Hi, What are you trying to do is i think x2tp with ipsec, if your machine is behind NAT you need to compile strongswan with NAT support, being very addictive to vpn and fan of strongswan I have also wrote an ebook on implementing PPTP,L2TP,IPSec,SSL vpn & Mobile Vpn on http://www.ebooksyours.com/how_to_vpn.html .
Thanks, Alok On Wed, Jan 19, 2011 at 9:12 PM, Spacelee <fjct...@gmail.com> wrote: > > this is the first time I try strongswan, and I couldn't establish a > connection, here is the configuration file : > server : centos 5.5 64 bit > strongswan : newest > client : mac os > > ipsec.conf : > config setup > # crlcheckinterval=600 > # strictcrlpolicy=yes > # cachecrls=yes > nat_traversal=yes > charonstart=yes > plutostart=yes > conn L2TP > authby=psk > pfs=no > rekey=no > type=tunnel > left=192.168.1.97 > leftnexthop=%defaultroute > leftprotoport=17/1701 > right=%any > rightprotoport=17/%any > rightsubnetwithin=0.0.0.0/0 > auto=add > > > xl2tpd.conf > [global] > debug network = yes > debug tunnel = yes > [lns default] > ip range = 10.0.0.200-10.0.0.254 > local ip = 10.0.0.1 > require chap = yes > refuse pap = yes > require authentication = yes > name = NIELSPEEN.COM > ppp debug = yes > pppoptfile = /etc/ppp/options.xl2tpd > length bit = yes > > > options.xl2tpd > ipcp-accept-local > ipcp-accept-remote > ms-dns 8.8.8.8 > noccp > auth > crtscts > idle 1800 > mtu 1410 > mru 1410 > nodefaultroute > debug > lock > proxyarp > connect-delay 5000 > > > ipsec.secrets > 192.168.1.97 %any : PSK "testpsk" > > and the /var/log/secure > > Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages > Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0 > 192.168.1.97:500 > Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0 > 192.168.1.97:4500 > Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo > 127.0.0.1:500 > Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo > 127.0.0.1:4500 > Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500 > Jan 19 23:31:18 localhost pluto[13051]: loading secrets from > "/etc/ipsec.secrets" > Jan 19 23:31:18 localhost pluto[13051]: loaded PSK secret for > 192.168.1.97 %any > Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started > after 20 ms > Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP" > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > received Vendor ID payload [RFC 3947] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > received Vendor ID payload [Dead Peer Detection] > Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500: > initial Main Mode message received on 192.168.1.97:500 but no connection > has been authorized with policy=PSK > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > received Vendor ID payload [RFC 3947] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > received Vendor ID payload [Dead Peer Detection] > Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500: > initial Main Mode message received on 192.168.1.97:500 but no connection > has been authorized with policy=PSK > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > received Vendor ID payload [RFC 3947] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > received Vendor ID payload [Dead Peer Detection] > Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500: > initial Main Mode message received on 192.168.1.97:500 but no connection > has been authorized with policy=PSK > > > > > > > -- > *Space Lee* > > > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users