<div dir="ltr">Thank you Noel! I made some progress, but the Mac client is still not connecting. Here is the log file on the StrongSwan server:<div><div><br></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><div>Mar 24 18:34:06 alpha charon: 08[NET] received packet: from 192.168.5.69[500] to 192.168.5.11[500] (788 bytes)</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received NAT-T (RFC 3947) vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received FRAGMENTATION vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] received DPD vendor ID</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[IKE] 192.168.5.69 is initiating a Main Mode IKE_SA</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[ENC] generating ID_PROT response 0 [ SA V V V V ]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 08[NET] sending packet: from 192.168.5.11[500] to 192.168.5.69[500] (160 bytes)</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 09[NET] received packet: from 192.168.5.69[500] to 192.168.5.11[500] (228 bytes)</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 09[IKE] remote host is behind NAT</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 09[NET] sending packet: from 192.168.5.11[500] to 192.168.5.69[500] (244 bytes)</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[NET] received packet: from 192.168.5.69[4500] to 192.168.5.11[4500] (108 bytes)</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[CFG] looking for pre-shared key peer configs matching 192.168.5.11...192.168.5.69[192.168.1.8]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[CFG] selected peer config "L2TP"</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[IKE] IKE_SA L2TP[1] established between 192.168.5.11[CN=<a href="http://acme.com">acme.com</a>, C=US, O=Acme Technologies Inc, OU=Network Technologies]...192.168.5.69[192.168.1.8]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[IKE] scheduling reauthentication in 2670s</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[IKE] maximum IKE_SA lifetime 3210s</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[ENC] generating ID_PROT response 0 [ ID HASH ]</div></div></div><div><div><div>Mar 24 18:34:06 alpha charon: 10[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (172 bytes)</div></div></div><div><div><div>Mar 24 18:34:10 alpha charon: 12[NET] received packet: from 192.168.5.69[4500] to 192.168.5.11[4500] (108 bytes)</div></div></div><div><div><div>Mar 24 18:34:10 alpha charon: 12[IKE] received retransmit of request with ID 0, retransmitting response</div></div></div><div><div><div>Mar 24 18:34:10 alpha charon: 12[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (172 bytes)</div></div></div><div><div><div>Mar 24 18:34:13 alpha charon: 13[NET] received packet: from 192.168.5.69[4500] to 192.168.5.11[4500] (108 bytes)</div></div></div><div><div><div>Mar 24 18:34:13 alpha charon: 13[IKE] received retransmit of request with ID 0, retransmitting response</div></div></div><div><div><div>Mar 24 18:34:13 alpha charon: 13[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (172 bytes)</div></div></div><div><div><div>Mar 24 18:34:16 alpha charon: 14[NET] received packet: from 192.168.5.69[4500] to 192.168.5.11[4500] (108 bytes)</div></div></div><div><div><div>Mar 24 18:34:16 alpha charon: 14[IKE] received retransmit of request with ID 0, retransmitting response</div></div></div><div><div><div>Mar 24 18:34:16 alpha charon: 14[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (172 bytes)</div></div></div><div><div><div>Mar 24 18:34:28 alpha charon: 15[NET] received packet: from 192.168.5.69[4500] to 192.168.5.11[4500] (108 bytes)</div></div></div><div><div><div>Mar 24 18:34:28 alpha charon: 15[IKE] received retransmit of request with ID 0, retransmitting response</div></div></div><div><div><div>Mar 24 18:34:28 alpha charon: 15[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (172 bytes)</div></div></div><div><div><div>Mar 24 18:34:36 alpha charon: 16[IKE] sending DPD request</div></div></div><div><div><div>Mar 24 18:34:36 alpha charon: 16[ENC] generating INFORMATIONAL_V1 request 3738696413 [ HASH N(DPD) ]</div></div></div><div><div><div>Mar 24 18:34:36 alpha charon: 16[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (92 bytes)</div></div></div><div><div><div>Mar 24 18:35:06 alpha charon: 03[IKE] sending DPD request</div></div></div><div><div><div>Mar 24 18:35:06 alpha charon: 03[ENC] generating INFORMATIONAL_V1 request 3017683089 [ HASH N(DPD) ]</div></div></div><div><div><div>Mar 24 18:35:06 alpha charon: 03[NET] sending packet: from 192.168.5.11[4500] to 192.168.5.69[4500] (92 bytes)</div></div></div></blockquote><div><div><br></div><div>Looks like the Security Association is successful on the server, but the Mac quits with the same error as before:</div><div><br></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div> "<span style="font-size:12.8px">The L2TP-VPN Server did not respond. Try reconnecting. If the problem continues, verify</span></div></div><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> settings and contact your Administrator."