<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    Hi Uli, <br>
    until I'm fighting to start with my strongswan setup and looking
    around I found something that could be useful to you:<br>
    Other way around for IPhone ( May work also on IPad) and strongswan
    - certificate based auth. You can give them a try: <a
href="http://www.mail-archive.com/users@lists.strongswan.org/msg00798.html">here</a>
    and <a
href="http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client">here</a>
    some aditional help for certificate creation if you need it.<br>
    <span class="sender"><br>
      Michael Niehren report success.<br>
      <br>
      Best regards,<br>
      Martin </span><br>
    <br>
    On 02/09/2011 06:20 AM, Benoit Foucher wrote:
    <blockquote
      cite="mid:A9EA5AAA-81A8-4870-B1E5-7693178B074A@bittrap.com"
      type="cite"><base href="x-msg://373/">Hi Uli
      <div><br>
      </div>
      <div>I wasn't able to get the connection working with my iPhone or
        iPad when there's 2 NATs to go through. I believe I was able to
        go a bit further than you in the connection establishment
        process however. See my configuration in the emails from the
        list archive here:</div>
      <div><br>
      </div>
      <div>   <a moz-do-not-send="true"
href="https://lists.strongswan.org/pipermail/users/2010-December/005692.html">https://lists.strongswan.org/pipermail/users/2010-December/005692.html</a></div>
      <div><br>
      </div>
      <div>Also see this thread:  </div>
      <div><br>
      </div>
      <div>    <a moz-do-not-send="true"
href="https://lists.strongswan.org/pipermail/users/2010-December/005721.html">https://lists.strongswan.org/pipermail/users/2010-December/005721.html</a></div>
      <div><br>
      </div>
      <div>The problem seems to be a bug in the raccoon OS X
        implementation. Unfortunately, I didn't get time to look more
        into it or report it to the appropriate parties...</div>
      <div><br>
      </div>
      <div>Benoit.</div>
      <div><br>
        <div>
          <div>On Feb 8, 2011, at 8:51 PM, Uli Joergens wrote:</div>
          <br class="Apple-interchange-newline">
          <blockquote type="cite">
            <div bgcolor="white" link="blue" vlink="purple" lang="DE">
              <div class="WordSection1" style="page: WordSection1;">
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);">Hello,
                    I’m back again...<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">I recompiled strongswan with that
                    option and I set up the configuration according to
                    that guide. NAT traversal seems to be O.K. (as it
                    was actually with the SuSe strongswan package).<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Unfortunately it still throws the same
                    error message: “cannot respond to IPsec SA request
                    because no connection is known for
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.15:33096[10.114.236.80]:17/%any==={10.114.236.80/32}“<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US"><o:p> </o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">I don’t quite understand what Pluto is
                    trying to do there and what information is missing
                    for  finding the connection. It looks like it
                    already found the connection “L2TP”.<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Any ideas what’s going wrong there?<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US"><o:p> </o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US"><o:p> </o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Here the logfile again:<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US"><o:p> </o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:15 webfrontend
                    ipsec_starter[28321]: Starting strongSwan 4.5.0
                    IPsec [starter]...<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: Starting IKEv1 pluto daemon
                    (strongSwan 4.5.0) THREADS VENDORID<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: listening on interfaces:<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]:   eth0<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]:     192.168.1.250<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]:     fe80::20c:29ff:fe60:14ef<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    ipsec_starter[28329]: pluto (28330) started after 20
                    ms<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: loaded plugins: aes des sha1 sha2 md5
                    random x509 pkcs1 pgp dnskey pem gmp hmac xauth attr
                    kernel-netlink resolve<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]:   including NAT-Traversal patch
                    (Version 0.6c)<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[DMN] Starting IKEv2 charon daemon (strongSwan
                    4.5.0)<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[KNL] listening on interfaces:<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[KNL]   eth0<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[KNL]     192.168.1.250<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[KNL]     fe80::20c:29ff:fe60:14ef<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG] loading ca certificates from
                    '/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG] loading aa certificates from
                    '/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG] loading ocsp signer certificates from
                    '/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG] loading attribute certificates from
                    '/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG] loading crls from
                    '/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG] loading secrets from
                    '/usr/local/etc/ipsec.secrets'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG]   loaded IKE secret for 192.168.1.250 %any<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[CFG]   loaded IKE secret for 192.168.1.250
                    193.247.250.19<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[DMN] loaded plugins: aes des sha1 sha2 md5 random
                    x509 revocation pubkey pkcs1 pgp pem fips-prf gmp
