<div dir="ltr"><div class="gmail_extra"><div class="gmail_extra">Hello Noel,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I re-build test environment as below.</div><div class="gmail_extra"><br></div><div class="gmail_extra">IPsec and L2TP were establised, and ping was sucess in PPP.</div><div class="gmail_extra">Then I executed "ipsec statusall" and "swanctl -l" as below. It seems not to show client source port.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Could you please check my ipsec.conf ?</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">[test environment]</div><div class="gmail_extra">L2TP client(192.168.40.1) --- NAT-device(1.1.1.1) --- L2TP server(1.1.1.254)</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">L2TP server</div><div class="gmail_extra"><br></div><div class="gmail_extra">[ipsec.conf]</div><div class="gmail_extra">------------------------------------------------</div><div class="gmail_extra">conn L2TP-PSK-noNAT</div><div class="gmail_extra">        authby=secret</div><div class="gmail_extra">        auto=add</div><div class="gmail_extra">        keyingtries=3</div><div class="gmail_extra">        keyexchange=ikev1</div><div class="gmail_extra">        rekey=yes</div><div class="gmail_extra">        ike=3des-sha1-modp1024,aes128-sha1,aes256-sha1</div><div class="gmail_extra">        dpddelay=10</div><div class="gmail_extra">        dpdtimeout=90</div><div class="gmail_extra">        dpdaction=clear</div><div class="gmail_extra">        ikelifetime=8h</div><div class="gmail_extra">        keylife=1h</div><div class="gmail_extra">        type=transport</div><div class="gmail_extra">        leftprotoport=17/1701</div><div class="gmail_extra">        right=%any</div><div class="gmail_extra">        rightprotoport=17/%any</div><div class="gmail_extra"><br></div><div class="gmail_extra">conn L2TP-PSK-NAT-eth0-1.1.1.254</div><div class="gmail_extra">        left=1.1.1.254</div><div class="gmail_extra">        also=L2TP-PSK-noNAT</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">[ipsec.secrets]</div><div class="gmail_extra">------------------------------------------------</div><div class="gmail_extra">1.1.1.254 %any : PSK "password"</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">L2TP client</div><div class="gmail_extra"><br></div><div class="gmail_extra">[ipsec.conf]</div><div class="gmail_extra">------------------------------------------------</div><div class="gmail_extra">conn l2tpclient_common</div><div class="gmail_extra">        authby          = secret</div><div class="gmail_extra">        keyexchange     = ikev1</div><div class="gmail_extra">        rekey           = no</div><div class="gmail_extra">        keyingtries     = 3</div><div class="gmail_extra">        type            = transport</div><div class="gmail_extra">        right           = 1.1.1.254</div><div class="gmail_extra">        leftprotoport   = 17/%any</div><div class="gmail_extra">        rightprotoport  = 17/1701</div><div class="gmail_extra">        auto=add</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">conn l2tpclient_test001</div><div class="gmail_extra">        left            = 192.168.40.1</div><div class="gmail_extra">        also            = l2tpclient_common</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">[ipsec.secrets]</div><div class="gmail_extra">------------------------------------------------</div><div class="gmail_extra">: PSK "password"</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">[Result]</div><div class="gmail_extra">[TEST-SERVER] ~ # ipsec status</div><div class="gmail_extra">Security Associations (1 up, 0 connecting):</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254[15]: ESTABLISHED 18 seconds ago, 1.1.1.254[1.1.1.254]...1.1.1.1[192.168.40.1]</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254{24}:  INSTALLED, TRANSPORT, reqid 15, ESP in UDP SPIs: c8fb8615_i ce0463aa_o</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254{24}:   <a href="http://1.1.1.254/32[udp/l2f]">1.1.1.254/32[udp/l2f]</a> === <a href="http://1.1.1.1/32[udp]">1.1.1.1/32[udp]</a></div><div class="gmail_extra"><br></div><div class="gmail_extra">[TEST-SERVER] ~ # ipsec statusall</div><div class="gmail_extra">Status of IKE charon daemon (strongSwan 5.3.5, Linux 3.10.104, x86_64):</div><div class="gmail_extra">  uptime: 5 hours, since Jan 14 16:35:57 2018</div><div class="gmail_extra">  malloc: sbrk 1486848, mmap 0, used 426528, free 1060320</div><div class="gmail_extra">  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 36</div><div class="gmail_extra">  loaded plugins: charon aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-aka eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth lookip error-notify unity</div><div class="gmail_extra">Listening IP addresses:</div><div class="gmail_extra">  1.1.1.254</div><div class="gmail_extra">  10.0.0.1</div><div class="gmail_extra">  192.168.122.55</div><div class="gmail_extra">  10.0.0.1</div><div class="gmail_extra">Connections:</div><div class="gmail_extra">L2TP-PSK-noNAT:  %any...