On Wed, 13 Nov 2019, Paul Smith wrote:
I am trying to establish a L2TP VPN connection using libreswan on
Fedora 31 to connect to a MS Windows server, but getting the problem
below.
004 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: STATE_MAIN_I4: ISAKMP
SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1
group=MODP1024}
phase 1 established.
002 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: initiating Quick Mode
PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:b951826e proposal=3DES_CBC-HMAC_SHA1_96
pfsgroup=MODP1024}
117 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1: initiate
010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1:
retransmission; will wait 0.5 seconds for response
this times out. Usually it means the other end does not like your phase2
proposal but did not bother to tell you. Check the esp/phase2alg and pfs
settings. Also make sure you have leftprotoport/rightprotoport setup for
L2TP. Also check if you are using transport mode, not tunnel mode.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
