Hi all,
I am struggling with L2TP/IPSEC setup. I have followed this doc
https://doc.pfsense.org/index.php/L2TP/IPsec and it appears that IPSEC is
negotiating but I am seeing the message "L2TP: connect: Address already in use"
in l2tps.log - can anyone help with diagnosing or fixing?? B-T-W I have
changed DH Group 14 to DH Group 2 on the phase 1.
Log extracts here :
IPSEC.LOG
=========
charon: 08[IKE] <2049> received NAT-T (RFC 3947) vendor ID
charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
charon: 08[IKE] <2049> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
charon: 08[IKE] <2049> received FRAGMENTATION vendor ID
charon: 08[IKE] received FRAGMENTATION vendor ID
charon: 08[IKE] <2049> received DPD vendor ID
charon: 08[IKE] received DPD vendor ID
charon: 08[IKE] <2049> aa.aa.aa.aaa is initiating a Main Mode IKE_SA
charon: 08[IKE] aa.aa.aa.aaa is initiating a Main Mode IKE_SA
charon: 08[IKE] <2049> remote host is behind NAT
charon: 08[IKE] remote host is behind NAT
charon: 08[CFG] <2049> looking for pre-shared key peer configs matching
bb.bb.bb.bb...aa.aa.aa.aaa[192.168.44.96]
charon: 08[CFG] looking for pre-shared key peer configs matching
bb.bb.bb.bb...aa.aa.aa.aaa[192.168.44.96]
charon: 08[CFG] <2049> selected peer config "con15"
charon: 08[CFG] selected peer config "con15"
charon: 08[IKE] <con15|2049> IKE_SA con15[2049] established between
bb.bb.bb.bb[bb.bb.bb.bb]...aa.aa.aa.aaa[192.168.44.96]
charon: 08[IKE] IKE_SA con15[2049] established between
bb.bb.bb.bb[bb.bb.bb.bb]...aa.aa.aa.aaa[192.168.44.96]
charon: 08[IKE] <con15|2049> scheduling reauthentication in 28003s
charon: 08[IKE] scheduling reauthentication in 28003s
charon: 08[IKE] <con15|2049> maximum IKE_SA lifetime 28543s
charon: 08[IKE] maximum IKE_SA lifetime 28543s
charon: 16[IKE] <con15|2049> CHILD_SA con15{35} established with SPIs
cda22b5e_i 0ae4a0dc_o and TS bb.bb.bb.bb/32|/0[udp/l2f] ===
aa.aa.aa.aaa/32|/0[udp/56000]
charon: 16[IKE] CHILD_SA con15{35} established with SPIs cda22b5e_i 0ae4a0dc_o
and TS bb.bb.bb.bb/32|/0[udp/l2f] === aa.aa.aa.aaa/32|/0[udp/56000]
L2TPS.LOG
=========
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: L2TP: connect: Address already in use
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: L2TP: connect: Address already in use
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: L2TP: connect: Address already in use
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: L2TP: connect: Address already in use
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: L2TP: connect: Address already in use
4slgbmernfw01 l2tps: Incoming L2TP packet from aa.aa.aa.aaa 56000
4slgbmernfw01 l2tps: L2TP: connect: Address already in use
4slgbmernfw01 l2tps: L2TP: Control connection 0x803456308 terminated: 6
(expecting reply; none received)
4slgbmernfw01 l2tps: L2TP: Control connection 0x803456308 destroyed
Mark Relf
Principal Consultant
[cv_certified_engineer.gif]
4sl Group, 4 Snow Hill, London EC1A 2DJ
t: +44 (0) 203 307 1053
m: +44 (0) 7868 842548
w: www.4sl.com<http://www.4sl.com/>
e: [email protected]<mailto:[email protected]>
Planned away dates: None
[cid:13FB3024-6DC6-404D-A857-7118A286F8ED] [2013 Tech Track 100 logo - smaller]
Legal Disclaimer: The information in this email and any attachment is
confidential and may also be privileged. If you have received this message in
error please notify the sender and delete the message and attachments from your
system immediately. You are not entitled to retain, copy or use this email for
any purpose, nor disclose all or any part of its content to any other person.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
