[jira] [Assigned] (CLOUDSTACK-9943) Remote access VPN fails to establish from Windows Machine.

Jayapal Reddy (JIRA) Wed, 28 Jun 2017 22:53:06 -0700

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jayapal Reddy reassigned CLOUDSTACK-9943:
-----------------------------------------

    Assignee: Jayapal Reddy

> Remote access VPN fails to establish from Windows Machine.
> ----------------------------------------------------------
>
>                 Key: CLOUDSTACK-9943
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9943
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.10.0.0
>            Reporter: DeepthiMachiraju
>            Assignee: Jayapal Reddy
>            Priority: Blocker
>              Labels: pvr
>             Fix For: 4.10.0.0
>
>         Attachments: management-server.log
>
>
> - Create an isolated Network N1 and deploy a VM.
> - On the Source Nat IP enable Remote Access VPN.
> - Configure the VPN connection from a window machine by providing the Public 
> IP of VR , TYpe of VPN : L2TP / IPSec and provide preshared key for 
> authentication.
> - Try connecting by providing the VPN users details.
> Observation : 
> Remote access VPn fails to establish .
> ==============================================
> Please find the relevant logs below :
> root@r-42-VM:/etc/cloudstack# ipsec --version
> Linux strongSwan U5.2.1/K3.2.0-4-amd64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> ===================================================
> root@r-42-VM:/etc/cloudstack# ipsec status
> Security Associations (0 up, 0 connecting):
>   none
> ====================auth.log==========================
> Jun  6 09:54:44 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main 
> Mode IKE_SA
> Jun  6 09:54:44 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[1] established 
> between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> Jun  6 09:54:44 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{1} established with 
> SPIs c217d307_i dc6d5497_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:44 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{1} established with 
> SPIs cbeda395_i 21bba84d_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:44 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{1} with 
> SPIs c217d307_i (0 bytes) dc6d5497_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:47 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{1} established with 
> SPIs c9a8105d_i 28d44ba0_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:47 r-42-VM charon: 13[IKE] closing CHILD_SA L2TP-PSK{1} with 
> SPIs cbeda395_i (0 bytes) 21bba84d_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:51 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{1} established with 
> SPIs ccd1db39_i 17c5c576_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:51 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{1} with 
> SPIs c9a8105d_i (0 bytes) 28d44ba0_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:59 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{1} established with 
> SPIs c3dcf5e4_i 40af5f4d_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:59 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{1} with 
> SPIs ccd1db39_i (0 bytes) 17c5c576_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session opened 
> for user root by (uid=0)
> Jun  6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session closed 
> for user root
> Jun  6 09:55:09 r-42-VM charon: 16[IKE] CHILD_SA L2TP-PSK{1} established with 
> SPIs c8d60ec4_i f675adb5_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:09 r-42-VM charon: 05[IKE] closing CHILD_SA L2TP-PSK{1} with 
> SPIs c3dcf5e4_i (0 bytes) 40af5f4d_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:19 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{1} with 
> SPIs c8d60ec4_i (0 bytes) f675adb5_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:19 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[1] between 
> 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> ====================auth.log==========================
> IPsec status when ike is established : 
> root@r-42-VM:/etc/cloudstack# ipsec status
> Security Associations (1 up, 0 connecting):
>     L2TP-PSK[3]: ESTABLISHED 31 seconds ago, 
> 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
>     L2TP-PSK{3}:  INSTALLED, TRANSPORT, ESP in UDP SPIs: c6066660_i a020e46f_o
>     L2TP-PSK{3}:   10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> ====================daemon.log=======================
