<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi Uli, <br>
until I'm fighting to start with my strongswan setup and looking
around I found something that could be useful to you:<br>
Other way around for IPhone ( May work also on IPad) and strongswan
- certificate based auth. You can give them a try: <a
href="http://www.mail-archive.com/users@lists.strongswan.org/msg00798.html">here</a>
and <a
href="http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client">here</a>
some aditional help for certificate creation if you need it.<br>
<span class="sender"><br>
Michael Niehren report success.<br>
<br>
Best regards,<br>
Martin </span><br>
<br>
On 02/09/2011 06:20 AM, Benoit Foucher wrote:
<blockquote
cite="mid:A9EA5AAA-81A8-4870-B1E5-7693178B074A@bittrap.com"
type="cite"><base href="x-msg://373/">Hi Uli
<div><br>
</div>
<div>I wasn't able to get the connection working with my iPhone or
iPad when there's 2 NATs to go through. I believe I was able to
go a bit further than you in the connection establishment
process however. See my configuration in the emails from the
list archive here:</div>
<div><br>
</div>
<div> <a moz-do-not-send="true"
href="https://lists.strongswan.org/pipermail/users/2010-December/005692.html">https://lists.strongswan.org/pipermail/users/2010-December/005692.html</a></div>
<div><br>
</div>
<div>Also see this thread: </div>
<div><br>
</div>
<div> <a moz-do-not-send="true"
href="https://lists.strongswan.org/pipermail/users/2010-December/005721.html">https://lists.strongswan.org/pipermail/users/2010-December/005721.html</a></div>
<div><br>
</div>
<div>The problem seems to be a bug in the raccoon OS X
implementation. Unfortunately, I didn't get time to look more
into it or report it to the appropriate parties...</div>
<div><br>
</div>
<div>Benoit.</div>
<div><br>
<div>
<div>On Feb 8, 2011, at 8:51 PM, Uli Joergens wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div bgcolor="white" link="blue" vlink="purple" lang="DE">
<div class="WordSection1" style="page: WordSection1;">
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);">Hello,
I’m back again...<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">I recompiled strongswan with that
option and I set up the configuration according to
that guide. NAT traversal seems to be O.K. (as it
was actually with the SuSe strongswan package).<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Unfortunately it still throws the same
error message: “cannot respond to IPsec SA request
because no connection is known for
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.15:33096[10.114.236.80]:17/%any==={10.114.236.80/32}“<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">I don’t quite understand what Pluto is
trying to do there and what information is missing
for finding the connection. It looks like it
already found the connection “L2TP”.<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Any ideas what’s going wrong there?<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Here the logfile again:<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:15 webfrontend
ipsec_starter[28321]: Starting strongSwan 4.5.0
IPsec [starter]...<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: Starting IKEv1 pluto daemon
(strongSwan 4.5.0) THREADS VENDORID<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: listening on interfaces:<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: eth0<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: 192.168.1.250<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: fe80::20c:29ff:fe60:14ef<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
ipsec_starter[28329]: pluto (28330) started after 20
ms<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loaded plugins: aes des sha1 sha2 md5
random x509 pkcs1 pgp dnskey pem gmp hmac xauth attr
kernel-netlink resolve<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: including NAT-Traversal patch
(Version 0.6c)<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[DMN] Starting IKEv2 charon daemon (strongSwan
4.5.0)<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] listening on interfaces:<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] eth0<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] 192.168.1.250<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] fe80::20c:29ff:fe60:14ef<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loaded IKE secret for 192.168.1.250 %any<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loaded IKE secret for 192.168.1.250
193.247.250.19<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[DMN] loaded plugins: aes des sha1 sha2 md5 random
x509 revocation pubkey pkcs1 pgp pem fips-prf gmp
xcbc hmac attr kernel-netlink resolve socket-raw
stroke updown<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[JOB] spawning 16 worker threads<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
ipsec_starter[28329]: charon (28331) started after
