I have been playing around a little with the npppd daemon having setup a L2TP server for test and learning purposes. The connection is running in an IPsec tunnel and it works great and runs very fine when used on a local network.
But I'm having problems when it comes to NAT. This is my setup: client (Windows XP) ---- NAT ----- internet ----- OpenBSD (public IP) The OpenBSD machine is running on a snapshot: OpenBSD 5.0-current (GENERIC) #60: Thu Sep 22 11:33:48 MDT 2011 This is my ipsec.conf: # cat /etc/ipsec.conf # $OpenBSD: ipsec.conf,v 1.5 2006/09/14 15:10:43 hshoexer Exp $ # # See ipsec.conf(5) for syntax and examples. ike passive \ from any to any \ main auth "hmac-sha" enc "3des" group modp2048 \ quick auth "hmac-sha" enc "3des" \ psk "secret" # (I'm using a psk for simplicity.) And this is the output from isakmpd -Kvd: # isakmpd -Kvd 135735.070170 Default isakmpd: starting [priv] 135745.894966 Default isakmpd: phase 1 done (as responder): initiator id LB-II.Landbjorn.local, responder id XXX.XXX.XXX.XXX, src: XXX.XXX.XXX.XXX dst: 87.56.249.90 135745.944132 Default dropped message from 87.56.249.90 port 18260 due to notification type INVALID_ID_INFORMATION 135746.518485 Default dropped message from 87.56.249.90 port 18260 due to notification type INVALID_ID_INFORMATION 135748.518811 Default dropped message from 87.56.249.90 port 18260 due to notification type INVALID_ID_INFORMATION 135750.294002 Default isakmpd: Peer 87.56.249.90 made us delete live SA peer-default for proto 1, initiator id: LB-II.Landbjorn.local, responder id: XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX is the public IP of the OpenBSD machine.) Phase 1 is completed successfully, but phase 2 fails. I have searched Google, and found this: http://tinyurl.com/5vsvvfq I have tried running isakmpd with the T-flag but no luck. Any idea what could be wrong? Best regards Martin