class="">192.168.0.105/32</a></span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: transition from state STATEQUICKR0 to state STATEQUICKR1</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: STATEQUICKR1: sent QR1, inbound IPsec SA installed, expecting QI2</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: Dead Peer Detection (RFC 3706): enabled</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: transition from state STATEQUICKR1 to state STATEQUICKR2</span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height:17.8048000335693px" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: STATEQUICKR2: IPsec SA established transport mode {ESP=>0x08baca35 <0x761f15da xfrm=AES256-HMAC_SHA1 NATOA=192.168.0.105 NATD=<a href="http://121.204.130.139:4500/" class="">121.204.130.139:4500</a> DPD=enabled}</span></font></div></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" class=""><span style="line-height:17.8048000335693px" class=""><br class=""></span></font></div><div style="" class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" class=""><span style="line-height:17.8048000335693px" class="">But </span></font><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">in /var/log/syslog there's nothing except the log of start-up, it never move.</span></div><div style="" class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div style="" class=""><span style="font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif;line-height:17.8048000335693px" class=""><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:11 VPN ipsec_setup: Stopping Openswan IPsec...</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN kernel: [83909.844439] NET: Unregistered protocol family 15</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec_setup: ...Openswan IPsec stopped</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN kernel: [83909.880773] NET: Registered protocol family 15</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-37-generic...</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec_setup: Using NETKEY(XFRM) stack</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN kernel: [83909.946916] Initializing XFRM netlink socket</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN kernel: [83909.974072] AVX2 instructions are not detected.</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN kernel: [83909.987585] AVX2 or AES-NI instructions are not detected.</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec_setup: ...Openswan IPsec started</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN pluto: adjusting ipsec.d to /etc/ipsec.d</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:12 VPN ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:18 VPN xl2tpd[30940]: network_thread: select returned error 4 (Interrupted system call)</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:18 VPN xl2tpd[30940]: death_handler: Fatal signal 15 received</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31214]: Enabling IPsec SAref processing for L2TP transport mode SAs</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31214]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31214]: setsockopt recvref[30]: Protocol not available</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31214]: This binary does not support kernel L2TP.</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31215]: xl2tpd version xl2tpd-1.3.6 started on VPN PID:31215</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31215]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31215]: Forked by Scott Balmos and David Stipp, (C) 2001</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31215]: Inherited by Jeff McAdams, (C) 2002</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31215]: Forked again by Xelerance (<a href="http://www.xelerance.com/" class="">www.xelerance.com</a>) (C) 2006</font></div><div class=""><font size="1" color="#444444" class=""> Jan  9 00:10:19 VPN xl2tpd[31215]: Listening on IP address 0.0.0.0, port 1701</font></div><div style="font-size: 14px;" class=""><br class=""></div><div style="font-size: 14px;" class="">IPSec verify successfully.</div><div style="font-size: 14px;" class=""><br class=""></div><div style="" class=""><pre style="margin-top:0px;margin-bottom:10px;padding:5px;border:0px;vertical-align:baseline;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;overflow:auto;width:auto;max-height:600px;word-wrap:normal;line-height:17.8048000335693px;background-image:initial;background-color:rgb(238,238,238);background-repeat:initial" class=""><code style="margin:0px;padding:0px;border:0px;vertical-align:baseline;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;white-space:inherit;background-image:initial;background-repeat:initial" class=""><font size="1" class="">Checking your system to see if IPsec got installed and started correctly:
 Version check and ipsec on-path                                 [OK]
 Linux Openswan U2.6.38/K3.13.0-37-generic (netkey)
 Checking for IPsec support in kernel                            [OK]
  SAref kernel support                                           [N/A]
  NETKEY:  Testing XFRM related proc values                      [OK]
         [OK]
         [OK]
 Checking that pluto is running                                  [OK]
  Pluto listening for IKE on udp 500                             [OK]
  Pluto listening for NAT-T on udp 4500                          [OK]
