>> do your l2tp logs show the connection?
>>
>
>Nope. It always fails on the ipsec connection.
hm, not sure that this is true; in the logs you posted, you do get a
IPsec SA established which, in my experience, means that the tunnel is
successfully established. However, it is immediately followed by :
received Delete SA(0x1728294a) payload: deleting IPsec State
which means something is telling it to un-establish, which might be a
failure to connect to the l2tp daemon, for example because your iptables
rules are not correct or the roadwarrior has a firewall blocking it.
might be something else too, I suppose.
The only l2tp unit I have that is still in production is using version
3.12 of libreswan and has 17/%any on both sides, so maybe you will need
an older version. fwiw, here is the config:
conn rw-l2tp-ugl-withnat
rightsubnet=vhost:%no,%priv
also=rw-l2tp-ugl-nonat
conn rw-l2tp-ugl-nonat
left=x.x.x.x
leftnexthop=x.x.x.y
leftprotoport=17/%any
leftcert=firewall.ugl
right=%any
rightprotoport=17/%any
rightca=%same
pfs=no
dpddelay=30
dpdtimeout=120
dpdaction=clear
auto=add
On 2019-10-30 12:14 p.m., John Crisp wrote:
On 30/10/19 19:41, John Crisp wrote:
can try setting both right and left protoport to 17/%any.
Failed to add connection "L2TPD-PSK": cannot have protoport with %any on
both sides
:-)
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
