<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
hi,<br>
<br>
is there still no solution for this?<br>
<br>
i ran into the same situation like Uli getting the<br>
"<tt>cannot respond to IPsec SA request because no connection is
known"</tt><br>
error.<br>
<br>
i want the following setup:<br>
<br>
iPad <-- NOT NATed --> internet <-- DSL router -->
strongswan (NATed)<br>
<br>
so just the strongswan server's side is NATed<br>
<br>
i recompiled strongswan (on debian) with NAT-T patch enabled and
auth.log <br>
tells: <tt>"including NAT-Traversal patch (Version 0.6c)"</tt><br>
<br>
ipsec.conf:<br>
<tt>config setup<br>
nat_traversal=yes<br>
charonstart=yes<br>
plutostart=yes</tt><br>
<tt>conn ipads<br>
authby=psk<br>
pfs=no<br>
rekey=no<br>
type=tunnel<br>
forceencaps=yes<br>
esp=aes128-sha1<br>
ike=aes128-sha-modp1024<br>
left=%defaultroute<br>
leftprotoport=17/1701<br>
right=%any<br>
rightprotoport=17/%any<br>
rightsubnetwithin=0.0.0.0/0<br>
auto=add</tt><br>
<br>
ipsec.secrets:<br>
192.168.0.251 %any : PSK "xxxxxxxxxx"<br>
<br>
auth.log:<tt><br>
Mar 29 16:39:45 vpn pluto[28437]: loaded PSK secret for
192.168.0.251 %any<br>
Mar 29 16:39:45 vpn ipsec_starter[28436]: charon (28444) started
after 40 ms<br>
Mar 29 16:39:45 vpn pluto[28437]: added connection description
"ipads"<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
received Vendor ID payload [RFC 3947]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<br>
Mar 29 16:39:51 vpn pluto[28437]: packet from 2.206.202.168:500:
received Vendor ID payload [Dead Peer Detection]<br>
Mar 29 16:39:51 vpn pluto[28437]: "ipads"[1] 2.206.202.168 #1:
responding to Main Mode from unknown peer 2.206.202.168<br>
Mar 29 16:39:51 vpn pluto[28437]: "ipads"[1] 2.206.202.168 #1:
NAT-Traversal: Result using RFC 3947: i am NATed<br>
Mar 29 16:39:51 vpn pluto[28437]: "ipads"[1] 2.206.202.168 #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT<br>
Mar 29 16:39:51 vpn pluto[28437]: "ipads"[1] 2.206.202.168 #1:
Peer ID is ID_IPV4_ADDR: '2.206.202.168'<br>
Mar 29 16:39:51 vpn pluto[28437]: | NAT-T: new mapping
2.206.202.168:500/4500)<br>
Mar 29 16:39:51 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sent MR3, ISAKMP SA established<br>
Mar 29 16:39:53 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: cannot respond to IPsec SA request because no connection is
known for
188.101.67.77/32===192.168.0.251:4500[192.168.0.251]:17/1701...2.206.202.168:4500[2.206.202.168]:17/%any<br>
Mar 29 16:39:53 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_ID_INFORMATION to
2.206.202.168:4500<br>
Mar 29 16:39:55 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:39:55 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:39:58 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:39:58 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:01 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:01 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:04 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:04 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:07 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:07 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:10 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:10 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:13 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:13 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:16 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:16 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:19 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xcf9299e3 (perhaps this is a
duplicated packet)<br>
Mar 29 16:40:19 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: sending encrypted notification INVALID_MESSAGE_ID to
2.206.202.168:4500<br>
Mar 29 16:40:23 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500
#1: received Delete SA payload: deleting ISAKMP State #1<br>
Mar 29 16:40:23 vpn pluto[28437]: "ipads"[1] 2.206.202.168:4500:
deleting connection "ipads" instance with peer 2.206.202.168
{isakmp=#0/ipsec=#0}<br>
Mar 29 16:40:23 vpn pluto[28437]: ERROR: asynchronous network
error report on eth0 for message to 2.206.202.168 port 4500,
complainant 2.206.202.168: Connection refused [errno 111, origin
ICMP type 3 code 3 (not authenticated)]</tt><br>
<br>
any ideas?<br>
<br>
regards<br>
<br>
Am 08.02.2011 20:51, schrieb Uli Joergens:
<blockquote
cite="mid:00a501cbc7c9$89b49be0$9d1dd3a0$@joergens@orange.fr"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);">Hello, I’m back again...<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">I recompiled strongswan with that
option and I set up the configuration according to that
guide. NAT traversal seems to be O.K. (as it was actually
with the SuSe strongswan package).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Unfortunately it still throws the
same error message: “cannot respond to IPsec SA request
because no connection is known for
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.15:33096[10.114.236.80]:17/%any==={10.114.236.80/32}“<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">I don’t quite understand what Pluto
is trying to do there and what information is missing for
finding the connection. It looks like it already found the
connection “L2TP”.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Any ideas what’s going wrong there?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Here the logfile again:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:15 webfrontend
ipsec_starter[28321]: Starting strongSwan 4.5.0 IPsec
[starter]...<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: Starting IKEv1 pluto daemon (strongSwan 4.5.0)
THREADS VENDORID<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: listening on interfaces:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: eth0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: 192.168.1.250<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: fe80::20c:29ff:fe60:14ef<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
ipsec_starter[28329]: pluto (28330) started after 20 ms<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loaded plugins: aes des sha1 sha2 md5 random
x509 pkcs1 pgp dnskey pem gmp hmac xauth attr kernel-netlink
resolve <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: including NAT-Traversal patch (Version 0.6c)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.0)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] listening on interfaces:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] eth0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] 192.168.1.250<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[KNL] fe80::20c:29ff:fe60:14ef<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loaded IKE secret for 192.168.1.250 %any<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[CFG] loaded IKE secret for 192.168.1.250 193.247.250.19<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[DMN] loaded plugins: aes des sha1 sha2 md5 random x509