                    xcbc hmac attr kernel-netlink resolve socket-raw
                    stroke updown<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    00[JOB] spawning 16 worker threads<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    ipsec_starter[28329]: charon (28331) started after
                    60 ms<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    06[CFG] received stroke: add connection 'L2TP'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend charon:
                    06[CFG] added configuration 'L2TP'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: loading ca certificates from
                    '/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: loading aa certificates from
                    '/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: loading ocsp certificates from
                    '/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: Changing to directory
                    '/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: loading attribute certificates from
                    '/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: spawning 4 worker threads<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: listening for IKE messages<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface eth0/eth0
                    192.168.1.250:500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface eth0/eth0
                    192.168.1.250:4500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface lo/lo 127.0.0.2:500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface lo/lo 127.0.0.2:4500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface lo/lo 127.0.0.1:500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface lo/lo 127.0.0.1:4500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: adding interface lo/lo ::1:500<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: loading secrets from
                    "/usr/local/etc/ipsec.secrets"<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]:   loaded PSK secret for 192.168.1.250
                    %any<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]:   loaded PSK secret for 192.168.1.250
                    193.247.250.19<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:16 webfrontend
                    pluto[28330]: added connection description "L2TP"<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    received Vendor ID payload [RFC 3947]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [4df37928e9fc4fd1b3262170d515c662]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [8f8d83826d246b6fc7a8a6a428c11de8]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [439b59f8ba676c4c7737ae22eab8f582]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [4d1e0e136deafa34c4f3ea9f02ec7285]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [80d0bb3def54565ee84645d4c85ce3ee]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [9909b64eed937c6573de52ace952fa6b]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [draft-ietf-ipsec-nat-t-ike-03]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [draft-ietf-ipsec-nat-t-ike-02]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    ignoring Vendor ID payload
                    [draft-ietf-ipsec-nat-t-ike-02_n]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: packet from 193.247.250.15:141:
                    received Vendor ID payload [Dead Peer Detection]<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:27 webfrontend
                    pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
                    responding to Main Mode from unknown peer
                    193.247.250.15:141<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:28 webfrontend
                    pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
                    NAT-Traversal: Result using RFC 3947: both are NATed<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:28 webfrontend
                    pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
                    ignoring informational payload, type
                    IPSEC_INITIAL_CONTACT<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:28 webfrontend
                    pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1: Peer
                    ID is ID_IPV4_ADDR: '10.114.236.80'<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:28 webfrontend
                    pluto[28330]: "L2TP"[2] 193.247.250.15:141 #1:
                    deleting connection "L2TP" instance with peer
                    193.247.250.15 {isakmp=#0/ipsec=#0}<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:28 webfrontend
                    pluto[28330]: | NAT-T: new mapping
                    193.247.250.15:141/33096)<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:28 webfrontend
                    pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
                    sent MR3, ISAKMP SA established<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:30 webfrontend
                    pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
                    cannot respond to IPsec SA request because no
                    connection is known for
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.15:33096[10.114.236.80]:17/%any==={10.114.236.80/32}<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:30 webfrontend
                    pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
                    sending encrypted notification
                    INVALID_ID_INFORMATION to 193.247.250.15:33096<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:33 webfrontend
                    pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
                    Quick Mode I1 message is unacceptable because it
                    uses a previously used Message ID 0x6f7badea
                    (perhaps this is a duplicated packet)<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US">Feb  8 20:21:33 webfrontend
                    pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1:
                    sending encrypted notification INVALID_MESSAGE_ID to
                    193.247.250.15:33096<o:p></o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US"><o:p> </o:p></span></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><span
                    style="font-size: 11pt; font-family:
                    Calibri,sans-serif; color: rgb(31, 73, 125);"