60 ms<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
06[CFG] received stroke: add connection 'L2TP'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend charon:
06[CFG] added configuration 'L2TP'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading ocsp certificates from
'/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: Changing to directory
'/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: spawning 4 worker threads<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: listening for IKE messages<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface eth0/eth0
192.168.1.250:500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface eth0/eth0
192.168.1.250:4500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.2:500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.2:4500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.1:500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.1:4500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo ::1:500<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading secrets from
"/usr/local/etc/ipsec.secrets"<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loaded PSK secret for 192.168.1.250
%any<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loaded PSK secret for 192.168.1.250
193.247.250.19<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: added connection description "L2TP"<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
received Vendor ID payload [RFC 3947]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[4df37928e9fc4fd1b3262170d515c662]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[8f8d83826d246b6fc7a8a6a428c11de8]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[439b59f8ba676c4c7737ae22eab8f582]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[4d1e0e136deafa34c4f3ea9f02ec7285]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[80d0bb3def54565ee84645d4c85ce3ee]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[9909b64eed937c6573de52ace952fa6b]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
responding to Main Mode from unknown peer
193.247.250.15:141<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
NAT-Traversal: Result using RFC 3947: both are NATed<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
ignoring informational payload, type
IPSEC_INITIAL_CONTACT<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1: Peer
ID is ID_IPV4_ADDR: '10.114.236.80'<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:141 #1:
deleting connection "L2TP" instance with peer
193.247.250.15 {isakmp=#0/ipsec=#0}<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: | NAT-T: new mapping
193.247.250.15:141/33096)<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
sent MR3, ISAKMP SA established<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:30 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
cannot respond to IPsec SA request because no
connection is known for
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.15:33096[10.114.236.80]:17/%any==={10.114.236.80/32}<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:30 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
sending encrypted notification
INVALID_ID_INFORMATION to 193.247.250.15:33096<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:33 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
Quick Mode I1 message is unacceptable because it
uses a previously used Message ID 0x6f7badea
(perhaps this is a duplicated packet)<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US">Feb 8 20:21:33 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
sending encrypted notification INVALID_MESSAGE_ID to
193.247.250.15:33096<o:p></o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><span
style="font-size: 11pt; font-family:
Calibri,sans-serif; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></div>
<div>
<div style="border-style: solid none none; border-top:
1pt solid rgb(181, 196, 223); padding: 3pt 0cm 0cm;">
<div style="margin: 0cm 0cm 0.0001pt; font-size:
12pt; font-family: 'Times New Roman',serif; color:
black;"><b><span style="font-size: 10pt;
font-family: Tahoma,sans-serif; color:
windowtext;" lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family:
Tahoma,sans-serif; color: windowtext;"
lang="EN-US"><span class="Apple-converted-space"> </span>Martin
Lambev [<a class="moz-txt-link-freetext" href="mailto:fsh3mve@gmail.com">mailto:fsh3mve@gmail.com</a>]<span
class="Apple-converted-space"> </span><br>
<b>Sent:</b><span class="Apple-converted-space"> </span>Montag,
7. Februar 2011 16:28<br>
<b>To:</b><span class="Apple-converted-space"> </span>Uli
Joergens<br>
<b>Subject:</b><span
class="Apple-converted-space"> </span>Re:
[strongSwan] IPAD via NATed firewall doesn't
work<o:p></o:p></span></div>
</div>
</div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;">There
is really good copy/paste guide for Strongswan &
Iphone,Ipd,Mac<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"