> Jun  6 09:57:03 r-42-VM charon: 14[NET] received packet: from 
> 10.233.89.32[500] to 10.147.30.117[500] (384 bytes)
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V 
> V V V ]
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received 
> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received FRAGMENTATION vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: 
> fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: 
> 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: 
> e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main 
> Mode IKE_SA
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] generating ID_PROT response 0 [ SA V 
> V V ]
> Jun  6 09:57:03 r-42-VM charon: 14[NET] sending packet: from 
> 10.147.30.117[500] to 10.233.89.32[500] (136 bytes)
> Jun  6 09:57:03 r-42-VM charon: 15[NET] received packet: from 
> 10.233.89.32[500] to 10.147.30.117[500] (388 bytes)
> Jun  6 09:57:03 r-42-VM charon: 15[ENC] parsed ID_PROT request 0 [ KE No 
> NAT-D NAT-D ]
> Jun  6 09:57:03 r-42-VM charon: 15[IKE] faking NAT situation to enforce UDP 
> encapsulation
> Jun  6 09:57:03 r-42-VM charon: 15[ENC] generating ID_PROT response 0 [ KE No 
> NAT-D NAT-D ]
> Jun  6 09:57:03 r-42-VM charon: 15[NET] sending packet: from 
> 10.147.30.117[500] to 10.233.89.32[500] (372 bytes)
> Jun  6 09:57:03 r-42-VM charon: 16[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:03 r-42-VM charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH ]
> Jun  6 09:57:03 r-42-VM charon: 16[CFG] looking for pre-shared key peer 
> configs matching 10.147.30.117...10.233.89.32[10.233.89.32]
> Jun  6 09:57:03 r-42-VM charon: 16[CFG] selected peer config "L2TP-PSK"
> Jun  6 09:57:03 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[2] established 
> between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> Jun  6 09:57:03 r-42-VM charon: 16[ENC] generating ID_PROT response 0 [ ID 
> HASH ]
> Jun  6 09:57:03 r-42-VM charon: 16[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (76 bytes)
> Jun  6 09:57:03 r-42-VM charon: 04[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun  6 09:57:03 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 1 [ HASH SA 
> No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 04[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:03 r-42-VM charon: 04[IKE] received 250000000 lifebytes, 
> configured 0
> Jun  6 09:57:03 r-42-VM charon: 04[ENC] generating QUICK_MODE response 1 [ 
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 04[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun  6 09:57:03 r-42-VM charon: 03[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun  6 09:57:03 r-42-VM charon: 03[ENC] parsed QUICK_MODE request 1 [ HASH ]
> Jun  6 09:57:03 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{2} established with 
> SPIs cbff1661_i 9c25b6cc_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:03 r-42-VM charon: 02[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun  6 09:57:03 r-42-VM charon: 02[ENC] parsed QUICK_MODE request 2 [ HASH SA 
> No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 02[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:03 r-42-VM charon: 02[IKE] received 250000000 lifebytes, 
> configured 0
> Jun  6 09:57:03 r-42-VM charon: 02[IKE] detected rekeying of CHILD_SA 
> L2TP-PSK{2}
> Jun  6 09:57:03 r-42-VM charon: 02[ENC] generating QUICK_MODE response 2 [ 
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 02[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun  6 09:57:03 r-42-VM charon: 01[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun  6 09:57:03 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 2 [ HASH ]
> Jun  6 09:57:03 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{2} established with 
> SPIs c25a7f96_i 0abe04de_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:03 r-42-VM charon: 11[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:03 r-42-VM charon: 11[ENC] parsed INFORMATIONAL_V1 request 
> 103224265 [ HASH D ]
> Jun  6 09:57:03 r-42-VM charon: 11[IKE] received DELETE for ESP CHILD_SA with 
> SPI 9c25b6cc
> Jun  6 09:57:03 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{2} with 
> SPIs cbff1661_i (0 bytes) 9c25b6cc_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:06 r-42-VM charon: 06[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun  6 09:57:06 r-42-VM charon: 06[ENC] parsed QUICK_MODE request 3 [ HASH SA 
> No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:06 r-42-VM charon: 06[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:06 r-42-VM charon: 06[IKE] received 250000000 lifebytes, 
