[
https://issues.apache.org/jira/browse/CLOUDSTACK-9943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16067736#comment-16067736
]
Jayapal Reddy commented on CLOUDSTACK-9943:
-------------------------------------------
In VR the tunnel got established and deleted in few seconds. But in windows 809
error is shown.
This is not bug from the ACS but issue from the windows.
The work around in is adding a register entry.
Procedure:
Step 1: Login to the PC as Administrator or an user who is a member of the
Administrator Group.
Step 2: Click Start > Run or Start > All Programs > Accessories > Run and type
regedit.
Step 3: Locate the entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent.
Step 4: Create a new DWORD (32-bit) value (Edit > New).
Step 5: Add AssumeUDPEncapsulationContextOnSendRule and save.
Step 6: Modify the new entry and change Value Data from 0 to 2.
Value 0 -> Cannot establish security associations with servers that are
localted behind NAT devices.
Value 2 -> Can establish security associations with servers that are located
behind NAT devices.
Step 7: Reboot the computer and try to setup the connection one more time.
Ref: https://support.sonicwall.com/kb/sw13197
> Remote access VPN fails to establish from Windows Machine.
> ----------------------------------------------------------
>
> Key: CLOUDSTACK-9943
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9943
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.10.0.0
> Reporter: DeepthiMachiraju
> Priority: Blocker
> Labels: pvr
> Fix For: 4.10.0.0
>
> Attachments: management-server.log
>
>
> - Create an isolated Network N1 and deploy a VM.
> - On the Source Nat IP enable Remote Access VPN.
> - Configure the VPN connection from a window machine by providing the Public
> IP of VR , TYpe of VPN : L2TP / IPSec and provide preshared key for
> authentication.
> - Try connecting by providing the VPN users details.
> Observation :
> Remote access VPn fails to establish .
> ==============================================
> Please find the relevant logs below :
> root@r-42-VM:/etc/cloudstack# ipsec --version
> Linux strongSwan U5.2.1/K3.2.0-4-amd64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> ===================================================
> root@r-42-VM:/etc/cloudstack# ipsec status
> Security Associations (0 up, 0 connecting):
> none
> ====================auth.log==========================
> Jun 6 09:54:44 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main
> Mode IKE_SA
> Jun 6 09:54:44 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[1] established
> between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> Jun 6 09:54:44 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{1} established with
> SPIs c217d307_i dc6d5497_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:44 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{1} established with
> SPIs cbeda395_i 21bba84d_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:44 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{1} with
> SPIs c217d307_i (0 bytes) dc6d5497_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:47 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{1} established with
> SPIs c9a8105d_i 28d44ba0_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:47 r-42-VM charon: 13[IKE] closing CHILD_SA L2TP-PSK{1} with
> SPIs cbeda395_i (0 bytes) 21bba84d_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:51 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{1} established with
> SPIs ccd1db39_i 17c5c576_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:51 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{1} with
> SPIs c9a8105d_i (0 bytes) 28d44ba0_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:59 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{1} established with
> SPIs c3dcf5e4_i 40af5f4d_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:54:59 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{1} with
> SPIs ccd1db39_i (0 bytes) 17c5c576_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session opened
> for user root by (uid=0)
> Jun 6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session closed
> for user root
> Jun 6 09:55:09 r-42-VM charon: 16[IKE] CHILD_SA L2TP-PSK{1} established with
> SPIs c8d60ec4_i f675adb5_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:55:09 r-42-VM charon: 05[IKE] closing CHILD_SA L2TP-PSK{1} with
> SPIs c3dcf5e4_i (0 bytes) 40af5f4d_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:55:19 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{1} with
> SPIs c8d60ec4_i (0 bytes) f675adb5_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:55:19 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[1] between