</div></div></blockquote><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div><br></div>There is nothing in the Mac logs either. I did change the ipsec.conf on the server:</div><div><br></div><div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><br></div><div><div>config setup</div></div><div><div> cachecrls=yes</div></div><div><div> uniqueids=yes</div></div><div><div> charondebug=""</div></div><div><div><br></div></div><div><div>conn %default</div></div><div><div> keyingtries=%forever</div></div><div><div> dpddelay=30s</div></div><div><div> dpdtimeout=120s</div></div><div><div> authby=secret</div></div><div><div> keyexchange=ikev2</div></div><div><div><br></div></div><div><div><br></div></div><div><div><br></div></div><div><div>conn L2TP</div></div><div><div> #aggressive=yes</div></div><div><div> fragmentation=yes</div></div><div><div> dpdaction=clear</div></div><div><div> #Server IP</div></div><div><div> left=192.168.5.11</div></div><div><div> #Server default gateway</div></div><div><div> # leftnexthop=192.168.5.254</div></div><div><div> leftprotoport=17/1701</div></div><div><div> rightprotoport=17/%any</div></div><div><div> right=%any</div></div><div><div> rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div></div><div><div> authby=secret</div></div><div><div> # leftauth=psk</div></div><div><div> # leftauth2=xauth</div></div><div><div> # rightauth=psk</div></div><div><div> # leftid="<insert-the-public-ip-here>"</div></div><div><div><br></div></div><div><div> leftid="CN=<a href="http://access.acme.com">access.acme.com</a>, C=US, O="Acme Technologies Inc""</div></div><div><div> leftcert=/etc/ipsec.d/certs/alpha_SSWAN_vpnHost_signed_cert.crt</div></div><div><div><br></div></div><div><div><br></div></div><div><div> ikelifetime=1h</div></div><div><div> keylife=8h</div></div><div><div> ike=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024</div></div><div><div> esp=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024</div></div><div><div> auto=add</div></div><div><div> keyexchange=ike</div></div><div><div> type=transport</div></div><div><br></div></blockquote>What am I missing? Kindly share your thoughts.</div><div><br></div><div>Thanks</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Mar 24, 2018 at 1:17 PM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel.kuntze+strongswan-users-ml@thermi.consulting" target="_blank">noel.kuntze+strongswan-users-ml@thermi.consulting</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Please always address the mailing list, too.<br>
<br>
Then a little bit more text for you, so you can see your error.<br>
<br>
</span><span class="">> Mar 24 09:41:06 alpha charon: 07[IKE] 192.168.5.69 is initiating a Main Mode IKE_SA<br>
</span><span class="">> Mar 24 09:41:06 alpha charon: 09[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode<br>
<br>
</span><span class="">> conn L2TP<br>
> aggressive=yes<br>
<br>
<br>
I hope it's clear now.<br>
<br>
Btw, all those other conns are useless. They don't do anything.<br>
<br>
On <a href="tel:24.03.2018%2016" value="+12403201816">24.03.2018 16</a>:53, Ubaidul Khan wrote:<br>
</span><span class="">> Thanks for replying, but none(of the two messages you sent) has any content.<br>
><br>
</span>> On Sat, Mar 24, 2018 at 11:02 AM, Noel Kuntze <noel.kuntze+strongswan-users-<wbr>ml@thermi.consulting <mailto:<a href="mailto:noel.kuntze%2Bstrongswan-users-ml@thermi.consulting">noel.kuntze+<wbr>strongswan-users-ml@thermi.<wbr>consulting</a>>> wrote:<br>
<div class="HOEnZb"><div class="h5">><br>
><br>
><br>
> On <a href="tel:24.03.2018%2015" value="+12403201815">24.03.2018 15</a> <tel:24.03.2018%2015>:02, Ubaidul Khan wrote:<br>
> > Mar 24 09:41:06 alpha charon: 09[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode<br>
><br>
><br>
<br>
</div></div></blockquote></div><br></div>