<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I've added <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span><br>
</span>
<div>rightsubnet=0.0.0.0/0<br>
</div>
<span>leftsubnet=0.0.0.0/0</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
to ipsec.conf and now get <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>connection 'myvpn' established successfully<br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span><br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>still no ip addess for the connection (just keep-alives), but that's next I suppose (need username/password probably)<br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span><br>
</span>
<div><br>
</div>
<span></span><br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Users <users-bounces@lists.strongswan.org> on behalf of A P <sashka76@hotmail.com><br>
<b>Sent:</b> Monday, 8 April 2019 22:08<br>
<b>To:</b> users@lists.strongswan.org<br>
<b>Subject:</b> Re: [strongSwan] Problem with IPsec/L2TP VPN!</font>
<div> </div>
</div>
<style type="text/css" style="display:none">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>Ok, I have enabled all the logs to level 4. Here is what I get around the error. Is this any more helpful? Perhaps, I need to set left/rightsubmask? Is the problem that it used my public ip rather than router internal? I don't think there is anything
else missing from config (I don't have access to server log unfortunately)<br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><b>LOG</b><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] changing received traffic selectors <my-public-ip>/32[udp]=== <vpn-server-ip>/32[udp/l2f] due to NAT<br>
</span>
<div>Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: CREATED => INSTALLING<br>
</div>
<div>Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] no acceptable traffic selectors found<br>
</div>
<div>Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] queueing INFORMATIONAL task<br>
</div>
<div>Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: INSTALLING => DESTROYING<br>
</div>
<div>Apr 08 21:19:45 cosmic charon[3199]: 04[KNL] deleting SAD entry with SPI cb524fd7</div>
<div><br>
</div>
<div><br>
</div>
<div><i>later there's also stuff like</i></div>
<div><br>
</div>
<div><span>Apr 08 21:47:49 cosmic ipsec[3798]: 03[IKE] received retransmit of response with ID 2810990975, but next request already sent<br>
</span>
<div><br>
</div>
<span></span><br>
</div>
<div><br>
</div>
<div><b>CONFIGS</b></div>
<div><span><br>
</span></div>
<div><span><i>ipsec.conf (I don't think the others really mater at this point)</i><br>
</span></div>
<div><span><br>
</span></div>
<div><span>conn myvpn<br>
</span>
<div> type=transport<br>
</div>
<div> authby=secret<br>
</div>
<div> pfs=no<br>
</div>
<div> rekey=no<br>
</div>
<div> keyingtries=1<br>
</div>
<div> left=%defaultroute<br>
</div>
<div> leftprotoport=udp/l2tp<br>
</div>
<div> right=<vpn-server-ip><br>
</div>
<div> rightprotoport=udp/%any<br>
</div>
<div> auto=add<br>
</div>
<div> ike=3des-sha1-modp1536!<br>
</div>
<div> esp=3des-sha1!<br>
</div>
<div> keyexchange=ikev1<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><span><i>xl2tpd.conf (tried with lac section as well)</i><br>
</span>
<div><br>
</div>
</div>
<span></span><span>[global]<br>
</span>
<div>port = 1701<br>
</div>
<div>access control = no<br>
</div>
<div><br>
</div>
<div>[lns default]<br>
</div>
<div>local ip = 192.168.1.2<br>
</div>
<div>require authentication = yes<br>
</div>
<div>name = myvpn<br>
</div>
<span>pppoptfile = /etc/ppp/options.l2tpd</span></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div><i><span>options.l2tp (tried many others, with username/password, too)<br>
</span></i></div>
<div><i><span><br>
</span></i></div>
<div><span><span>noccp<br>
</span>
<div>auth<br>
</div>
<div>crtscts<br>
</div>
<div>mtu 1410<br>
</div>
<div>mru 1410<br>
</div>
<div>nodefaultroute<br>
</div>
<div>lock<br>
</div>
<div>proxyarp<br>
</div>
<div>silent<br>
</div>
<div><br>
</div>
<span></span><br>
</span></div>
<div><span>also there a secrets file obviously</span></div>
<div><span><br>
</span></div>
</div>
<div id="x_appendonsend"></div>
<hr tabindex="-1" style="display:inline-block; width:98%">
</div>
</body>
</html>