> 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> ====================auth.log==========================
> IPsec status when ike is established :
> root@r-42-VM:/etc/cloudstack# ipsec status
> Security Associations (1 up, 0 connecting):
> L2TP-PSK[3]: ESTABLISHED 31 seconds ago,
> 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> L2TP-PSK{3}: INSTALLED, TRANSPORT, ESP in UDP SPIs: c6066660_i a020e46f_o
> L2TP-PSK{3}: 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> ====================daemon.log=======================
> Jun 6 09:57:03 r-42-VM charon: 14[NET] received packet: from
> 10.233.89.32[500] to 10.147.30.117[500] (384 bytes)
> Jun 6 09:57:03 r-42-VM charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V
> V V V ]
> Jun 6 09:57:03 r-42-VM charon: 14[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
> Jun 6 09:57:03 r-42-VM charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
> Jun 6 09:57:03 r-42-VM charon: 14[IKE] received
> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> Jun 6 09:57:03 r-42-VM charon: 14[IKE] received FRAGMENTATION vendor ID
> Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID:
> fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
> Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID:
> 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
> Jun 6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID:
> e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
> Jun 6 09:57:03 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main
> Mode IKE_SA
> Jun 6 09:57:03 r-42-VM charon: 14[ENC] generating ID_PROT response 0 [ SA V
> V V ]
> Jun 6 09:57:03 r-42-VM charon: 14[NET] sending packet: from
> 10.147.30.117[500] to 10.233.89.32[500] (136 bytes)
> Jun 6 09:57:03 r-42-VM charon: 15[NET] received packet: from
> 10.233.89.32[500] to 10.147.30.117[500] (388 bytes)
> Jun 6 09:57:03 r-42-VM charon: 15[ENC] parsed ID_PROT request 0 [ KE No
> NAT-D NAT-D ]
> Jun 6 09:57:03 r-42-VM charon: 15[IKE] faking NAT situation to enforce UDP
> encapsulation
> Jun 6 09:57:03 r-42-VM charon: 15[ENC] generating ID_PROT response 0 [ KE No
> NAT-D NAT-D ]
> Jun 6 09:57:03 r-42-VM charon: 15[NET] sending packet: from
> 10.147.30.117[500] to 10.233.89.32[500] (372 bytes)
> Jun 6 09:57:03 r-42-VM charon: 16[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:03 r-42-VM charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH ]
> Jun 6 09:57:03 r-42-VM charon: 16[CFG] looking for pre-shared key peer
> configs matching 10.147.30.117...10.233.89.32[10.233.89.32]
> Jun 6 09:57:03 r-42-VM charon: 16[CFG] selected peer config "L2TP-PSK"
> Jun 6 09:57:03 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[2] established
> between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> Jun 6 09:57:03 r-42-VM charon: 16[ENC] generating ID_PROT response 0 [ ID
> HASH ]
> Jun 6 09:57:03 r-42-VM charon: 16[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (76 bytes)
> Jun 6 09:57:03 r-42-VM charon: 04[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun 6 09:57:03 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 1 [ HASH SA
> No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:03 r-42-VM charon: 04[IKE] received 3600s lifetime, configured 0s
> Jun 6 09:57:03 r-42-VM charon: 04[IKE] received 250000000 lifebytes,
> configured 0
> Jun 6 09:57:03 r-42-VM charon: 04[ENC] generating QUICK_MODE response 1 [
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:03 r-42-VM charon: 04[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun 6 09:57:03 r-42-VM charon: 03[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun 6 09:57:03 r-42-VM charon: 03[ENC] parsed QUICK_MODE request 1 [ HASH ]
> Jun 6 09:57:03 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{2} established with
> SPIs cbff1661_i 9c25b6cc_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:03 r-42-VM charon: 02[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun 6 09:57:03 r-42-VM charon: 02[ENC] parsed QUICK_MODE request 2 [ HASH SA
> No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:03 r-42-VM charon: 02[IKE] received 3600s lifetime, configured 0s
> Jun 6 09:57:03 r-42-VM charon: 02[IKE] received 250000000 lifebytes,
> configured 0
> Jun 6 09:57:03 r-42-VM charon: 02[IKE] detected rekeying of CHILD_SA
> L2TP-PSK{2}
> Jun 6 09:57:03 r-42-VM charon: 02[ENC] generating QUICK_MODE response 2 [
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:03 r-42-VM charon: 02[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun 6 09:57:03 r-42-VM charon: 01[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun 6 09:57:03 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 2 [ HASH ]