> configured 0
> Jun  6 09:57:06 r-42-VM charon: 06[IKE] detected rekeying of CHILD_SA 
> L2TP-PSK{2}
> Jun  6 09:57:06 r-42-VM charon: 06[ENC] generating QUICK_MODE response 3 [ 
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:06 r-42-VM charon: 06[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun  6 09:57:06 r-42-VM charon: 12[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun  6 09:57:06 r-42-VM charon: 12[ENC] parsed QUICK_MODE request 3 [ HASH ]
> Jun  6 09:57:06 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{2} established with 
> SPIs c9e9610c_i 83b1c870_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:06 r-42-VM charon: 12[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:06 r-42-VM charon: 12[ENC] parsed INFORMATIONAL_V1 request 
> 1590197566 [ HASH D ]
> Jun  6 09:57:06 r-42-VM charon: 12[IKE] received DELETE for ESP CHILD_SA with 
> SPI 0abe04de
> Jun  6 09:57:06 r-42-VM charon: 12[IKE] closing CHILD_SA L2TP-PSK{2} with 
> SPIs c25a7f96_i (0 bytes) 0abe04de_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:10 r-42-VM charon: 05[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun  6 09:57:10 r-42-VM charon: 05[ENC] parsed QUICK_MODE request 4 [ HASH SA 
> No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:10 r-42-VM charon: 05[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:10 r-42-VM charon: 05[IKE] received 250000000 lifebytes, 
> configured 0
> Jun  6 09:57:10 r-42-VM charon: 05[IKE] detected rekeying of CHILD_SA 
> L2TP-PSK{2}
> Jun  6 09:57:10 r-42-VM charon: 05[ENC] generating QUICK_MODE response 4 [ 
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:10 r-42-VM charon: 05[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun  6 09:57:10 r-42-VM charon: 04[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun  6 09:57:10 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 4 [ HASH ]
> Jun  6 09:57:10 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{2} established with 
> SPIs cffce783_i 16ad4fef_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:10 r-42-VM charon: 03[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:10 r-42-VM charon: 03[ENC] parsed INFORMATIONAL_V1 request 
> 2703531821 [ HASH D ]
> Jun  6 09:57:10 r-42-VM charon: 03[IKE] received DELETE for ESP CHILD_SA with 
> SPI 83b1c870
> Jun  6 09:57:10 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{2} with 
> SPIs c9e9610c_i (0 bytes) 83b1c870_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:18 r-42-VM charon: 01[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun  6 09:57:18 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 5 [ HASH SA 
> No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:18 r-42-VM charon: 01[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:18 r-42-VM charon: 01[IKE] received 250000000 lifebytes, 
> configured 0
> Jun  6 09:57:18 r-42-VM charon: 01[IKE] detected rekeying of CHILD_SA 
> L2TP-PSK{2}
> Jun  6 09:57:18 r-42-VM charon: 01[ENC] generating QUICK_MODE response 5 [ 
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:18 r-42-VM charon: 01[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun  6 09:57:18 r-42-VM charon: 11[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun  6 09:57:18 r-42-VM charon: 11[ENC] parsed QUICK_MODE request 5 [ HASH ]
> Jun  6 09:57:18 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{2} established with 
> SPIs cd088e05_i 381bd68f_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:18 r-42-VM charon: 06[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:18 r-42-VM charon: 06[ENC] parsed INFORMATIONAL_V1 request 
> 4078387132 [ HASH D ]
> Jun  6 09:57:18 r-42-VM charon: 06[IKE] received DELETE for ESP CHILD_SA with 
> SPI 16ad4fef
> Jun  6 09:57:18 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{2} with 
> SPIs cffce783_i (0 bytes) 16ad4fef_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:28 r-42-VM charon: 14[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (332 bytes)
> Jun  6 09:57:28 r-42-VM charon: 14[ENC] parsed QUICK_MODE request 6 [ HASH SA 
> No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:28 r-42-VM charon: 14[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:28 r-42-VM charon: 14[IKE] received 250000000 lifebytes, 
> configured 0
> Jun  6 09:57:28 r-42-VM charon: 14[IKE] detected rekeying of CHILD_SA 
> L2TP-PSK{2}
> Jun  6 09:57:28 r-42-VM charon: 14[ENC] generating QUICK_MODE response 6 [ 