style="color: blue; text-decoration: underline;">here
,</a><span class="Apple-converted-space"> </span><br>
you need to build strongswan form source with --<em>enable-nat-transport<span
class="Apple-converted-space"> </span></em>,
otherwise will not work.<br>
Here is a<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://blog.windfluechter.net/archives/916-StrongSwan-and-L2TPIPsec-on-Debian.html"
style="color: blue; text-decoration: underline;">note</a><span
class="Apple-converted-space"> </span>that you need
to know for security issue enabling that feature.<br>
<br>
And you do not need dyndns for your Ipad it will work
without one, only to your router is enough.<br>
Bt in case anytime need it is has dyndns client for
Ipad,Iphone form apple store.<br>
<br>
However I did not try neither of these because i do
net have Idevice.<br>
<br>
Best regards,<br>
Martin <span class="Apple-converted-space"> </span><br>
<br>
On 02/07/2011 03:15 PM, Uli Joergens wrote:<o:p></o:p></div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;">Hi
Martin<o:p></o:p></div>
</div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;">Thanks
a lot for your suggestions. I'll give the internet
café a try, just to make sure it's not sunrise
causing problems with their NAT.<o:p></o:p></div>
</div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;">I
don't think the Ipad supports dyndns otherwise I
would try that as well. I'll have a look.<o:p></o:p></div>
</div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;">Regards<o:p></o:p></div>
</div>
<div>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;">Uli<o:p></o:p></div>
</div>
<div>
<p class="MsoNormal" style="margin: 0cm 0cm 12pt;
font-size: 12pt; font-family: 'Times New
Roman',serif; color: black;"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin: 0cm 0cm 12pt;
font-size: 12pt; font-family: 'Times New
Roman',serif; color: black;"><br>
On 07.02.2011, at 00:51, Martin Lambew <<a
moz-do-not-send="true"
href="mailto:fsh3mve@gmail.com" style="color:
blue; text-decoration: underline;">fsh3mve@gmail.com</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
<div>
<p style="margin-right: 0cm; margin-left: 0cm;
font-size: 12pt; font-family: 'Times New
Roman',serif; color: black; margin-bottom: 12pt;">Hi
Uil,<span class="Apple-converted-space"> </span><br>
<br>
Did you try to connect to your ipsec tunnel from
the internet but not over the 3G but for exaple
from internet coffee etc.?<span
class="Apple-converted-space"> </span><br>
<br>
I assume that your<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://mydomain.dyndns.org" style="color:
blue; text-decoration: underline;">mydomain.dyndns.org</a><span
class="Apple-converted-space"> </span>is for
your DR-855 Internet GW? If that is true why do
not try fallowing setup:<span
class="Apple-converted-space"> </span><br>
IPad<>ipad.dyndns.org<>mydomain.dyndns.org<>dr-855....
etc..<span class="Apple-converted-space"> </span><br>
<br>
conn L2TP<span class="Apple-converted-space"> </span><br>
left=mydomain.dyndns.org<span
class="Apple-converted-space"> </span><br>
leftnexthop=%defaultroute<span
class="Apple-converted-space"> </span><br>
leftsubnet=192.168.1.250/255.255.255.0<span
class="Apple-converted-space"> </span><br>
leftfirewall=yes<span
class="Apple-converted-space"> </span><br>
#lefthostaccess=yes<span
class="Apple-converted-space"> </span><br>
right=ipad.dyndns.org<span
class="Apple-converted-space"> </span><br>
rightsubnet=%Any<span
class="Apple-converted-space"> </span><br>
rightnexthop=%defaultroute<span
class="Apple-converted-space"> </span><br>
.....<span class="Apple-converted-space"> </span><br>
Regards,<span class="Apple-converted-space"> </span><br>
<br>
Martin<span class="Apple-converted-space"> </span><br>
<br>
<span style="color: rgb(153, 153, 153);">--<span
class="Apple-converted-space"> </span></span><br>
<span style="color: rgb(153, 153, 153);">Sent from
mobile location</span><span
class="Apple-converted-space"> </span><br>
<br>
----- Original message -----<span
class="Apple-converted-space"> </span><br>
> Hello Andreas<span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> Thanks for the rapid response!<span
class="Apple-converted-space"> </span><br>
> 86.194.205.27 is the public IP-address
(dynamic) of my internet gateway.<span
class="Apple-converted-space"> </span><br>
> The dyndns entry points to that address.<span
class="Apple-converted-space"> </span><br>
> I guess that's where it all goes wrong but I
can't really see how to<span
class="Apple-converted-space"> </span><br>
> configure that with strongswan. I tried to
put that address into the<span
class="Apple-converted-space"> </span><br>
> right-parameter (plus the ipsec secrets) as
well, but it doesn't change<span
class="Apple-converted-space"> </span><br>
> anything. The Ipad is NATed (Sunrise) as well
as my internet access.<span
class="Apple-converted-space"> </span><br>