revocation pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr
kernel-netlink resolve socket-raw stroke updown <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
00[JOB] spawning 16 worker threads<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
ipsec_starter[28329]: charon (28331) started after 60 ms<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
06[CFG] received stroke: add connection 'L2TP'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend charon:
06[CFG] added configuration 'L2TP'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading ocsp certificates from
'/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: Changing to directory
'/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: spawning 4 worker threads<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: listening for IKE messages<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface eth0/eth0 192.168.1.250:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface eth0/eth0 192.168.1.250:4500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.2:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.2:4500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.1:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo 127.0.0.1:4500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: adding interface lo/lo ::1:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loading secrets from
"/usr/local/etc/ipsec.secrets"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loaded PSK secret for 192.168.1.250 %any <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: loaded PSK secret for 192.168.1.250
193.247.250.19 <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:16 webfrontend
pluto[28330]: added connection description "L2TP"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: received
Vendor ID payload [RFC 3947]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [9909b64eed937c6573de52ace952fa6b]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: ignoring
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: packet from 193.247.250.15:141: received
Vendor ID payload [Dead Peer Detection]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:27 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1: responding to
Main Mode from unknown peer 193.247.250.15:141<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1:
NAT-Traversal: Result using RFC 3947: both are NATed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[1] 193.247.250.15:141 #1: Peer ID is
ID_IPV4_ADDR: '10.114.236.80'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:141 #1: deleting
connection "L2TP" instance with peer 193.247.250.15
{isakmp=#0/ipsec=#0}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: | NAT-T: new mapping 193.247.250.15:141/33096)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:28 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1: sent MR3,
ISAKMP SA established<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:30 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1: cannot
respond to IPsec SA request because no connection is known
for
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.15:33096[10.114.236.80]:17/%any==={10.114.236.80/32}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:30 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1: sending
encrypted notification INVALID_ID_INFORMATION to
193.247.250.15:33096<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:33 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1: Quick Mode
I1 message is unacceptable because it uses a previously used
Message ID 0x6f7badea (perhaps this is a duplicated packet)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US">Feb 8 20:21:33 webfrontend
pluto[28330]: "L2TP"[2] 193.247.250.15:33096 #1: sending
encrypted notification INVALID_MESSAGE_ID to
193.247.250.15:33096<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31,
73, 125);" lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border-right: medium none; border-width: 1pt
medium medium; border-style: solid none none; border-color:
rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color;
padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span style="font-size: 10pt;
font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;" lang="EN-US"> Martin Lambev
[<a class="moz-txt-link-freetext" href="mailto:fsh3mve@gmail.com">mailto:fsh3mve@gmail.com</a>] <br>
<b>Sent:</b> Montag, 7. Februar 2011 16:28<br>
<b>To:</b> Uli Joergens<br>
<b>Subject:</b> Re: [strongSwan] IPAD via NATed firewall
doesn't work<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There is really good copy/paste guide for
Strongswan & Iphone,Ipd,Mac <a moz-do-not-send="true"
href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">here
,</a> <br>
you need to build strongswan form source with --<em>enable-nat-transport
</em>, otherwise will not work.<br>
Here is a <a moz-do-not-send="true"
href="http://blog.windfluechter.net/archives/916-StrongSwan-and-L2TPIPsec-on-Debian.html">note</a>
that you need to know for security issue enabling that
feature.<br>
<br>
And you do not need dyndns for your Ipad it will work without
one, only to your router is enough.<br>
Bt in case anytime need it is has dyndns client for
Ipad,Iphone form apple store.<br>
<br>
However I did not try neither of these because i do net have
Idevice.<br>
<br>
Best regards,<br>
Martin <br>
<br>
On 02/07/2011 03:15 PM, Uli Joergens wrote: <o:p></o:p></p>
<div>
<p class="MsoNormal">Hi Martin<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks a lot for your suggestions. I'll
give the internet café a try, just to make sure it's not
sunrise causing problems with their NAT.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">I don't think the Ipad supports dyndns
otherwise I would try that as well. I'll have a look.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regards<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Uli<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;"><br>
On 07.02.2011, at 00:51, Martin Lambew <<a
moz-do-not-send="true" href="mailto:fsh3mve@gmail.com">fsh3mve@gmail.com</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
<div>
<p style="margin-bottom: 12pt;">Hi Uil, <br>
<br>
Did you try to connect to your ipsec tunnel from the
internet but not over the 3G but for exaple from internet
coffee etc.? <br>
<br>
I assume that your <a moz-do-not-send="true"
href="http://mydomain.dyndns.org">mydomain.dyndns.org</a>
is for your DR-855 Internet GW? If that is true why do not
try fallowing setup: <br>
IPad<>ipad.dyndns.org<>mydomain.dyndns.org<>dr-855....