> HASH SA No ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:28 r-42-VM charon: 14[NET] sending packet: from 
> 10.147.30.117[4500] to 10.233.89.32[4500] (204 bytes)
> Jun  6 09:57:28 r-42-VM charon: 15[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (60 bytes)
> Jun  6 09:57:28 r-42-VM charon: 15[ENC] parsed QUICK_MODE request 6 [ HASH ]
> Jun  6 09:57:28 r-42-VM charon: 15[IKE] CHILD_SA L2TP-PSK{2} established with 
> SPIs cff9a578_i 93dc756b_o and TS 10.147.30.117/32[udp/l2f] === 
> 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:28 r-42-VM charon: 16[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:28 r-42-VM charon: 16[ENC] parsed INFORMATIONAL_V1 request 
> 251215099 [ HASH D ]
> Jun  6 09:57:28 r-42-VM charon: 16[IKE] received DELETE for ESP CHILD_SA with 
> SPI 381bd68f
> Jun  6 09:57:28 r-42-VM charon: 16[IKE] closing CHILD_SA L2TP-PSK{2} with 
> SPIs cd088e05_i (0 bytes) 381bd68f_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:38 r-42-VM charon: 02[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (76 bytes)
> Jun  6 09:57:38 r-42-VM charon: 02[ENC] parsed INFORMATIONAL_V1 request 
> 1078630831 [ HASH D ]
> Jun  6 09:57:38 r-42-VM charon: 02[IKE] received DELETE for ESP CHILD_SA with 
> SPI 93dc756b
> Jun  6 09:57:38 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{2} with 
> SPIs cff9a578_i (0 bytes) 93dc756b_o (0 bytes) and TS 
> 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:38 r-42-VM charon: 01[NET] received packet: from 
> 10.233.89.32[4500] to 10.147.30.117[4500] (92 bytes)
> Jun  6 09:57:38 r-42-VM charon: 01[ENC] parsed INFORMATIONAL_V1 request 
> 1398070104 [ HASH D ]
> Jun  6 09:57:38 r-42-VM charon: 01[IKE] received DELETE for IKE_SA L2TP-PSK[2]
> Jun  6 09:57:38 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[2] between 
> 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> ========================daemon.log=========================
> ========================l2tp.conf============================
> root@r-42-VM:/etc/ipsec.d# cat l2tp.conf
> #ipsec remote access vpn configuration
> conn L2TP-PSK
>         authby=psk
>         pfs=no
>         rekey=no
>         keyingtries=3
>         keyexchange=ikev1
>         forceencaps=yes
>         leftfirewall=yes
>         leftnexthop=%defaultroute
>         type=transport
>         #
>         # ----------------------------------------------------------
>         # The VPN server.
>         #
>         # Allow incoming connections on the external network interface.
>         # If you want to use a different interface or if there is no
>         # defaultroute, you can use:   left=your.ip.addr.ess
>         #
>      left=10.147.30.117
>         #
>         leftprotoport=17/1701
>         # If you insist on supporting non-updated Windows clients,
>         # you can use:    leftprotoport=17/%any
>         #
>         # ----------------------------------------------------------
>         # The remote user(s).
>         #
>         # Allow incoming connections only from this IP address.
>         right=%any
>         # If you want to allow multiple connections from any IP address,
>         # you can use:    right=%any
>         #
>         rightprotoport=17/%any
>         #
>         # ----------------------------------------------------------
>         # Change 'ignore' to 'add' to enable this configuration.
>         #
>         rightsubnetwithin=0.0.0.0/0
>         auto=add
> ========================l2tp.conf============================
> root@r-42-VM:/etc/cloudstack# cat remoteaccessvpn.json
> {
>     "10.147.30.117": {
>         "create": true,
>         "ip_range": "10.1.2.2-10.1.2.8",
>         "local_cidr": "10.1.1.0/24",
>         "local_ip": "10.1.2.1",
>         "preshared_key": "egwnGVGcuGUQ4g4tgpum3qmp",
>         "public_interface": "eth2",
>         "type": "remoteaccessvpn",
>         "vpn_server_ip": "10.147.30.117"
>     },
>     "id": "remoteaccessvpn"
> }root@r-42-VM:/etc/cloudstack#
> ==========================================================
> root@r-42-VM:/etc/cloudstack# cat vpnuserlist.json
> {
>     "aaa": {
>         "add": true,
>         "password": "aaa",
>         "user": "aaa"
>     },
>     "abc": {
>         "add": true,
>         "password": "abc",
>         "user": "abc"
>     },
>     "id": "vpnuserlist"
> }root@r-42-VM:/etc/cloudstack#
> =================================================
> Attached MS log .



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (CLOUDSTACK-9943) Remote access VPN fails to establish from Windows Machine.

Reply via email to