> Is it actually feasible that way?<span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> Regards<span class="Apple-converted-space"> </span><br>
> Uli<span class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> -----Original Message-----<span
class="Apple-converted-space"> </span><br>
> From: Andreas Steffen [<a
moz-do-not-send="true"
href="mailto:andreas.steffen@strongswan.org"
style="color: blue; text-decoration: underline;">mailto:andreas.steffen@strongswan.org</a>]<span
class="Apple-converted-space"> </span><br>
> Sent: Sonntag, 6. Februar 2011 19:13<span
class="Apple-converted-space"> </span><br>
> To: Uli Joergens<span
class="Apple-converted-space"> </span><br>
> Cc:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:users@lists.strongswan.org"
style="color: blue; text-decoration: underline;">users@lists.strongswan.org</a><span
class="Apple-converted-space"> </span><br>
> Subject: Re: [strongSwan] IPAD via NATed
firewall doesn't work<span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> Hello Uli,<span class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> why does the peer want to access
86.194.205.27/32<span
class="Apple-converted-space"> </span><br>
> behind strongSwan gateway 192.168.1.250?<span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> Regards<span class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> Andreas<span class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
> On 06.02.2011 18:50, Uli Joergens wrote:<span
class="Apple-converted-space"> </span><br>
> > Hello<span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > I'm trying to configure strongswan for
accessing my home network with<span
class="Apple-converted-space"> </span><br>
> > my Ipad.<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > I do manage to build up the vpn tunnel
within the WLAN with the<span
class="Apple-converted-space"> </span><br>
> > ipsec.conf below.<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > # ipsec.conf - strongSwan IPsec
configuration file<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > # basic configuration<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > config setup<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > nat_traversal=yes<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > charonstart=no<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > plutostart=yes<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > conn L2TP<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > authby=psk<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > keyexchange=ikev1<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > pfs=no<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > rekey=no<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > type=tunnel<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > esp=aes128-sha1<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > ike=aes128-sha-modp1024<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > left=192.168.1.250<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > leftprotoport=17/1701<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > right=%any<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > rightprotoport=17/%any<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > rightsubnetwithin=0.0.0.0/0<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > auto=add<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > As soon as I try to access through the
internet (dynamic IP-address via<span
class="Apple-converted-space"> </span><br>
> > dyndns), I get the following error
message ": cannot respond to IPsec<span
class="Apple-converted-space"> </span><br>
> > SA request because no connection is
known for" (see log below):<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:43 webfrontend
pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
class="Apple-converted-space"> </span><br>
> > #5: responding to Main Mode from unknown
peer 193.247.250.41:397<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:44 webfrontend
pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
class="Apple-converted-space"> </span><br>
> > #5: NAT-Traversal: Result using RFC
3947: both are NATed<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:44 webfrontend
pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
class="Apple-converted-space"> </span><br>
> > #5: ignoring informational payload, type
IPSEC_INITIAL_CONTACT<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:44 webfrontend
pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
class="Apple-converted-space"> </span><br>
> > #5: Peer ID is ID_IPV4_ADDR:
'10.165.74.84'<span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:44 webfrontend
pluto[26687]: "L2TP"[7] 193.247.250.41:397<span
class="Apple-converted-space"> </span><br>
> > #5: deleting connection "L2TP" instance
with peer 193.247.250.41<span
class="Apple-converted-space"> </span><br>
> > {isakmp=#0/ipsec=#0}<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:44 webfrontend
