Author Topic: IPSec/L2TP Config (Read 7320 times)

Haemaker · « **on:** September 12, 2014, 10:45:37 pm »

Anyone have this working? What are the proper settings?

IPSec seems to work (the usual culprit), but I get an error after it connects:

Quote

Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: ignoring unknown Vendor ID payload [8d7d2be98137ceee7cb9842fd61d0100]
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: received Vendor ID payload [Dead Peer Detection]
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: responding to Main Mode from unknown peer <CLIENT IP>
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: Main mode peer ID is ID_FQDN: '@vpnclient-bde979d3c202d196.ipsec.com'
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[3] <CLIENT IP> #3: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: deleting connection "L2TP-PSK-NAT" instance with peer <CLIENT IP> {isakmp=#0/ipsec=#0}
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: the peer proposed: <ALMOND IP>/32:17/1701 -> 10.195.223.34/32:17/0
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: responding to Quick Mode proposal {msgid:3ecf1041}
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: us: 76.191.212.174:17/1701
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: them: <CLIENT IP>[@vpnclient-bde979d3c202d196.ipsec.com]:17/1701===10.195.223.34/32
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 13 02:37:12 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x93097a7f <0xe570123e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Sep 13 02:37:19 AlmondPlus user.info sysinit: The source address 10.10.10.133 for group 239.255.255.250, is not in any valid net for upstream VIF.
Sep 13 02:37:27 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: received Delete SA(0x93097a7f) payload: deleting IPSEC State #4
Sep 13 02:37:27 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
Sep 13 02:37:27 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: received and ignored informational message
Sep 13 02:37:27 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP> #3: received Delete SA payload: deleting ISAKMP State #3
Sep 13 02:37:27 AlmondPlus authpriv.warn pluto[17058]: "L2TP-PSK-NAT"[4] <CLIENT IP>: deleting connection "L2TP-PSK-NAT" instance with peer <CLIENT IP> {isakmp=#0/ipsec=#0}
Sep 13 02:37:27 AlmondPlus authpriv.warn pluto[17058]: packet from <CLIENT IP>:11007: received and ignored informational message

Looking up the XFRM_MSG_DELPOLICY error mentions an old bug in openswan fixed long ago.

PPTP works, so I know it isn't password issue. I think the logs indicate a successful IPSec tunnel, but I don't see any L2TP related messages.

I'm testing with Android:

Type: "L2TP pre-shared key (IKEv1)"
Identity: randomly generated.
ID Type: "Key ID"
IKE: "Group 2"

jjoepaulines · « **Reply #1 on:** September 13, 2014, 08:19:19 am »

As of now ipsec/L2tp wont work.

Good new's is .. we fixed this VPN issue in our latest beta release.

We should be releasing the final version next week.

Author Topic: IPSec/L2TP Config (Read 7320 times)

Haemaker

IPSec/L2TP Config

jjoepaulines

Re: IPSec/L2TP Config