<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=koi8-r"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"๓ิมฮฤมาิฮูส HTML ๚ฮมห";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"๔ลหำิ ืูฮฯำหษ ๚ฮมห";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.HTML
{mso-style-name:"๓ิมฮฤมาิฮูส HTML ๚ฮมห";
mso-style-priority:99;
mso-style-link:"๓ิมฮฤมาิฮูส HTML";
font-family:"Consolas","serif";}
p.ecxmsonormal, li.ecxmsonormal, div.ecxmsonormal
{mso-style-name:ecxmsonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.ecxmsochpdefault, li.ecxmsochpdefault, div.ecxmsochpdefault
{mso-style-name:ecxmsochpdefault;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.ecxmsohyperlink
{mso-style-name:ecxmsohyperlink;}
span.ecxmsohyperlinkfollowed
{mso-style-name:ecxmsohyperlinkfollowed;}
span.ecxemailstyle17
{mso-style-name:ecxemailstyle17;}
span.ecxhtml
{mso-style-name:ecxhtml;}
p.ecxmsonormal1, li.ecxmsonormal1, div.ecxmsonormal1
{mso-style-name:ecxmsonormal1;
mso-margin-top-alt:auto;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.ecxmsohyperlink1
{mso-style-name:ecxmsohyperlink1;
color:blue;
text-decoration:underline;}
span.ecxmsohyperlinkfollowed1
{mso-style-name:ecxmsohyperlinkfollowed1;
color:purple;
text-decoration:underline;}
span.ecxemailstyle171
{mso-style-name:ecxemailstyle171;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.ecxhtml1
{mso-style-name:ecxhtml1;
font-family:"Courier New";}
p.ecxmsochpdefault1, li.ecxmsochpdefault1, div.ecxmsochpdefault1
{mso-style-name:ecxmsochpdefault1;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle32
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.a
{mso-style-name:"๔ลหำิ ืูฮฯำหษ ๚ฮมห";
mso-style-priority:99;
mso-style-link:"๔ลหำิ ืูฮฯำหษ";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1514764206;
mso-list-type:hybrid;
mso-list-template-ids:1725871986 299120590 68747267 68747269 68747265 68747267 68747269 68747265 68747267 68747269;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1882478888;
mso-list-type:hybrid;
mso-list-template-ids:1078883258 -1027545392 68747267 68747269 68747265 68747267 68747269 68747265 68747267 68747269;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:2052800226;
mso-list-type:hybrid;
mso-list-template-ids:1648109842 1845758086 68747267 68747269 68747265 68747267 68747269 68747265 68747267 68747269;}
@list l2:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F06E;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=RU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’ve tried latest releas. Now tunnel established successfully, but it doesn’t see packets from client. Client is behind the NAT and port 4500 is used for ESP transmission.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Tcpdump:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.127358 IP 93.xx.xx.230.500 > 192.168.1.110.500: isakmp: phase 1 I ident<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.141948 IP 192.168.1.110.500 > 93.xx.xx.230.500: isakmp: phase 1 R ident<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.197018 IP 93.xx.xx.230.500 > 192.168.1.110.500: isakmp: phase 1 I ident<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.216222 IP 192.168.1.110.500 > 93.xx.xx.230.500: isakmp: phase 1 R ident<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.238740 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: NONESP-encap: isakmp: phase 1 I ident[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.249776 IP 192.168.1.110.4500 > 93.xx.xx.230.4500: NONESP-encap: isakmp: phase 1 R ident[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.255562 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.262995 IP 192.168.1.110.4500 > 93.xx.xx.230.4500: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.266846 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:41.269434 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: UDP-encap: ESP(spi=0xc3a80153,seq=0x1), length 164<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:42.275561 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: UDP-encap: ESP(spi=0xc3a80153,seq=0x2), length 164<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:44.288046 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: UDP-encap: ESP(spi=0xc3a80153,seq=0x3), length 164<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:48.299741 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: UDP-encap: ESP(spi=0xc3a80153,seq=0x4), length 164<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:56.300409 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: UDP-encap: ESP(spi=0xc3a80153,seq=0x5), length 164<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:59.138430 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: NONESP-encap: isakmp: phase 2/others I inf[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>18:22:59.138445 IP 93.xx.xx.230.4500 > 192.168.1.110.4500: NONESP-encap: isakmp: phase 2/others I inf[E]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>From 18:22:41.269434 to 18:22:56.300409 there is nothing in the log, even with loglevel = 4.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Log:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>05[IKE] IKE_SA c1[3] established between 192.168.1.110[C=RU, ST=Moscow, O=Company, CN=User test1]...93.xx.xx.230[C=RU, ST=Moscow, O=Company, CN=User test1]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>05[IKE] sending end entity cert "C=RU, ST=Moscow, O=Company, CN=User test1"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>05[ENC] generating ID_PROT response 0 [ ID CERT SIG ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>05[NET] sending packet: from 192.168.1.110[4500] to 93.xx.xx.230[4500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>04[NET] received packet: from 93.xx.xx.230[4500] to 192.168.1.110[4500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>04[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>04[IKE] received 3600s lifetime, configured 0s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>04[IKE] received 250000000 lifebytes, configured 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>04[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>04[NET] sending packet: from 192.168.1.110[4500] to 93.xx.xx.230[4500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>15[NET] received packet: from 93.xx.xx.230[4500] to 192.168.1.110[4500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>15[ENC] parsed QUICK_MODE request 1 [ HASH ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>15[IKE] CHILD_SA c3{3} established with SPIs c314f6a0_i 3b0a3bcc_o and TS 89.yy.yy.50/32[udp/l2f] === 93.xx.xx.230/32[udp/l2f]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>--- At this moment there are udp-esp packets to 4500 in tcpdump, but nothing in log.