 Checking for 'ip' command                                       [OK]
 Checking /bin/sh is not /bin/dash                               [WARNING]
 Checking for 'iptables' command                                 [OK]
 Opportunistic Encryption Support                                [DISABLED]</font></code></pre></div></span></div><div style="" class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">"iptables -t nat -L"</span><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" class=""><span style="line-height:17.8048000335693px" class=""><br class=""></span></font></div><div style="" class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div style="" class=""><pre style="margin-top: 0px; margin-bottom: 10px; padding: 5px; border: 0px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; line-height: 17.8048000335693px; background-color: rgb(238, 238, 238); background-position: initial initial; background-repeat: initial initial;" class=""><code style="margin:0px;padding:0px;border:0px;vertical-align:baseline;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;white-space:inherit;background-image:initial;background-repeat:initial" class=""><font size="1" class=""> Chain PREROUTING (policy ACCEPT)
 target     prot opt source               destination

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination

 Chain POSTROUTING (policy ACCEPT)
 target     prot opt source               destination
 MASQUERADE  all  --  anywhere             anywhere
 MASQUERADE  all  --  anywhere             anywhere</font></code></pre><pre style="margin-top:0px;margin-bottom:10px;padding:5px;border:0px;vertical-align:baseline;overflow:auto;width:auto;max-height:600px;word-wrap:normal;background:rgb(238,238,238)" class=""><code style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-image:initial;background-repeat:initial" class=""><font size="1" style="" class=""><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, serif" class=""><span style="line-height:17.8048000335693px" class="">egrep -v '^[[:space:]]*(#|$)' /etc/ipsec.conf
version 2.0     # conforms to second version of ipsec.conf specification
config setup
        dumpdir=/var/run/pluto/
        nat_traversal=yes
        virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" class="">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a>
        oe=off
        protostack=netkey
        plutostderrlog=/var/log/pluto.log
        force_keepalive=yes
        keep_alive=60
conn L2TP-PSK-NAT
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        ikelifetime=8h
        keylife=1h
        ike=aes256-sha1,aes128-sha1,3des-sha1
        phase2alg=aes256-sha1,aes128-sha1,3des-sha1
        type=transport
        left=104.236.82.206
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        dpddelay=40
        dpdtimeout=130
        dpdaction=clear
        forceencaps=yes</span><span style="line-height:17.8048000335693px;white-space:inherit" class=""><br class=""></span></font></font></code></pre><pre style="margin-top:0px;margin-bottom:10px;padding:5px;border:0px;vertical-align:baseline;overflow:auto;width:auto;max-height:600px;word-wrap:normal;background:rgb(238,238,238)" class=""><code style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-image:initial;background-repeat:initial" class=""><font size="1" style="" class=""><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, serif" class=""><span style="line-height:17.8048000335693px" class="">cat /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
mtu 1200
mru 1000
crtscts
lock
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4<br class=""></span></font></font></code></pre><pre style="margin-top:0px;margin-bottom:10px;padding:5px;border:0px;vertical-align:baseline;overflow:auto;width:auto;max-height:600px;word-wrap:normal;background:rgb(238,238,238)" class=""><code style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-image:initial;background-repeat:initial" class=""><font size="1" style="" class=""><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, serif" class=""><span style="line-height:17.8048000335693px" class="">grep -v '^;' /etc/xl2tpd/xl2tpd.conf
[global]                                                                ; Global parameters:
ipsec saref = yes
debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lns default]                                                   ; Our fallthrough LNS definition
ip range = 172.16.1.30-172.16.1.100     ; * Allocate from this IP range
local ip = 172.16.1.1                   ; * local IP to use
length bit = yes                                                ; * Use length bit in payload?
refuse pap = yes                                                ; * Refuse PAP authentication
refuse chap = yes                                               ; * Refuse CHAP authentication
require authentication = yes                    ; * Require peer to authenticate
ppp debug = yes                                                 ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd     ; * ppp options file<br class=""></span></font></font></code></pre><br class=""></div><div style="" class="">If I miss something? Any advise?</div><div style="" class="">Thanks in advance.</div><div style="" class=""><br class=""></div><div style="" class="">BR,</div><div style="" class="">Luke</div>
</div>
<br class=""><br class=""></div></div></div><br class=""></body></html>