I don't know where to start. Say I have:<div><br></div><div>[openswan]1.1.1.1-----(internet)-------2.2.2.1[NAT]10.1.1.1----(3g)----10.1.1.2[router]192.168.1.1---</div><div><br></div><div>I don't care about reaching 192.168.1.1 at this stage, I want to be </div>
<div>able to manage the router from the internet.</div><div>2.2.2.1 is dynamic (I think it is anyway, lets say that it is), it will change, </div><div>and 10.1.1.2 is dynamic (I think it is anyway, lets say that it is), it will change.</div>
<div>In all the reading I've being doing, I can't see how the router gets an IP address </div><div>that I can ping from openswan. </div><div><br></div><div>The last thing I read was:</div><div><a href="https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd">https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd</a></div>
<div>Is that the way to go?</div><div><br></div><div>There's another complication, the router is using ipsec-tools, </div><div>and there's no shell access, you get given a web interface.</div><div>I've read ipsec-tool does/doesn't work with openswan.</div>
<div><br></div><div>This is my openswan config so far</div><div><br></div><div><div>conn test</div><div> left=1.1.1.1 </div><div> right=%any</div><div> rightsubnet=vhost:%priv,%no</div><div> rightid=@test</div>
<div> authby=secret</div><div> auto=add</div></div><div><br></div><div>the last line in the logs on openswan is</div><div><div>Mar 23 20:41:59 test pluto[19649]: "test"[34] 2.2.2.1 #35: STATE_MAIN_R2: sent MR2, expecting MI3</div>
</div><div><br></div><div>the last few lines on the router are</div><div><div>Jan 1 14:32:21 racoon: INFO: KA list add: 10.1.1.2[4500]->1.1.1.1[4500]</div><div>Jan 1 14:32:31 racoon: NOTIFY: the packet is retransmitted by 1.1.1.1[500] (2).</div>
<div>Jan 1 14:32:50 racoon: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 1.1.1.1[0]->10.1.1.2[0] </div><div>Jan 1 14:32:50 racoon: INFO: delete phase 2 handler.</div><div>Jan 1 14:32:51 racoon: NOTIFY: the packet is retransmitted by 1.1.1.1[500] (2).</div>
<div>Jan 1 14:33:11 racoon: ERROR: phase1 negotiation failed due to time up. 946ecdab9f845724:e3344e9bbd45ab7d</div><div>Jan 1 14:33:11 racoon: INFO: KA remove: 10.1.1.2[4500]->1.1.1.1[4500]</div><div>Jan 1 14:33:11 admin_user: ipsec_count=0</div>
</div><div><br></div><div>So it looks like openswan is sending some sort of message (MR2) and the router is ignoring it</div><div>or doesn't receive it?</div><div><br></div><div>Apologies for the redacted ip addresses, hopefully you can still work out what's going on and get</div>
<div>me a clue stick.</div><div><br></div>