                    lang="EN-US"><o:p> </o:p></span></div>
                <div>
                  <div style="border-style: solid none none; border-top:
                    1pt solid rgb(181, 196, 223); padding: 3pt 0cm 0cm;">
                    <div style="margin: 0cm 0cm 0.0001pt; font-size:
                      12pt; font-family: 'Times New Roman',serif; color:
                      black;"><b><span style="font-size: 10pt;
                          font-family: Tahoma,sans-serif; color:
                          windowtext;" lang="EN-US">From:</span></b><span
                        style="font-size: 10pt; font-family:
                        Tahoma,sans-serif; color: windowtext;"
                        lang="EN-US"><span class="Apple-converted-space"> </span>Martin
                        Lambev [<a class="moz-txt-link-freetext" href="mailto:fsh3mve@gmail.com">mailto:fsh3mve@gmail.com</a>]<span
                          class="Apple-converted-space"> </span><br>
                        <b>Sent:</b><span class="Apple-converted-space"> </span>Montag,
                        7. Februar 2011 16:28<br>
                        <b>To:</b><span class="Apple-converted-space"> </span>Uli
                        Joergens<br>
                        <b>Subject:</b><span
                          class="Apple-converted-space"> </span>Re:
                        [strongSwan] IPAD via NATed firewall doesn't
                        work<o:p></o:p></span></div>
                  </div>
                </div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;">There
                  is really good copy/paste guide for Strongswan &
                  Iphone,Ipd,Mac<span class="Apple-converted-space"> </span><a
                    moz-do-not-send="true"
href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"
                    style="color: blue; text-decoration: underline;">here
                    ,</a><span class="Apple-converted-space"> </span><br>
                  you need to build strongswan form source with --<em>enable-nat-transport<span
                      class="Apple-converted-space"> </span></em>,
                  otherwise will not work.<br>
                  Here is a<span class="Apple-converted-space"> </span><a
                    moz-do-not-send="true"
href="http://blog.windfluechter.net/archives/916-StrongSwan-and-L2TPIPsec-on-Debian.html"
                    style="color: blue; text-decoration: underline;">note</a><span
                    class="Apple-converted-space"> </span>that you need
                  to know for security issue enabling that feature.<br>
                  <br>
                  And you do not need dyndns for your Ipad it will work
                  without one, only to your router is enough.<br>
                  Bt in case anytime need it is has dyndns client for
                  Ipad,Iphone form apple store.<br>
                  <br>
                  However I did not try neither of these because i do
                  net have Idevice.<br>
                  <br>
                  Best regards,<br>
                  Martin <span class="Apple-converted-space"> </span><br>
                  <br>
                  On 02/07/2011 03:15 PM, Uli Joergens wrote:<o:p></o:p></div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;">Hi
                    Martin<o:p></o:p></div>
                </div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
                </div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;">Thanks
                    a lot for your suggestions. I'll give the internet
                    café a try, just to make sure it's not sunrise
                    causing problems with their NAT.<o:p></o:p></div>
                </div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;">I
                    don't think the Ipad supports dyndns otherwise I
                    would try that as well. I'll have a look.<o:p></o:p></div>
                </div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
                </div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;">Regards<o:p></o:p></div>
                </div>
                <div>
                  <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                    font-family: 'Times New Roman',serif; color: black;">Uli<o:p></o:p></div>
                </div>
                <div>
                  <p class="MsoNormal" style="margin: 0cm 0cm 12pt;
                    font-size: 12pt; font-family: 'Times New
                    Roman',serif; color: black;"><o:p> </o:p></p>
                </div>
                <div>
                  <p class="MsoNormal" style="margin: 0cm 0cm 12pt;
                    font-size: 12pt; font-family: 'Times New
                    Roman',serif; color: black;"><br>
                    On 07.02.2011, at 00:51, Martin Lambew <<a
                      moz-do-not-send="true"
                      href="mailto:fsh3mve@gmail.com" style="color:
                      blue; text-decoration: underline;">fsh3mve@gmail.com</a>>
                    wrote:<o:p></o:p></p>
                </div>
                <blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
                  <div>
                    <p style="margin-right: 0cm; margin-left: 0cm;
                      font-size: 12pt; font-family: 'Times New
                      Roman',serif; color: black; margin-bottom: 12pt;">Hi
                      Uil,<span class="Apple-converted-space"> </span><br>
                      <br>
                      Did you try to connect to your ipsec tunnel from
                      the internet but not over the 3G but for exaple
                      from internet coffee etc.?<span
                        class="Apple-converted-space"> </span><br>
                      <br>
                      I assume that your<span
                        class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="http://mydomain.dyndns.org" style="color:
                        blue; text-decoration: underline;">mydomain.dyndns.org</a><span
                        class="Apple-converted-space"> </span>is for
                      your DR-855 Internet GW? If that is true why do
                      not try fallowing setup:<span
                        class="Apple-converted-space"> </span><br>
                      IPad<>ipad.dyndns.org<>mydomain.dyndns.org<>dr-855....