> Jun 6 09:57:03 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{2} established with
> SPIs c25a7f96_i 0abe04de_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:03 r-42-VM charon: 11[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:03 r-42-VM charon: 11[ENC] parsed INFORMATIONAL_V1 request
> 103224265 [ HASH D ]
> Jun 6 09:57:03 r-42-VM charon: 11[IKE] received DELETE for ESP CHILD_SA with
> SPI 9c25b6cc
> Jun 6 09:57:03 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{2} with
> SPIs cbff1661_i (0 bytes) 9c25b6cc_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:06 r-42-VM charon: 06[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun 6 09:57:06 r-42-VM charon: 06[ENC] parsed QUICK_MODE request 3 [ HASH SA
> No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:06 r-42-VM charon: 06[IKE] received 3600s lifetime, configured 0s
> Jun 6 09:57:06 r-42-VM charon: 06[IKE] received 250000000 lifebytes,
> configured 0
> Jun 6 09:57:06 r-42-VM charon: 06[IKE] detected rekeying of CHILD_SA
> L2TP-PSK{2}
> Jun 6 09:57:06 r-42-VM charon: 06[ENC] generating QUICK_MODE response 3 [
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:06 r-42-VM charon: 06[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun 6 09:57:06 r-42-VM charon: 12[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun 6 09:57:06 r-42-VM charon: 12[ENC] parsed QUICK_MODE request 3 [ HASH ]
> Jun 6 09:57:06 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{2} established with
> SPIs c9e9610c_i 83b1c870_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:06 r-42-VM charon: 12[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:06 r-42-VM charon: 12[ENC] parsed INFORMATIONAL_V1 request
> 1590197566 [ HASH D ]
> Jun 6 09:57:06 r-42-VM charon: 12[IKE] received DELETE for ESP CHILD_SA with
> SPI 0abe04de
> Jun 6 09:57:06 r-42-VM charon: 12[IKE] closing CHILD_SA L2TP-PSK{2} with
> SPIs c25a7f96_i (0 bytes) 0abe04de_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:10 r-42-VM charon: 05[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun 6 09:57:10 r-42-VM charon: 05[ENC] parsed QUICK_MODE request 4 [ HASH SA
> No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:10 r-42-VM charon: 05[IKE] received 3600s lifetime, configured 0s
> Jun 6 09:57:10 r-42-VM charon: 05[IKE] received 250000000 lifebytes,
> configured 0
> Jun 6 09:57:10 r-42-VM charon: 05[IKE] detected rekeying of CHILD_SA
> L2TP-PSK{2}
> Jun 6 09:57:10 r-42-VM charon: 05[ENC] generating QUICK_MODE response 4 [
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:10 r-42-VM charon: 05[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun 6 09:57:10 r-42-VM charon: 04[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun 6 09:57:10 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 4 [ HASH ]
> Jun 6 09:57:10 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{2} established with
> SPIs cffce783_i 16ad4fef_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:10 r-42-VM charon: 03[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:10 r-42-VM charon: 03[ENC] parsed INFORMATIONAL_V1 request
> 2703531821 [ HASH D ]
> Jun 6 09:57:10 r-42-VM charon: 03[IKE] received DELETE for ESP CHILD_SA with
> SPI 83b1c870
> Jun 6 09:57:10 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{2} with
> SPIs c9e9610c_i (0 bytes) 83b1c870_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:18 r-42-VM charon: 01[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun 6 09:57:18 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 5 [ HASH SA
> No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:18 r-42-VM charon: 01[IKE] received 3600s lifetime, configured 0s
> Jun 6 09:57:18 r-42-VM charon: 01[IKE] received 250000000 lifebytes,
> configured 0
> Jun 6 09:57:18 r-42-VM charon: 01[IKE] detected rekeying of CHILD_SA
> L2TP-PSK{2}
> Jun 6 09:57:18 r-42-VM charon: 01[ENC] generating QUICK_MODE response 5 [
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:18 r-42-VM charon: 01[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun 6 09:57:18 r-42-VM charon: 11[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun 6 09:57:18 r-42-VM charon: 11[ENC] parsed QUICK_MODE request 5 [ HASH ]
> Jun 6 09:57:18 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{2} established with
> SPIs cd088e05_i 381bd68f_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:18 r-42-VM charon: 06[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:18 r-42-VM charon: 06[ENC] parsed INFORMATIONAL_V1 request
> 4078387132 [ HASH D ]
> Jun 6 09:57:18 r-42-VM charon: 06[IKE] received DELETE for ESP CHILD_SA with
