<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Rescued from the spam bucket this response to a post that I had rescued from the spam bucket. Inception.<div class="">Please remember to subscribe to the mailing list before you post to the mailing list; or respond to a post from the mailing list.<br class=""><div><br class=""><div class=""><span class="" style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);"><b class="">Date: </b></span><span class="" style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;">January 19, 2015 at 4:47:46 AM GMT-5</span></div><div class=""><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">Subject:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">Re: [Openswan Users] Cannot connect to L2TP/IPSec VPN (OpenSwan, xl2tpd, Ubuntu)</b><br class=""></span></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">From:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">Panagiotis Maragkos <<a href="mailto:panagiotis.maragkos@gmail.com" class="">panagiotis.maragkos@gmail.com</a>><br class=""></span></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><br class=""></div><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><div dir="ltr" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Did you open the 1701 port in the firewall-iptables?</div><div class="gmail_extra" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br class=""><div class="gmail_quote">On Wed, Jan 14, 2015 at 12:05 AM, Patrick Naubert<span class="Apple-converted-space"> </span><span dir="ltr" class=""><<a href="mailto:patrickn@xelerance.com" target="_blank" class="">patrickn@xelerance.com</a>></span><span class="Apple-converted-space"> </span>wrote:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div style="word-wrap: break-word;" class="">Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.<br class=""><div class=""><br class=""><div class=""><div class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">Date:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">January 9, 2015 at 3:40:01 AM GMT-5</span></div><div class=""><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">Subject:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">Cannot connect to L2TP/IPSec VPN (OpenSwan, xl2tpd, Ubuntu)</b><br class=""></span></div><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">From:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">Luke Chai <<a href="mailto:huijin.mrd@gmail.com" target="_blank" class="">huijin.mrd@gmail.com</a>><br class=""></span></div><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">To:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><a href="mailto:users@lists.openswan.org" target="_blank" class="">users@lists.openswan.org</a><br class=""></span></div><br class=""><br class=""><div dir="ltr" class=""><div class="">Hi,</div><div class=""><br class=""></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">I'm using OpenSwan & xL2tpd to build a VPN server and both of them can be started properly.</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">But I cannot connect from PC. It will try to connect, then failed after some time. (l2tp-vpn server did not respond...)</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">As the syslog is not updating while connecting, seems like OpenSwan IPSec isn't passing the traffic to xl2tpd.</span><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">The IPSec log looks OK as below.</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [RFC 3947] method set to=115 </span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02n] meth=106, but already using method 115</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: ignoring Vendor ID payload [FRAGMENTATION 80000000]</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: packet from<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>: received Vendor ID payload [Dead Peer Detection]</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: responding to Main Mode from unknown peer 121.204.130.139</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: transition from state STATEMAINR0 to state STATEMAINR1</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: STATEMAINR1: sent MR1, expecting MI2</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: transition from state STATEMAINR1 to state STATEMAINR2</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: STATEMAINR2: sent MR2, expecting MI3</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: ignoring informational payload, type IPSECINITIALCONTACT msgid=00000000</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: Main mode peer ID is IDIPV4ADDR: '192.168.0.105'</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: transition from state STATEMAINR2 to state STATEMAINR3</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: new NAT mapping for #2, was<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:500/" target="_blank" class="">121.204.130.139:500</a>, now<span class="Apple-converted-space"> </span><a href="http://121.204.130.139:4500/" target="_blank" class="">121.204.130.139:4500</a></span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: STATEMAINR3: sent MR3, ISAKMP SA established {auth=OAKLEYPRESHAREDKEY cipher=aes256 prf=oakleysha group=modp1024}</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: Dead Peer Detection (RFC 3706): enabled</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: the peer proposed:<span class="Apple-converted-space"> </span><a href="http://104.236.82.206/32:17/1701" target="_blank" class="">104.236.82.206/32:17/1701</a><span class="Apple-converted-space"> </span>-><span class="Apple-converted-space"> </span><a href="http://192.168.0.105/32:17/0" target="_blank" class="">192.168.0.105/32:17/0</a></span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: NAT-Traversal: received 2 NAT-OA. using first, ignoring others</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: responding to Quick Mode proposal {msgid:deb619d7}</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: us: 104.236.82.206<104.236.82.206>:17/1701</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: them: 121.204.130.139[192.168.0.105]:17/51822===<a href="http://192.168.0.105/32" target="_blank" class="">192.168.0.105/32</a></span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: transition from state STATEQUICKR0 to state STATEQUICKR1</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: STATEQUICKR1: sent QR1, inbound IPsec SA installed, expecting QI2</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: Dead Peer Detection (RFC 3706): enabled</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: transition from state STATEQUICKR1 to state STATEQUICKR2</span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" color="#444444" class=""><span style="line-height: 17.8048000335693px;" class="">pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: STATEQUICKR2: IPsec SA established transport mode {ESP=>0x08baca35 <0x761f15da xfrm=AES256-HMAC_SHA1 NATOA=192.168.0.105 NATD=<a href="http://121.204.130.139:4500/" target="_blank" class="">121.204.130.139:4500</a><span class="Apple-converted-space"> </span>DPD=enabled}</span></font></div></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" class=""><span style="line-height: 17.8048000335693px;" class=""><br class=""></span></font></div><div class=""><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" class=""><span style="line-height: 17.8048000335693px;" class="">But </span></font><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">in /var/log/syslog there's nothing except the log of start-up, it never move.