                      etc..<span class="Apple-converted-space"> </span><br>
                      <br>
                      conn L2TP<span class="Apple-converted-space"> </span><br>
                      left=mydomain.dyndns.org<span
                        class="Apple-converted-space"> </span><br>
                      leftnexthop=%defaultroute<span
                        class="Apple-converted-space"> </span><br>
                      leftsubnet=192.168.1.250/255.255.255.0<span
                        class="Apple-converted-space"> </span><br>
                      leftfirewall=yes<span
                        class="Apple-converted-space"> </span><br>
                      #lefthostaccess=yes<span
                        class="Apple-converted-space"> </span><br>
                      right=ipad.dyndns.org<span
                        class="Apple-converted-space"> </span><br>
                      rightsubnet=%Any<span
                        class="Apple-converted-space"> </span><br>
                      rightnexthop=%defaultroute<span
                        class="Apple-converted-space"> </span><br>
                      .....<span class="Apple-converted-space"> </span><br>
                      Regards,<span class="Apple-converted-space"> </span><br>
                      <br>
                      Martin<span class="Apple-converted-space"> </span><br>
                      <br>
                      <span style="color: rgb(153, 153, 153);">--<span
                          class="Apple-converted-space"> </span></span><br>
                      <span style="color: rgb(153, 153, 153);">Sent from
                        mobile location</span><span
                        class="Apple-converted-space"> </span><br>
                      <br>
                      ----- Original message -----<span
                        class="Apple-converted-space"> </span><br>
                      > Hello Andreas<span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > Thanks for the rapid response!<span
                        class="Apple-converted-space"> </span><br>
                      > 86.194.205.27 is the public IP-address
                      (dynamic) of my internet gateway.<span
                        class="Apple-converted-space"> </span><br>
                      > The dyndns entry points to that address.<span
                        class="Apple-converted-space"> </span><br>
                      > I guess that's where it all goes wrong but I
                      can't really see how to<span
                        class="Apple-converted-space"> </span><br>
                      > configure that with strongswan. I tried to
                      put that address into the<span
                        class="Apple-converted-space"> </span><br>
                      > right-parameter (plus the ipsec secrets) as
                      well, but it doesn't change<span
                        class="Apple-converted-space"> </span><br>
                      > anything. The Ipad is NATed (Sunrise) as well
                      as my internet access.<span
                        class="Apple-converted-space"> </span><br>
                      > Is it actually feasible that way?<span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > Regards<span class="Apple-converted-space"> </span><br>
                      > Uli<span class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > -----Original Message-----<span
                        class="Apple-converted-space"> </span><br>
                      > From: Andreas Steffen [<a
                        moz-do-not-send="true"
                        href="mailto:andreas.steffen@strongswan.org"
                        style="color: blue; text-decoration: underline;">mailto:andreas.steffen@strongswan.org</a>]<span
                        class="Apple-converted-space"> </span><br>
                      > Sent: Sonntag, 6. Februar 2011 19:13<span
                        class="Apple-converted-space"> </span><br>
                      > To: Uli Joergens<span
                        class="Apple-converted-space"> </span><br>
                      > Cc:<span class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="mailto:users@lists.strongswan.org"
                        style="color: blue; text-decoration: underline;">users@lists.strongswan.org</a><span
                        class="Apple-converted-space"> </span><br>
                      > Subject: Re: [strongSwan] IPAD via NATed
                      firewall doesn't work<span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > Hello Uli,<span class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > why does the peer want to access
                      86.194.205.27/32<span
                        class="Apple-converted-space"> </span><br>
                      > behind strongSwan gateway 192.168.1.250?<span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > Regards<span class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > Andreas<span class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      > On 06.02.2011 18:50, Uli Joergens wrote:<span
                        class="Apple-converted-space"> </span><br>
                      > > Hello<span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > I'm trying to configure strongswan for
                      accessing my home network with<span
                        class="Apple-converted-space"> </span><br>
                      > > my Ipad.<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > I do manage to build up the vpn tunnel
                      within the WLAN with the<span