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>--- At this moment I’ve pressed “Cancel” on client;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[NET] received packet: from 93.xx.xx.230[4500] to 192.168.1.110[4500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[ENC] parsed INFORMATIONAL_V1 request 3608576823 [ HASH D ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[IKE] received DELETE for ESP CHILD_SA with SPI 3b0a3bcc<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[IKE] closing CHILD_SA c3{3} with SPIs c314f6a0_i (224 bytes) 3b0a3bcc_o (0 bytes) and TS 89.yy.yy.50/32[udp/l2f] === 93.xx.xx.230/32[udp/l2f]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[NET] received packet: from 93.xx.xx.230[4500] to 192.168.1.110[4500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[ENC] parsed INFORMATIONAL_V1 request 1319403265 [ HASH D ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[IKE] received DELETE for IKE_SA c1[3]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>14[IKE] deleting IKE_SA c1[3] between 192.168.1.110[C=RU, ST=Moscow, O=Company, CN=User test1]...93.xx.xx.230[C=RU, ST=Moscow, O=Company, CN=User test1]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Connections scheme:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>[Client, 192.168.1.38] – [NAT Router, 93.xx.xx.230] -- … internet … -- [NAT router, 89.yy.yy.50; 4500, 500, 1701 are forwarded to 192.168.1.110] – [ipsec server, 192.168.1.110]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ipsec.conf:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>conn %default<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> leftauth=pubkey<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> rightauth=pubkey<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> rekey=no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> leftcert=/usr/local/etc/ipsec.d/certs/gateway.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> rightca=%same<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>conn common<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> type=transport<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> keyexchange=ikev1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> auto=add<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> rightprotoport=17/%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> leftprotoport=17/1701<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> right=%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>conn c3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> leftsubnet=89.xx.xx.50/32<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> left=192.168.1.110<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> leftfirewall=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> also=common<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Artem Popov.<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> John Mara [mailto:jaymara22@hotmail.com] <br><b>Sent:</b> Wednesday, July 11</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>, 2012 3:59 AM<br><b>To:</b> web.tyoma@gmail.com; users@lists.strongswan.org<br><b>Subject:</b> RE: [strongSwan] Windows 7 client problem<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Hi<br><br>Paste you options.xl2tpd conf here and also let me know whether you are using chap or chap v2<o:p></o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><hr size=2 width="100%" align=center></span></div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From: </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a href="mailto:web.tyoma@gmail.com"><span lang=EN-US>web.tyoma@gmail.com</span></a></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>To: </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a href="mailto:Users@lists.strongswan.org"><span lang=EN-US>Users@lists.strongswan.org</span></a></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>Date: Wed, 11 Jul 2012 00:21:15 +0400<br>Subject: [strongSwan] Windows 7 client problem<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Hi,</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>I’m trying to setup linux ipsec\l2tp server.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>When Win7 client connects to server I have error in log:</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>vpn pluto[]: "doublenat"[4] IP:54189 #6: NAT-Traversal: received 2 NAT-OA. using first, ignoring others</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>vpn pluto[]: "doublenat"[4] IP:54189 #6: responding to Quick Mode</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>vpn pluto[]: "doublenat"[4] IP:54189 #5: ignoring informational payload, type INVALID_HASH_INFORMATION</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>vpn pluto[]: "doublenat"[4] IP:54189 #5: received Delete SA payload: deleting ISAKMP State #5</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Same error appears with PSK and RSA auth.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Win7 client shows “error 789” immediately after Connect button pressed. </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Server is behind the NAT, ports 4500, 500 and 1701 are forwarded. I’ve tried clients with public IP and behind NAT with same result.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Is it a bug #108, or I misconfigured something? Is there working example where client and server are both NATed?</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>My ipsec.conf: <a href="http://paste.org.ru/?p6y9js" target="_blank">http://paste.org.ru/?p6y9js</a></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Best regards,</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Artem Popov.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>_______________________________________________ Users mailing list </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a href="mailto:Users@lists.strongswan.org"><span lang=EN-US>Users@lists.strongswan.org</span></a></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a href="https://lists.strongswan.org/mailman/listinfo/users"><span lang=EN-US>https://lists.strongswan.org/mailman/listinfo/users</span></a></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <span lang=EN-US><o:p></o:p></span></span></p></div></div></body></html>