pluto[26687]: | NAT-T: new mapping<span
class="Apple-converted-space"> </span><br>
> > 193.247.250.41:397/18954)<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:44 webfrontend
pluto[26687]: "L2TP"[7]<span
class="Apple-converted-space"> </span><br>
> > 193.247.250.41:18954 #5: sent MR3,
ISAKMP SA established<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:45 webfrontend
pluto[26687]: "L2TP"[7]<span
class="Apple-converted-space"> </span><br>
> > 193.247.250.41:18954 #5: cannot respond
to IPsec SA request because no<span
class="Apple-converted-space"> </span><br>
> > connection is known for<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
>
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.4<br>
>
1:18954[10.165.74.84]:17/%any==={10.165.74.84/32}<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:45 webfrontend
pluto[26687]: "L2TP"[7]<span
class="Apple-converted-space"> </span><br>
> > 193.247.250.41:18954 #5: sending
encrypted notification<span
class="Apple-converted-space"> </span><br>
> > INVALID_ID_INFORMATION to
193.247.250.41:18954<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Feb 6 18:45:48 webfrontend
pluto[26687]: "L2TP"[7]<span
class="Apple-converted-space"> </span><br>
> > 193.247.250.41:18954 #5: Quick Mode I1
message is unacceptable because<span
class="Apple-converted-space"> </span><br>
> > it uses a previously used Message ID
0x1e7f53a7 (perhaps this is a<span
class="Apple-converted-space"> </span><br>
> > duplicated packet)<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > My config looks the following:<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Ipad -> 3G -><span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://MyDomain.dyndns.org" style="color:
blue; text-decoration: underline;">MyDomain.dyndns.org</a><span
class="Apple-converted-space"> </span>->
DIR-855 internet gateway<span
class="Apple-converted-space"> </span><br>
> > (192.168.1.1) -> VPN-gateway
(192.168.1.250) -> LAN / WLAN 192.168.1.0<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > I tried all sorts of combinations
including the NATed Ipad address as<span
class="Apple-converted-space"> </span><br>
> > parameter "right" (as well as the
parameters rightsubnet,<span
class="Apple-converted-space"> </span><br>
> > rightsubnetwithin) but it doesn't change
anything. I presume I got<span
class="Apple-converted-space"> </span><br>
> > something fundamentally wrong.<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Did anybody manage to get VPN up and
running in a similar<span
class="Apple-converted-space"> </span><br>
> > configuration?<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Regards<span
class="Apple-converted-space"> </span><br>
> ><span class="Apple-converted-space"> </span><br>
> > Uli<span class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
>
======================================================================<span
class="Apple-converted-space"> </span><br>
> Andreas Steffen
<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:andreas.steffen@strongswan.org"
style="color: blue; text-decoration: underline;">andreas.steffen@strongswan.org</a><span
class="Apple-converted-space"> </span><br>
> strongSwan - the Linux VPN Solution!
<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://www.strongswan.org" style="color:
blue; text-decoration: underline;">www.strongswan.org</a><span
class="Apple-converted-space"> </span><br>
> Institute for Internet Technologies and
Applications<span class="Apple-converted-space"> </span><br>
> University of Applied Sciences Rapperswil<span
class="Apple-converted-space"> </span><br>
> CH-8640 Rapperswil (Switzerland)<span
class="Apple-converted-space"> </span><br>
>
===========================================================[ITA-HSR]==<span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><br>
>
_______________________________________________<span
class="Apple-converted-space"> </span><br>
> Users mailing list<span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:Users@lists.strongswan.org"
style="color: blue; text-decoration: underline;">Users@lists.strongswan.org</a><span
class="Apple-converted-space"> </span><br>
><span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="https://lists.strongswan.org/mailman/listinfo/users"
style="color: blue; text-decoration: underline;">https://lists.strongswan.org/mailman/listinfo/users</a><o:p></o:p></p>
</div>
</blockquote>
<div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
</div>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.strongswan.org" style="color:
blue; text-decoration: underline;">Users@lists.strongswan.org</a><br>
<a moz-do-not-send="true"
href="https://lists.strongswan.org/mailman/listinfo/users"
style="color: blue; text-decoration: underline;">https://lists.strongswan.org/mailman/listinfo/users</a></div>
</blockquote>
</div>
<br>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</body>
</html>