etc.. <br>
<br>
conn L2TP <br>
left=mydomain.dyndns.org <br>
leftnexthop=%defaultroute <br>
leftsubnet=192.168.1.250/255.255.255.0 <br>
leftfirewall=yes <br>
#lefthostaccess=yes <br>
right=ipad.dyndns.org <br>
rightsubnet=%Any <br>
rightnexthop=%defaultroute <br>
..... <br>
Regards, <br>
<br>
Martin <br>
<br>
<span style="color: rgb(153, 153, 153);">-- </span><br>
<span style="color: rgb(153, 153, 153);">Sent from mobile
location</span> <br>
<br>
----- Original message ----- <br>
> Hello Andreas <br>
> <br>
> Thanks for the rapid response! <br>
> 86.194.205.27 is the public IP-address (dynamic) of
my internet gateway. <br>
> The dyndns entry points to that address. <br>
> I guess that's where it all goes wrong but I can't
really see how to <br>
> configure that with strongswan. I tried to put that
address into the <br>
> right-parameter (plus the ipsec secrets) as well, but
it doesn't change <br>
> anything. The Ipad is NATed (Sunrise) as well as my
internet access. <br>
> Is it actually feasible that way? <br>
> <br>
> Regards <br>
> Uli <br>
> <br>
> -----Original Message----- <br>
> From: Andreas Steffen [<a moz-do-not-send="true"
href="mailto:andreas.steffen@strongswan.org">mailto:andreas.steffen@strongswan.org</a>]
<br>
> Sent: Sonntag, 6. Februar 2011 19:13 <br>
> To: Uli Joergens <br>
> Cc: <a moz-do-not-send="true"
href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a>
<br>
> Subject: Re: [strongSwan] IPAD via NATed firewall
doesn't work <br>
> <br>
> Hello Uli, <br>
> <br>
> why does the peer want to access 86.194.205.27/32 <br>
> behind strongSwan gateway 192.168.1.250? <br>
> <br>
> Regards <br>
> <br>
> Andreas <br>
> <br>
> On 06.02.2011 18:50, Uli Joergens wrote: <br>
> > Hello <br>
> > <br>
> > <br>
> > <br>
> > I'm trying to configure strongswan for accessing
my home network with <br>
> > my Ipad. <br>
> > <br>
> > I do manage to build up the vpn tunnel within
the WLAN with the <br>
> > ipsec.conf below. <br>
> > <br>
> > <br>
> > <br>
> > # ipsec.conf - strongSwan IPsec configuration
file <br>
> > <br>
> > <br>
> > <br>
> > # basic configuration <br>
> > <br>
> > <br>
> > <br>
> > config setup <br>
> > <br>
> > nat_traversal=yes <br>
> > <br>
> > charonstart=no <br>
> > <br>
> > plutostart=yes <br>
> > <br>
> > conn L2TP <br>
> > <br>
> > authby=psk <br>
> > <br>
> > keyexchange=ikev1 <br>
> > <br>
> > pfs=no <br>
> > <br>
> > rekey=no <br>
> > <br>
> > type=tunnel <br>
> > <br>
> > esp=aes128-sha1 <br>
> > <br>
> > ike=aes128-sha-modp1024 <br>
> > <br>
> > left=192.168.1.250 <br>
> > <br>
> > leftprotoport=17/1701 <br>
> > <br>
> > right=%any <br>
> > <br>
> > rightprotoport=17/%any <br>
> > <br>
> > rightsubnetwithin=0.0.0.0/0 <br>
> > <br>
> > auto=add <br>
> > <br>
> > <br>
> > <br>
> > As soon as I try to access through the internet
(dynamic IP-address via <br>
> > dyndns), I get the following error message ":
cannot respond to IPsec <br>
> > SA request because no connection is known for"
(see log below): <br>
> > <br>
> > <br>
> > <br>
> > Feb 6 18:45:43 webfrontend pluto[26687]:
"L2TP"[6] 193.247.250.41:397 <br>
> > #5: responding to Main Mode from unknown peer
193.247.250.41:397 <br>
> > <br>
> > Feb 6 18:45:44 webfrontend pluto[26687]:
"L2TP"[6] 193.247.250.41:397 <br>
