<div dir="ltr">Rajiv,<div> Thank you for your help.</div><div><br></div><div>There were a couple of issues.</div><div>1.) Don't use the Fedora Package. It is missing several critical components such as ipsec. The logging output was also different.</div><div>2.) The ultimate problem was with the PSK.</div><div>I know have xl2tpd/Strongswan up and running.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 27, 2015 at 12:05 PM, Rajiv Kulkarni <span dir="ltr"><<a href="mailto:rajivkulkarni69@gmail.com" target="_blank">rajivkulkarni69@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>why dont you try the below sample configs please:<br><br></div>On L2TP-Server<br>===============<br># /etc/ipsec.conf - strongSwan IPsec configuration file<br><br>config setup<br> strictcrlpolicy=no<br> crlcheckinterval=180<br><br>conn %default<br> ikelifetime=30m<br> keylife=15m<br> rekeymargin=3m<br> keyingtries=1<br> mobike=no<br> dpdaction=clear<br> dpddelay=30<br> dpdtimeout=120<br><br>conn mainconn<br> left=2.2.2.2<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/1701<br> authby=secret<br> type=transport<br> keyexchange=ikev1<br> auto=add<br><br># /etc/ipsec.secrets - strongSwan IPsec secrets file<br>: PSK "123456"<br><br></div>On the L2TP-Client<br>===================<br># /etc/ipsec.conf - strongSwan IPsec configuration file<br><br>config setup<br> strictcrlpolicy=no<br> <br>conn %default<br> ikelifetime=30m<br> keylife=15m<br> rekeymargin=3m<br> keyingtries=1<br> mobike=no<br> dpdaction=restart<br> dpddelay=30<br> dpdtimeout=120<br> <br>conn topeergwconnection<br> left=1.1.1.2<br> leftprotoport=17/1701<br> right=2.2.2.2<br> rightprotoport=17/1701<br> authby=secret<br> type=transport<br> keyexchange=ikev1<br> auto=route<br><br># /etc/ipsec.secrets - strongSwan IPsec secrets file<br>: PSK "123456"<br><br>=======================================<br><br></div><div>There is NO leftsubnet, on either server or the client, to be mentioned as its a transport mode tunnel (using udp/1701, the l2tp port, as the selector)<br><br></div>thanks & regards<br></div>Rajiv<br><br><div><div><br><br><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Mon, Apr 27, 2015 at 10:51 PM, Randy Wyatt <span dir="ltr"><<a href="mailto:rwwyatt01@gmail.com" target="_blank">rwwyatt01@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">I am trying to setup a roadwarrior L2TP server using strongswan as the ipsec layer.<div><br></div><div>I keep running into the following error message in the logs:</div><div><br clear="all"><div><div>pr 27 13:15:59 Saturn charon: 11[NET] received packet: from client1[12117</div><div>] to server1[500] (408 bytes)</div><div>Apr 27 13:15:59 Saturn charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]</div><div>Apr 27 13:15:59 Saturn charon: 11[IKE] no IKE config found for server1...client1, sending NO_PROPOSAL_CHOSEN</div></div><div><br></div><div>The configuration in ipsec is as follows:</div><div><div>[root@Saturn log]# cat /etc/ipsec.conf</div><div>config setup</div><div> cachecrls=yes</div><div> strictcrlpolicy=yes</div><div> charondebug="ike 2, knl 3, cfg 2"</div><div><br></div><div>conn %default</div><div> keyingtries=1</div><div> keyexchange=ike</div><div><br></div><div>conn roadwarrior</div><div> type=transport</div><div> authby=secret</div><div> pfs=yes</div><div> rekey=no</div><div> left=server1</div><div> leftsubnet=<a href="http://172.17.1.0/24" target="_blank">172.17.1.0/24</a></div><div> leftprotoport=1701</div><div> right=%any</div><div> rightprotoport=1701</div><div> auto=add</div></div><div><br></div><div><div> cat /etc/ipsec.secrets</div><div>server1 %any : PSK "mypsk"</div></div><div><br></div><div><br></div><div>Any ideas on What I am doing wrong?</div><div><br></div><div>Regards,</div><div>Randy</div><span><font color="#888888">-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Randy W. Wyatt</div><div><a href="mailto:rwwyatt01@gmail.com" target="_blank">rwwyatt01@gmail.com</a></div><div>Home: <a href="tel:858-309-5303" value="+18583095303" target="_blank">858-309-5303</a></div><div>Cell: <a href="tel:858-598-4421" value="+18585984421" target="_blank">858-598-4421</a></div><div>Fax: <a href="tel:858-408-7554" value="+18584087554" target="_blank">858-408-7554</a><table style="background-color:rgb(242,245,247)" align="center" border="0" cellpadding="4" cellspacing="0" width="93%"><tbody><tr><td style="width:169px;line-height:155%" valign="top"><font style="font-size:11px;margin-top:4px" valign="top" color="#000000" face="Verdana, Arial"><b></b></font></td><td valign="top"><span style="color:rgb(0,51,102);font-size:18px;font-weight:bold"><font color="#1155cc"><br></font></span></td></tr></tbody></table></div></div></div></div></div></div></div>
</font></span></div></div>
<br></div></div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Randy W. Wyatt</div><div><a href="mailto:rwwyatt01@gmail.com" target="_blank">rwwyatt01@gmail.com</a></div><div>Home: 858-309-5303</div><div>Cell: 858-598-4421</div><div>Fax: 858-408-7554<table width="93%" align="center" style="background-color:rgb(242,245,247)" border="0" cellspacing="0" cellpadding="4"><tbody><tr><td valign="top" style="width:169px;line-height:155%"><font color="#000000" face="Verdana, Arial" style="font-size:11px;margin-top:4px" valign="top"><b></b></font></td><td valign="top"><span style="color:rgb(0,51,102);font-size:18px;font-weight:bold"><font color="#1155cc"><br></font></span></td></tr></tbody></table></div></div></div></div></div></div></div>
</div>