                        class="Apple-converted-space"> </span><br>
                      > > ipsec.conf below.<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > # ipsec.conf - strongSwan IPsec
                      configuration file<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > # basic configuration<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > config setup<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > nat_traversal=yes<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > charonstart=no<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > plutostart=yes<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > conn L2TP<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > authby=psk<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > keyexchange=ikev1<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > pfs=no<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > rekey=no<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > type=tunnel<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > esp=aes128-sha1<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > ike=aes128-sha-modp1024<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > left=192.168.1.250<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > leftprotoport=17/1701<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > right=%any<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > rightprotoport=17/%any<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > rightsubnetwithin=0.0.0.0/0<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > auto=add<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > As soon as I try to access through the
                      internet (dynamic IP-address via<span
                        class="Apple-converted-space"> </span><br>
                      > > dyndns), I get the following error
                      message ": cannot respond to IPsec<span
                        class="Apple-converted-space"> </span><br>
                      > > SA request because no connection is
                      known for" (see log below):<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:43 webfrontend
                      pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
                        class="Apple-converted-space"> </span><br>
                      > > #5: responding to Main Mode from unknown
                      peer 193.247.250.41:397<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:44 webfrontend
                      pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
                        class="Apple-converted-space"> </span><br>
                      > > #5: NAT-Traversal: Result using RFC
                      3947: both are NATed<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:44 webfrontend
                      pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
                        class="Apple-converted-space"> </span><br>
                      > > #5: ignoring informational payload, type
                      IPSEC_INITIAL_CONTACT<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:44 webfrontend
                      pluto[26687]: "L2TP"[6] 193.247.250.41:397<span
                        class="Apple-converted-space"> </span><br>
                      > > #5: Peer ID is ID_IPV4_ADDR:
                      '10.165.74.84'<span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:44 webfrontend
                      pluto[26687]: "L2TP"[7] 193.247.250.41:397<span
                        class="Apple-converted-space"> </span><br>
                      > > #5: deleting connection "L2TP" instance
                      with peer 193.247.250.41<span
                        class="Apple-converted-space"> </span><br>
                      > > {isakmp=#0/ipsec=#0}<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:44 webfrontend
                      pluto[26687]: | NAT-T: new mapping<span
                        class="Apple-converted-space"> </span><br>
                      > > 193.247.250.41:397/18954)<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:44 webfrontend
                      pluto[26687]: "L2TP"[7]<span
                        class="Apple-converted-space"> </span><br>
                      > > 193.247.250.41:18954 #5: sent MR3,
                      ISAKMP SA established<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:45 webfrontend
                      pluto[26687]: "L2TP"[7]<span
                        class="Apple-converted-space"> </span><br>
                      > > 193.247.250.41:18954 #5: cannot respond
                      to IPsec SA request because no<span
                        class="Apple-converted-space"> </span><br>
                      > > connection is known for<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      >
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.4<br>
                      >
                      1:18954[10.165.74.84]:17/%any==={10.165.74.84/32}<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:45 webfrontend
                      pluto[26687]: "L2TP"[7]<span
                        class="Apple-converted-space"> </span><br>
                      > > 193.247.250.41:18954 #5: sending
                      encrypted notification<span
                        class="Apple-converted-space"> </span><br>
                      > > INVALID_ID_INFORMATION to
                      193.247.250.41:18954<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Feb  6 18:45:48 webfrontend
                      pluto[26687]: "L2TP"[7]<span
                        class="Apple-converted-space"> </span><br>