> > #5: NAT-Traversal: Result using RFC 3947: both
are NATed <br>
> > <br>
> > Feb 6 18:45:44 webfrontend pluto[26687]:
"L2TP"[6] 193.247.250.41:397 <br>
> > #5: ignoring informational payload, type
IPSEC_INITIAL_CONTACT <br>
> > <br>
> > Feb 6 18:45:44 webfrontend pluto[26687]:
"L2TP"[6] 193.247.250.41:397 <br>
> > #5: Peer ID is ID_IPV4_ADDR: '10.165.74.84' <br>
> > <br>
> > Feb 6 18:45:44 webfrontend pluto[26687]:
"L2TP"[7] 193.247.250.41:397 <br>
> > #5: deleting connection "L2TP" instance with
peer 193.247.250.41 <br>
> > {isakmp=#0/ipsec=#0} <br>
> > <br>
> > Feb 6 18:45:44 webfrontend pluto[26687]: |
NAT-T: new mapping <br>
> > 193.247.250.41:397/18954) <br>
> > <br>
> > Feb 6 18:45:44 webfrontend pluto[26687]:
"L2TP"[7] <br>
> > 193.247.250.41:18954 #5: sent MR3, ISAKMP SA
established <br>
> > <br>
> > Feb 6 18:45:45 webfrontend pluto[26687]:
"L2TP"[7] <br>
> > 193.247.250.41:18954 #5: cannot respond to IPsec
SA request because no <br>
> > connection is known for <br>
> > <br>
>
86.194.205.27/32===192.168.1.250:4500[192.168.1.250]:17/1701...193.247.250.4<br>
> 1:18954[10.165.74.84]:17/%any==={10.165.74.84/32} <br>
> > <br>
> > Feb 6 18:45:45 webfrontend pluto[26687]:
"L2TP"[7] <br>
> > 193.247.250.41:18954 #5: sending encrypted
notification <br>
> > INVALID_ID_INFORMATION to 193.247.250.41:18954 <br>
> > <br>
> > Feb 6 18:45:48 webfrontend pluto[26687]:
"L2TP"[7] <br>
> > 193.247.250.41:18954 #5: Quick Mode I1 message
is unacceptable because <br>
> > it uses a previously used Message ID 0x1e7f53a7
(perhaps this is a <br>
> > duplicated packet) <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > My config looks the following: <br>
> > <br>
> > <br>
> > <br>
> > Ipad -> 3G -> <a moz-do-not-send="true"
href="http://MyDomain.dyndns.org">MyDomain.dyndns.org</a>
-> DIR-855 internet gateway <br>
> > (192.168.1.1) -> VPN-gateway (192.168.1.250)
-> LAN / WLAN 192.168.1.0 <br>
> > <br>
> > <br>
> > <br>
> > I tried all sorts of combinations including the
NATed Ipad address as <br>
> > parameter "right" (as well as the parameters
rightsubnet, <br>
> > rightsubnetwithin) but it doesn't change
anything. I presume I got <br>
> > something fundamentally wrong. <br>
> > <br>
> > Did anybody manage to get VPN up and running in
a similar <br>
> > configuration? <br>
> > <br>
> > <br>
> > <br>
> > Regards <br>
> > <br>
> > Uli <br>
> <br>
>
======================================================================
<br>
> Andreas Steffen
<a moz-do-not-send="true"
href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>
<br>
> strongSwan - the Linux VPN Solution!
<a moz-do-not-send="true"
href="http://www.strongswan.org">www.strongswan.org</a>
<br>
> Institute for Internet Technologies and Applications
<br>
> University of Applied Sciences Rapperswil <br>
> CH-8640 Rapperswil (Switzerland) <br>
>
===========================================================[ITA-HSR]==
<br>
> <br>
> <br>
> _______________________________________________ <br>
> Users mailing list <br>
> <a moz-do-not-send="true"
href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<br>
> <a moz-do-not-send="true"
href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a>
<o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
</body>
</html>