Andreas/Martin/Uli,<br><br>Thanks for the suggestions. Unfortunately, after playing around with the settings, I'm still unable to advance past that same error.<br><br>Martin's suggestion to check the ports I'm using did help me spot that I had xl2tpd configured wrong, but once I got that fixed, it still showed that same error in strongswan itself.<br>
<br>I actually started using openswan intially and had no luck with that, so I figured I'd try strongswan. Maybe I'll give openswan another try now that I am slightly less clueless about what I'm doing. Maybe what Uli said is true and it's more compatible with double NATting?<br>
<br>The double NAT thing that Andreas and Uli mention sounds like a reasonable explanation, except that when I try to VPN in from my work's wireless instead of using 3G, it still doesn't work (not sure yet if the error is the same or not). Of course, my work's wireless might be NAT'ed also.<br>
<br>I'm close to giving up on this. It's proving very difficult and if it weren't for the few people online who claim to have gotten it working, I'd almost say it can't be done.<br><br>If I get the time/inclination I'll try and post some more debugging details and specifics on what all I've tried. But as of now, I ran through all the suggestions that folks have posted so far without any luck.<br>
<br>Thanks for trying though and if anyone has any ideas on other stuff to try, I'm all ears.<br><br>Actually... Andreas, when you say to try IPSec tunnel mode on my iPhone, do you mean to use the IPSec VPN type? Cuz the instructions I'm using say to use the L2TP mode... IPSec mode doesn't seem to work either, for what it's worth.<br>
<br><div class="gmail_quote">On Sun, Mar 27, 2011 at 12:01 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi Dan,<br>
<br>
what is missing is<br>
<br>
leftsubnet=<a href="http://53.74.66.108/32" target="_blank">53.74.66.108/32</a><br>
<br>
as you have a double NAT situation. Can you configure<br>
the iPhone to use IPsec Tunnel Mode so that the<br>
internal destination IP would be 192.168.1.10, too?<br>
<br>
Regards<br>
<br>
Andreas<br>
<div class="im"><br>
On 03/26/2011 09:06 PM, Dan Deming wrote:<br>
> Hello,<br>
><br>
> I'm trying to get a strongswan VPN set up so I can connect my iPhone<br>
> to my Ubuntu Lucid Lynx desktop, but I can't seem to get it<br>
> working and would appreciate any help anyone can give me.<br>
><br>
> I feel like I'm close, but networking is not one of my<br>
> strong suits, so the whole leftnexthop, rightprotoport<br>
> thing is pretty confusing to me.<br>
><br>
> I've been generally following the directions on these 3<br>
> pages:<br>
><br>
> <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/" target="_blank">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a><br>
> <a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html" target="_blank">https://lists.strongswan.org/pipermail/users/2009-March/003291.html</a><br>
> <a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html" target="_blank">http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html</a><br>
><br>
> Currently, I'm getting the following error:<br>
><br>
> cannot respond to IPsec SA request because no connection is known for<br>
> <a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32" target="_blank">53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32</a><br>
</div>> <<a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32" target="_blank">http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32</a>><br>
<div><div></div><div class="h5">><br>
> Here are the stats on what I'm running:<br>
><br>
> Ubuntu Desktop:<br>
> * Internal IP address is 192.168.1.10<br>
> * Running custom compiled version of strongswan-4.3.2 with<br>
> --enable-nat-transport option enabled<br>
> * Running xl2tpd<br>
> * Both were set up by following<br>
> <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/" target="_blank">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a><br>
> * Firewall was off while I was trying to get this working<br>
><br>
> Linksys E3000 router:<br>
> * Internal IP address is 192.168.1.1<br>
> * Comcast IP address is 53.74.66.108 (not my actual IP, but you get the<br>
> idea)<br>
> * NAT Enabled<br>
> * VPN Passthrough Enabled<br>
> * Ports 4500 and 1701 forwarded to 192.168.1.10<br>
><br>
> iPhone 3GS:<br>
> * I guess the IP for this device is 166.121.15.14? (Again, I changed it<br>
> in the log below)<br>
><br>
> Here is my ipsec.conf:<br>
><br>
> config setup<br>
> nat_traversal=yes<br>
> charonstart=yes<br>
> plutostart=yes<br>
><br>
> conn L2TP<br>
> authby=psk<br>
> pfs=no<br>
> rekey=no<br>
> type=tunnel<br>
> esp=aes128-sha1<br>
> ike=aes128-sha-modp1024<br>
> left=192.168.1.10<br>
> leftnexthop=%defaultroute<br>
> #leftprotoport=17/%any<br>
> leftprotoport=17/1701<br>
> right=%any<br>
> rightprotoport=17/%any<br>
</div></div>> #rightsubnetwithin=<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> <<a href="http://10.0.0.0/8" target="_blank">http://10.0.0.0/8</a>><br>
> auto=add<br>
><br>
><br>
======================================================================<br>
<font color="#888888">Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
</font></blockquote></div><br>