                      > > 193.247.250.41:18954 #5: Quick Mode I1
                      message is unacceptable because<span
                        class="Apple-converted-space"> </span><br>
                      > > it uses a previously used Message ID
                      0x1e7f53a7 (perhaps this is a<span
                        class="Apple-converted-space"> </span><br>
                      > > duplicated packet)<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > My config looks the following:<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Ipad -> 3G -><span
                        class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="http://MyDomain.dyndns.org" style="color:
                        blue; text-decoration: underline;">MyDomain.dyndns.org</a><span
                        class="Apple-converted-space"> </span>->
                      DIR-855 internet gateway<span
                        class="Apple-converted-space"> </span><br>
                      > > (192.168.1.1) -> VPN-gateway
                      (192.168.1.250) -> LAN / WLAN 192.168.1.0<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > I tried all sorts of combinations
                      including the NATed Ipad address as<span
                        class="Apple-converted-space"> </span><br>
                      > > parameter "right" (as well as the
                      parameters rightsubnet,<span
                        class="Apple-converted-space"> </span><br>
                      > > rightsubnetwithin) but it doesn't change
                      anything. I presume I got<span
                        class="Apple-converted-space"> </span><br>
                      > > something fundamentally wrong.<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Did anybody manage to get VPN up and
                      running in a similar<span
                        class="Apple-converted-space"> </span><br>
                      > > configuration?<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Regards<span
                        class="Apple-converted-space"> </span><br>
                      > ><span class="Apple-converted-space"> </span><br>
                      > > Uli<span class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      >
                      ======================================================================<span
                        class="Apple-converted-space"> </span><br>
                      > Andreas Steffen                             
                                       <span
                        class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="mailto:andreas.steffen@strongswan.org"
                        style="color: blue; text-decoration: underline;">andreas.steffen@strongswan.org</a><span
                        class="Apple-converted-space"> </span><br>
                      > strongSwan - the Linux VPN Solution!         
                                         <span
                        class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="http://www.strongswan.org" style="color:
                        blue; text-decoration: underline;">www.strongswan.org</a><span
                        class="Apple-converted-space"> </span><br>
                      > Institute for Internet Technologies and
                      Applications<span class="Apple-converted-space"> </span><br>
                      > University of Applied Sciences Rapperswil<span
                        class="Apple-converted-space"> </span><br>
                      > CH-8640 Rapperswil (Switzerland)<span
                        class="Apple-converted-space"> </span><br>
                      >
                      ===========================================================[ITA-HSR]==<span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><br>
                      >
                      _______________________________________________<span
                        class="Apple-converted-space"> </span><br>
                      > Users mailing list<span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="mailto:Users@lists.strongswan.org"
                        style="color: blue; text-decoration: underline;">Users@lists.strongswan.org</a><span
                        class="Apple-converted-space"> </span><br>
                      ><span class="Apple-converted-space"> </span><a
                        moz-do-not-send="true"
                        href="https://lists.strongswan.org/mailman/listinfo/users"
                        style="color: blue; text-decoration: underline;">https://lists.strongswan.org/mailman/listinfo/users</a><o:p></o:p></p>
                  </div>
                </blockquote>
                <div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt;
                  font-family: 'Times New Roman',serif; color: black;"><o:p> </o:p></div>
              </div>
              _______________________________________________<br>
              Users mailing list<br>
              <a moz-do-not-send="true"
                href="mailto:Users@lists.strongswan.org" style="color:
                blue; text-decoration: underline;">Users@lists.strongswan.org</a><br>
              <a moz-do-not-send="true"
                href="https://lists.strongswan.org/mailman/listinfo/users"
                style="color: blue; text-decoration: underline;">https://lists.strongswan.org/mailman/listinfo/users</a></div>
          </blockquote>
        </div>
        <br>
      </div>
      <pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
    </blockquote>
    <br>
  </body>
</html>