Hi,<br><br>What are you trying to do is i think x2tp with ipsec, if your machine is behind NAT you need to compile strongswan with NAT support, being very addictive to vpn and fan of strongswan I have also wrote an ebook on implementing PPTP,L2TP,IPSec,SSL vpn & Mobile Vpn on <a href="http://www.ebooksyours.com/how_to_vpn.html">http://www.ebooksyours.com/how_to_vpn.html</a> .<br>
<br>Thanks,<br>Alok <br><br><div class="gmail_quote">On Wed, Jan 19, 2011 at 9:12 PM, Spacelee <span dir="ltr"><<a href="mailto:fjctlzy@gmail.com">fjctlzy@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="gmail_quote"><br>this is the first time I try strongswan, and I couldn't establish a connection, here is the configuration file : <div>server : centos 5.5 64 bit</div><div>strongswan : newest</div><div>client : mac os</div>
<div><br><div>
ipsec.conf : </div><div><div>config setup</div><div> # crlcheckinterval=600</div><div> # strictcrlpolicy=yes</div><div> # cachecrls=yes</div><div> nat_traversal=yes</div><div> charonstart=yes</div>
<div> plutostart=yes</div><div>conn L2TP</div><div> authby=psk</div><div> pfs=no</div><div> rekey=no</div><div> type=tunnel</div><div> left=192.168.1.97</div><div> leftnexthop=%defaultroute</div>
<div> leftprotoport=17/1701</div><div> right=%any</div><div> rightprotoport=17/%any</div><div> rightsubnetwithin=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div><div> auto=add</div>
<div><br>
</div><div><br></div><div>xl2tpd.conf</div><div><div>[global]</div><div>debug network = yes</div><div>debug tunnel = yes</div><div>[lns default]</div><div>ip range = 10.0.0.200-10.0.0.254</div><div>local ip = 10.0.0.1</div>
<div>require chap = yes</div><div>refuse pap = yes</div><div>require authentication = yes</div><div>name = <a href="http://NIELSPEEN.COM" target="_blank">NIELSPEEN.COM</a></div><div>ppp debug = yes</div><div>pppoptfile = /etc/ppp/options.xl2tpd</div>
<div>length bit = yes</div></div><div><br></div><div><br></div><div>options.xl2tpd</div><div><div>ipcp-accept-local</div><div>ipcp-accept-remote</div><div>ms-dns 8.8.8.8 </div><div>noccp</div><div>auth</div><div>crtscts</div>
<div>idle 1800</div><div>mtu 1410</div><div>mru 1410</div><div>nodefaultroute</div><div>debug</div><div>lock</div><div>proxyarp</div><div>connect-delay 5000</div></div><div><br></div><div><br></div><div>ipsec.secrets </div>
<div><div>192.168.1.97 %any : PSK "testpsk"</div></div><div><br></div><div>and the /var/log/secure</div><div><br></div><div><div>Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages</div><div>Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0 <a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a></div>
<div>Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0 <a href="http://192.168.1.97:4500" target="_blank">192.168.1.97:4500</a></div><div>Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a></div>
<div>Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a></div><div>Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500</div>
<div>Jan 19 23:31:18 localhost pluto[13051]: loading secrets from "/etc/ipsec.secrets"</div>
<div>Jan 19 23:31:18 localhost pluto[13051]: loaded PSK secret for 192.168.1.97 %any </div><div>Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started after 20 ms</div><div>Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP"</div>
<div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: received Vendor ID payload [RFC 3947]</div><div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]</div>
<div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]</div><div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]</div>
<div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]</div><div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]</div>
<div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]</div><div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]</div>
<div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]</div><div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</div>
<div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: received Vendor ID payload [Dead Peer Detection]</div><div>Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: initial Main Mode message received on <a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> but no connection has been authorized with policy=PSK</div>
<div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: received Vendor ID payload [RFC 3947]</div><div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]</div>
<div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]</div><div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]</div>
<div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]</div><div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]</div>
<div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]</div><div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]</div>
<div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]</div><div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</div>
<div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: received Vendor ID payload [Dead Peer Detection]</div><div>Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: initial Main Mode message received on <a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> but no connection has been authorized with policy=PSK</div>
<div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: received Vendor ID payload [RFC 3947]</div><div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]</div>
<div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]</div><div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]</div>
<div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]</div><div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]</div>
<div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]</div><div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]</div>
<div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]</div><div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</div>
<div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: received Vendor ID payload [Dead Peer Detection]</div><div>Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a>: initial Main Mode message received on <a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> but no connection has been authorized with policy=PSK</div>
</div><div><br></div><div><br></div><div><br></div><br></div></div></div><br clear="all"><br>-- <br><div><b>Space Lee</b></div><br>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br></blockquote></div><br>