> SPI 16ad4fef
> Jun 6 09:57:18 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{2} with
> SPIs cffce783_i (0 bytes) 16ad4fef_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:28 r-42-VM charon: 14[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun 6 09:57:28 r-42-VM charon: 14[ENC] parsed QUICK_MODE request 6 [ HASH SA
> No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:28 r-42-VM charon: 14[IKE] received 3600s lifetime, configured 0s
> Jun 6 09:57:28 r-42-VM charon: 14[IKE] received 250000000 lifebytes,
> configured 0
> Jun 6 09:57:28 r-42-VM charon: 14[IKE] detected rekeying of CHILD_SA
> L2TP-PSK{2}
> Jun 6 09:57:28 r-42-VM charon: 14[ENC] generating QUICK_MODE response 6 [
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun 6 09:57:28 r-42-VM charon: 14[NET] sending packet: from
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun 6 09:57:28 r-42-VM charon: 15[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun 6 09:57:28 r-42-VM charon: 15[ENC] parsed QUICK_MODE request 6 [ HASH ]
> Jun 6 09:57:28 r-42-VM charon: 15[IKE] CHILD_SA L2TP-PSK{2} established with
> SPIs cff9a578_i 93dc756b_o and TS 10.147.30.117/32[udp/l2f] ===
> 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:28 r-42-VM charon: 16[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:28 r-42-VM charon: 16[ENC] parsed INFORMATIONAL_V1 request
> 251215099 [ HASH D ]
> Jun 6 09:57:28 r-42-VM charon: 16[IKE] received DELETE for ESP CHILD_SA with
> SPI 381bd68f
> Jun 6 09:57:28 r-42-VM charon: 16[IKE] closing CHILD_SA L2TP-PSK{2} with
> SPIs cd088e05_i (0 bytes) 381bd68f_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:38 r-42-VM charon: 02[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun 6 09:57:38 r-42-VM charon: 02[ENC] parsed INFORMATIONAL_V1 request
> 1078630831 [ HASH D ]
> Jun 6 09:57:38 r-42-VM charon: 02[IKE] received DELETE for ESP CHILD_SA with
> SPI 93dc756b
> Jun 6 09:57:38 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{2} with
> SPIs cff9a578_i (0 bytes) 93dc756b_o (0 bytes) and TS
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun 6 09:57:38 r-42-VM charon: 01[NET] received packet: from
> 10.233.89.32[4500] to 10.147.30.117[4500] (92 bytes)
> Jun 6 09:57:38 r-42-VM charon: 01[ENC] parsed INFORMATIONAL_V1 request
> 1398070104 [ HASH D ]
> Jun 6 09:57:38 r-42-VM charon: 01[IKE] received DELETE for IKE_SA L2TP-PSK[2]
> Jun 6 09:57:38 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[2] between
> 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> ========================daemon.log=========================
> ========================l2tp.conf============================
> root@r-42-VM:/etc/ipsec.d# cat l2tp.conf
> #ipsec remote access vpn configuration
> conn L2TP-PSK
> authby=psk
> pfs=no
> rekey=no
> keyingtries=3
> keyexchange=ikev1
> forceencaps=yes
> leftfirewall=yes
> leftnexthop=%defaultroute
> type=transport
> #
> # ----------------------------------------------------------
> # The VPN server.
> #
> # Allow incoming connections on the external network interface.
> # If you want to use a different interface or if there is no
> # defaultroute, you can use: left=your.ip.addr.ess
> #
> left=10.147.30.117
> #
> leftprotoport=17/1701
> # If you insist on supporting non-updated Windows clients,
> # you can use: leftprotoport=17/%any
> #
> # ----------------------------------------------------------
> # The remote user(s).
> #
> # Allow incoming connections only from this IP address.
> right=%any
> # If you want to allow multiple connections from any IP address,
> # you can use: right=%any
> #
> rightprotoport=17/%any
> #
> # ----------------------------------------------------------
> # Change 'ignore' to 'add' to enable this configuration.
> #
> rightsubnetwithin=0.0.0.0/0
> auto=add
> ========================l2tp.conf============================
> root@r-42-VM:/etc/cloudstack# cat remoteaccessvpn.json
> {
> "10.147.30.117": {
> "create": true,
> "ip_range": "10.1.2.2-10.1.2.8",
> "local_cidr": "10.1.1.0/24",
> "local_ip": "10.1.2.1",
> "preshared_key": "egwnGVGcuGUQ4g4tgpum3qmp",
> "public_interface": "eth2",
> "type": "remoteaccessvpn",
> "vpn_server_ip": "10.147.30.117"
> },
> "id": "remoteaccessvpn"
> }root@r-42-VM:/etc/cloudstack#
> ==========================================================
> root@r-42-VM:/etc/cloudstack# cat vpnuserlist.json
> {
> "aaa": {
> "add": true,
> "password": "aaa",
> "user": "aaa"
> },
> "abc": {
> "add": true,
> "password": "abc",
> "user": "abc"
> },
> "id": "vpnuserlist"
> }root@r-42-VM:/etc/cloudstack#
> =================================================
> Attached MS log .
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