%any  IKEv1, dpddelay=10s</div><div class="gmail_extra">L2TP-PSK-noNAT:   local:  uses pre-shared key authentication</div><div class="gmail_extra">L2TP-PSK-noNAT:   remote: uses pre-shared key authentication</div><div class="gmail_extra">L2TP-PSK-noNAT:   child:  dynamic[udp/l2f] === dynamic[udp] TRANSPORT, dpdaction=clear</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254:  1.1.1.254...%any  IKEv1, dpddelay=10s</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254:   local:  [1.1.1.254] uses pre-shared key authentication</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254:   remote: uses pre-shared key authentication</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254:   child:  dynamic[udp/l2f] === dynamic[udp] TRANSPORT, dpdaction=clear</div><div class="gmail_extra">Security Associations (1 up, 0 connecting):</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254[15]: ESTABLISHED 26 seconds ago, 1.1.1.254[1.1.1.254]...1.1.1.1[192.168.40.1]</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254[15]: IKEv1 SPIs: 51f81eb78e516dd3_i a019b05746e13729_r*, pre-shared key reauthentication in 7 hours</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254[15]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254{24}:  INSTALLED, TRANSPORT, reqid 15, ESP in UDP SPIs: c8fb8615_i ce0463aa_o</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254{24}:  AES_CBC_128/HMAC_SHA1_96, 1139 bytes_i (23 pkts, 5s ago), 1070 bytes_o (24 pkts, 20s ago), rekeying in 41 minutes</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254{24}:   <a href="http://1.1.1.254/32[udp/l2f]">1.1.1.254/32[udp/l2f]</a> === <a href="http://1.1.1.1/32[udp]">1.1.1.1/32[udp]</a></div><div class="gmail_extra">[TEST-SERVER] ~ # ip xfrm policy</div><div class="gmail_extra">src <a href="http://1.1.1.1/32">1.1.1.1/32</a> dst <a href="http://1.1.1.254/32">1.1.1.254/32</a> proto udp dport 1701</div><div class="gmail_extra">        dir in priority 2816 ptype main</div><div class="gmail_extra">        tmpl src 0.0.0.0 dst 0.0.0.0</div><div class="gmail_extra">                proto esp reqid 15 mode transport</div><div class="gmail_extra">src <a href="http://1.1.1.254/32">1.1.1.254/32</a> dst <a href="http://1.1.1.1/32">1.1.1.1/32</a> proto udp sport 1701</div><div class="gmail_extra">        dir out priority 2816 ptype main</div><div class="gmail_extra">        tmpl src 0.0.0.0 dst 0.0.0.0</div><div class="gmail_extra">                proto esp reqid 15 mode transport</div><div class="gmail_extra">src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div class="gmail_extra">        socket in priority 0 ptype main</div><div class="gmail_extra">src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div class="gmail_extra">        socket out priority 0 ptype main</div><div class="gmail_extra">src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div class="gmail_extra">        socket in priority 0 ptype main</div><div class="gmail_extra">src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div class="gmail_extra">        socket out priority 0 ptype main</div><div class="gmail_extra">src ::/0 dst ::/0</div><div class="gmail_extra">        socket in priority 0 ptype main</div><div class="gmail_extra">src ::/0 dst ::/0</div><div class="gmail_extra">        socket out priority 0 ptype main</div><div class="gmail_extra">src ::/0 dst ::/0</div><div class="gmail_extra">        socket in priority 0 ptype main</div><div class="gmail_extra">src ::/0 dst ::/0</div><div class="gmail_extra">        socket out priority 0 ptype main</div><div class="gmail_extra">[TEST-SERVER] ~ # swanctl -l</div><div class="gmail_extra">L2TP-PSK-NAT-eth0-1.1.1.254: #15, ESTABLISHED, IKEv1, 51f81eb78e516dd3:a019b05746e13729</div><div class="gmail_extra">  local  '1.1.1.254' @ 1.1.1.254</div><div class="gmail_extra">  remote '192.168.40.1' @ 1.1.1.1</div><div class="gmail_extra">  AES_CBC-128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048</div><div class="gmail_extra">  established 141s ago, reauth in 27710s</div><div class="gmail_extra">  L2TP-PSK-NAT-eth0-1.1.1.254: #24, reqid 15, INSTALLED, TRANSPORT-in-UDP, ESP:AES_CBC-128/HMAC_SHA1_96</div><div class="gmail_extra">    installed 141s ago, rekeying in 2396s, expires in 3459s</div><div class="gmail_extra">    in  c8fb8615,   1651 bytes,    43 packets,     0s ago</div><div class="gmail_extra">    out ce0463aa,   1582 bytes,    44 packets,    18s ago</div><div class="gmail_extra">    local  <a href="http://1.1.1.254/32[udp/l2f]">1.1.1.254/32[udp/l2f]</a></div><div class="gmail_extra">    remote <a href="http://1.1.1.1/32[udp]">1.1.1.1/32[udp]</a></div><div class="gmail_extra">[TEST-SERVER] ~ #</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Regards,</div><div class="gmail_extra">---</div><div class="gmail_extra">takumi kadode</div></div></div>