Re: [strongSwan] Problem with IPsec/L2TP VPN!

Mon, 08 Apr 2019 06:09:18 -0700 

I've added

rightsubnet=0.0.0.0/0
leftsubnet=0.0.0.0/0

to ipsec.conf and now get
connection 'myvpn' established successfully

still no ip addess for the connection (just keep-alives), but that's next I 
suppose (need username/password probably)



________________________________
From: Users <[email protected]> on behalf of A P 
<[email protected]>
Sent: Monday, 8 April 2019 22:08
To: [email protected]
Subject: Re: [strongSwan] Problem with IPsec/L2TP VPN!

Ok, I have enabled all the logs to level 4. Here is what I get around the 
error. Is this any more helpful? Perhaps, I need to set left/rightsubmask? Is 
the problem that it used my public ip rather than router internal? I don't 
think there is anything else missing from config (I don't have access to server 
log unfortunately)


LOG
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] changing received traffic 
selectors <my-public-ip>/32[udp]=== <vpn-server-ip>/32[udp/l2f] due to NAT
Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: 
CREATED => INSTALLING
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] no acceptable traffic selectors 
found
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] queueing INFORMATIONAL task
Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: 
INSTALLING => DESTROYING
Apr 08 21:19:45 cosmic charon[3199]: 04[KNL] deleting SAD entry with SPI 
cb524fd7


later there's also stuff like

Apr 08 21:47:49 cosmic ipsec[3798]: 03[IKE] received retransmit of response 
with ID 2810990975, but next request already sent



CONFIGS

ipsec.conf (I don't think the others really mater at this point)

conn myvpn
  type=transport
  authby=secret
  pfs=no
  rekey=no
  keyingtries=1
  left=%defaultroute
  leftprotoport=udp/l2tp
  right=<vpn-server-ip>
  rightprotoport=udp/%any
  auto=add
  ike=3des-sha1-modp1536!
  esp=3des-sha1!
  keyexchange=ikev1



xl2tpd.conf (tried with lac section as well)

[global]
port = 1701
access control = no

[lns default]
local ip = 192.168.1.2
require authentication = yes
name = myvpn
pppoptfile = /etc/ppp/options.l2tpd



options.l2tp (tried many others, with username/password, too)

noccp
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
lock
proxyarp
silent


also there a secrets file obviously

________________________________

Reply via email to