Hello:
I am hoping someone can point me in some sort of direction. I have been trying to connect an iPad (ios 5.0.1) to an openbsd 4.9 server using L2TP/IPSEC. I followed the outline in /usr/src/usr.sbin/npppd/HOWTO_PIPEX_NPPPD.txt, and was able to get npppd compiled. I then started isakmpd and updated ipsecctl (sudo ipsecctl -f /etc/ipsec.conf). Finally, started npppd: npppd -d 2012-02-10 15:02:48:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 2012-02-10 15:02:48:WARNING: write() failed in in_route0 on RTM_ADD : File exists 2012-02-10 15:02:48:INFO: tun0 Started ip4addr=10.0.3.1 2012-02-10 15:02:48:INFO: pool name=default dyn_pool=[10.0.3.0/25] pool=[10.0.3.0/24] 2012-02-10 15:02:48:INFO: Added 2 routes for new pool addresses 2012-02-10 15:02:48:INFO: Loading pool config successfully. 2012-02-10 15:02:48:INFO: realm name=local(local) Loaded users from='/etc/npppd/npppd-users.csv' successfully. 2 users 2012-02-10 15:02:48:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 2012-02-10 15:02:48:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] 2012-02-10 15:02:48:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] 2012-02-10 15:02:48:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] 2012-02-10 15:02:48:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) 2012-02-10 15:02:48:INFO: tun0 is using ipcp=default(1 pools). --- Now, when I try enabling the L2TP/IPSEC VPN on the iPad, I can see that the IPSEC tunnel is created. isakmpd -Kv -d --- 150059.011921 Default isakmpd: starting [priv] 150358.338625 Default isakmpd: phase 1 done: initiator id 10.0.222.201, responder id 10.0.28.20, src: 10.0.28.20 dst: 10.0.28.201 150359.377301 Default isakmpd: quick mode done: src: 10.0.28.20 dst: 10.0.28.201 --- And flows get established: ipsecctl -s all --- FLOWS: flow esp in proto udp from 10.0.222.201 port 56701 to 10.0.28.20 port l2tp peer 10.0.28.201 srcid 10.0.28.20/32 dstid 10.0.222.201/32 type use flow esp out proto udp from 10.0.28.20 port l2tp to 10.0.222.201 port 56701 peer 10.0.28.201 srcid 10.0.28.20/32 dstid 10.0.222.201/32 type require SAD: esp transport from 10.0.28.20 to 10.0.28.201 spi 0x06c8118f auth hmac-sha1 enc aes-256 esp transport from 10.0.28.201 to 10.0.28.20 spi 0x55c61855 auth hmac-sha1 enc aes-256 --- And, then, npppd tries to negotiate the L2TP connection, but it fails: npppd -d (continued) --- 2012-02-10 15:03:59:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=1/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:03:59:INFO: l2tpd ctrl=1 SendSCCRP 2012-02-10 15:04:00:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=2/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:04:00:INFO: l2tpd ctrl=2 SendSCCRP 2012-02-10 15:04:02:NOTICE: l2tpd ctrl=3 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=3/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:04:02:INFO: l2tpd ctrl=3 SendSCCRP 2012-02-10 15:04:06:NOTICE: l2tpd ctrl=4 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=4/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:04:06:INFO: l2tpd ctrl=4 SendSCCRP 2012-02-10 15:04:10:NOTICE: l2tpd ctrl=5 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=5/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:04:10:INFO: l2tpd ctrl=5 SendSCCRP 2012-02-10 15:04:11:NOTICE: l2tpd ctrl=1 timeout waiting ack for ctrl packets. 2012-02-10 15:04:11:NOTICE: l2tpd ctrl=1 logtype=Finished 2012-02-10 15:04:12:NOTICE: l2tpd ctrl=2 timeout waiting ack for ctrl packets. 2012-02-10 15:04:12:NOTICE: l2tpd ctrl=2 logtype=Finished 2012-02-10 15:04:14:NOTICE: l2tpd ctrl=6 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=6/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:04:14:INFO: l2tpd ctrl=6 SendSCCRP 2012-02-10 15:04:14:NOTICE: l2tpd ctrl=3 timeout waiting ack for ctrl packets. 2012-02-10 15:04:14:NOTICE: l2tpd ctrl=3 logtype=Finished 2012-02-10 15:04:18:NOTICE: l2tpd ctrl=7 logtype=Started RecvSCCRQ from=10.0.28.201:56701/udp tunnel_id=7/14 protocol=1.0 winsize=4 hostname=iPad vendor=(no vendorname) firm=0000 2012-02-10 15:04:18:INFO: l2tpd ctrl=7 SendSCCRP 2012-02-10 15:04:18:NOTICE: l2tpd ctrl=4 timeout waiting ack for ctrl packets. 2012-02-10 15:04:18:NOTICE: l2tpd ctrl=4 logtype=Finished 2012-02-10 15:04:22:NOTICE: l2tpd ctrl=5 timeout waiting ack for ctrl packets. 2012-02-10 15:04:22:NOTICE: l2tpd ctrl=5 logtype=Finished 2012-02-10 15:04:26:NOTICE: l2tpd ctrl=6 timeout waiting ack for ctrl packets. 2012-02-10 15:04:26:NOTICE: l2tpd ctrl=6 logtype=Finished 2012-02-10 15:04:30:NOTICE: l2tpd ctrl=7 timeout waiting ack for ctrl packets. 2012-02-10 15:04:30:NOTICE: l2tpd ctrl=7 logtype=Finished --- Then the flows are deleted by isakmpd. isakmpd -Kv -d (continued) --- 150419.422636 Default isakmpd: Peer 10.0.28.201 made us delete live SA from-10.0.28.20-to-99.23.208.174 for proto 3, initiator id: 10.0.222.201, responder id: 10.0.28.20 150419.472993 Default isakmpd: Peer 10.0.28.201 made us delete live SA peer-default for proto 1, initiator id: 10.0.222.201, responder id: 10.0.28.20 --- And the ipad pops-up a message stating the "L2TP-VPN server did not respond." (obviously, not completely correct) I have not included any configuration file information, because (frankly) I have no idea what information may be useful. I would be happy to forward anything that may be of use. It seems to me the problem lies in the L2TP exchange; but I have no idea how to approach this. I have searched on the web for the last few days, and have avoided being hit by the clue stick. Thanks for any suggestions. Bye - ted