</span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.8048000335693px;" class=""><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:11 VPN ipsec_setup: Stopping Openswan IPsec...</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN kernel: [83909.844439] NET: Unregistered protocol family 15</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec_setup: ...Openswan IPsec stopped</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN kernel: [83909.880773] NET: Registered protocol family 15</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-37-generic...</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec_setup: Using NETKEY(XFRM) stack</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN kernel: [83909.946916] Initializing XFRM netlink socket</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN kernel: [83909.974072] AVX2 instructions are not detected.</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN kernel: [83909.987585] AVX2 or AES-NI instructions are not detected.</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec_setup: ...Openswan IPsec started</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN pluto: adjusting ipsec.d to /etc/ipsec.d</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:12 VPN ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:18 VPN xl2tpd[30940]: network_thread: select returned error 4 (Interrupted system call)</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:18 VPN xl2tpd[30940]: death_handler: Fatal signal 15 received</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31214]: Enabling IPsec SAref processing for L2TP transport mode SAs</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31214]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31214]: setsockopt recvref[30]: Protocol not available</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31214]: This binary does not support kernel L2TP.</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31215]: xl2tpd version xl2tpd-1.3.6 started on VPN PID:31215</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31215]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31215]: Forked by Scott Balmos and David Stipp, (C) 2001</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31215]: Inherited by Jeff McAdams, (C) 2002</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31215]: Forked again by Xelerance (<a href="http://www.xelerance.com/" target="_blank" class="">www.xelerance.com</a>) (C) 2006</font></div><div class=""><font size="1" color="#444444" class=""> Jan 9 00:10:19 VPN xl2tpd[31215]: Listening on IP address 0.0.0.0, port 1701</font></div><div style="font-size: 14px;" class=""><br class=""></div><div style="font-size: 14px;" class="">IPSec verify successfully.</div><div style="font-size: 14px;" class=""><br class=""></div><div class=""><pre style="margin-top: 0px; margin-bottom: 10px; padding: 5px; border: 0px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; line-height: 17.8048000335693px; background-color: rgb(238, 238, 238); background-repeat: initial initial;" class=""><code style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; white-space: inherit; background-repeat: initial initial;" class=""><font size="1" class="">Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.38/K3.13.0-37-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]</font></code></pre></div></span></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class="">"iptables -t nat -L"</span><font face="Arial, Liberation Sans, DejaVu Sans, sans-serif" size="1" class=""><span style="line-height: 17.8048000335693px;" class=""><br class=""></span></font></div><div class=""><span style="font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;" class=""><br class=""></span></div><div class=""><pre style="margin-top: 0px; margin-bottom: 10px; padding: 5px; border: 0px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; line-height: 17.8048000335693px; background-color: rgb(238, 238, 238);" class=""><code style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; white-space: inherit; background-repeat: initial initial;" class=""><font size="1" class=""> Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere</font></code></pre><pre style="margin-top: 0px; margin-bottom: 10px; padding: 5px; border: 0px; vertical-align: baseline; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; background-color: rgb(238, 238, 238); background-position: initial initial; background-repeat: initial initial;" class=""><code style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; background-repeat: initial initial;" class=""><font size="1" class=""><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, serif" class=""><span style="line-height: 17.8048000335693px;" class="">egrep -v '^[[:space:]]*(#|$)' /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank" class="">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a>
oe=off
protostack=netkey
plutostderrlog=/var/log/pluto.log
force_keepalive=yes
keep_alive=60
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
ikelifetime=8h
keylife=1h
ike=aes256-sha1,aes128-sha1,3des-sha1
phase2alg=aes256-sha1,aes128-sha1,3des-sha1
type=transport
left=104.236.82.206
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=40
dpdtimeout=130
dpdaction=clear
forceencaps=yes</span><span style="line-height: 17.8048000335693px; white-space: inherit;" class=""><br class=""></span></font></font></code></pre><pre style="margin-top: 0px; margin-bottom: 10px; padding: 5px; border: 0px; vertical-align: baseline; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; background-color: rgb(238, 238, 238); background-position: initial initial; background-repeat: initial initial;" class=""><code style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; background-repeat: initial initial;" class=""><font size="1" class=""><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, serif" class=""><span style="line-height: 17.8048000335693px;" class="">cat /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
mtu 1200
mru 1000
crtscts
lock
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4<br class=""></span></font></font></code></pre><pre style="margin-top: 0px; margin-bottom: 10px; padding: 5px; border: 0px; vertical-align: baseline; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; background-color: rgb(238, 238, 238); background-position: initial initial; background-repeat: initial initial;" class=""><code style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; background-repeat: initial initial;" class=""><font size="1" class=""><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, serif" class=""><span style="line-height: 17.8048000335693px;" class="">grep -v '^;' /etc/xl2tpd/xl2tpd.conf
[global] ; Global parameters:
ipsec saref = yes
debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lns default] ; Our fallthrough LNS definition
ip range = 172.16.1.30-172.16.1.100 ; * Allocate from this IP range
local ip = 172.16.1.1 ; * local IP to use
length bit = yes ; * Use length bit in payload?
refuse pap = yes ; * Refuse PAP authentication
refuse chap = yes ; * Refuse CHAP authentication
require authentication = yes ; * Require peer to authenticate
ppp debug = yes ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd ; * ppp options file<br class=""></span></font></font></code></pre><br class=""></div><div class="">If I miss something? Any advise?</div><div class="">Thanks in advance.</div><div class=""><br class=""></div><div class="">BR,</div><div class="">Luke</div></div></div></div></div></div></blockquote></div></div><br class="Apple-interchange-newline"></div></div><br class=""></div></body></html>