Hello,<br><br>I'm trying to get a strongswan VPN set up so I can connect my iPhone<br>to my Ubuntu Lucid Lynx desktop, but I can't seem to get it<br>working and would appreciate any help anyone can give me.<br><br>
I feel like I'm close, but networking is not one of my<br>strong suits, so the whole leftnexthop, rightprotoport<br>thing is pretty confusing to me.<br><br>I've been generally following the directions on these 3<br>
pages:<br><br><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a><br><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html">https://lists.strongswan.org/pipermail/users/2009-March/003291.html</a><br>
<a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html">http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html</a><br>
<br>Currently, I'm getting the following error:<br><br>cannot respond to IPsec SA request because no connection is known for <a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32">53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32</a><br>
<br>Here are the stats on what I'm running:<br><br>Ubuntu Desktop:<br> * Internal IP address is 192.168.1.10<br> * Running custom compiled version of strongswan-4.3.2 with --enable-nat-transport option enabled<br> * Running xl2tpd<br>
* Both were set up by following <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a><br> * Firewall was off while I was trying to get this working<br>
<br>Linksys E3000 router:<br> * Internal IP address is 192.168.1.1<br> * Comcast IP address is 53.74.66.108 (not my actual IP, but you get the idea)<br> * NAT Enabled<br> * VPN Passthrough Enabled<br> * Ports 4500 and 1701 forwarded to 192.168.1.10<br>
<br>iPhone 3GS:<br> * I guess the IP for this device is 166.121.15.14? (Again, I changed it in the log below)<br><br>Here is my ipsec.conf:<br><br>config setup<br> nat_traversal=yes<br> charonstart=yes<br> plutostart=yes<br>
<br>conn L2TP<br> authby=psk<br> pfs=no<br> rekey=no<br> type=tunnel<br> esp=aes128-sha1<br> ike=aes128-sha-modp1024<br> left=192.168.1.10<br> leftnexthop=%defaultroute<br>
#leftprotoport=17/%any<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/%any<br> #rightsubnetwithin=<a href="http://10.0.0.0/8">10.0.0.0/8</a><br> auto=add<br><br>And here are the errors I see:<br>
<br>Mar 26 15:41:11 ubuntu-desktop pluto[8372]: added connection description "L2TP"<br>Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: received Vendor ID payload [RFC 3947]<br>
Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]<br>Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]<br>
Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]<br>Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]<br>
Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]<br>Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]<br>
Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]<br>Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]<br>
Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<br>Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from <a href="http://166.121.15.14:15873">166.121.15.14:15873</a>: received Vendor ID payload [Dead Peer Detection]<br>
Mar 26 15:41:51 ubuntu-desktop pluto[8372]: "L2TP"[1] <a href="http://166.121.15.14:15873">166.121.15.14:15873</a> #1: responding to Main Mode from unknown peer <a href="http://166.121.15.14:15873">166.121.15.14:15873</a><br>
Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1] <a href="http://166.121.15.14:15873">166.121.15.14:15873</a> #1: NAT-Traversal: Result using RFC 3947: both are NATed<br>Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1] <a href="http://166.121.15.14:15873">166.121.15.14:15873</a> #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT<br>
Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1] <a href="http://166.121.15.14:15873">166.121.15.14:15873</a> #1: Peer ID is ID_IPV4_ADDR: '10.70.21.33'<br>Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15873">166.121.15.14:15873</a> #1: deleting connection "L2TP" instance with peer 166.121.15.14 {isakmp=#0/ipsec=#0}<br>
Mar 26 15:41:52 ubuntu-desktop pluto[8372]: | NAT-T: new mapping <a href="http://166.121.15.14:15873/15893">166.121.15.14:15873/15893</a>)<br>Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: sent MR3, ISAKMP SA established<br>
Mar 26 15:41:53 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: cannot respond to IPsec SA request because no connection is known for <a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32">53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32</a><br>
Mar 26 15:41:53 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: sending encrypted notification INVALID_ID_INFORMATION to <a href="http://166.121.15.14:15893">166.121.15.14:15893</a><br>
Mar 26 15:41:56 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xab4fb5b4 (perhaps this is a duplicated packet)<br>
Mar 26 15:41:56 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: sending encrypted notification INVALID_MESSAGE_ID to <a href="http://166.121.15.14:15893">166.121.15.14:15893</a><br>
Mar 26 15:41:59 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xab4fb5b4 (perhaps this is a duplicated packet)<br>
Mar 26 15:41:59 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: sending encrypted notification INVALID_MESSAGE_ID to <a href="http://166.121.15.14:15893">166.121.15.14:15893</a><br>
Mar 26 15:42:03 ubuntu-desktop pluto[8372]: "L2TP"[2] <a href="http://166.121.15.14:15893">166.121.15.14:15893</a> #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID Mar 26 Mar 26 15:42:05 ubuntu-desktop pluto[8372]: ERROR: asynchronous network error report on eth0 for message to 166.121.15.14 port 15893, complainant <a href="http://166.121.15.14">166.121.15.14</a>: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]<br>
<br>