[strongSwan] Strongsawn 5.00 lt2p ipsec freebsd 9.0

[Jens Hansen]

Hello strongswan users.
Based on the following
http://forums.freebsd.org/showthread.php?t=26755 I tried to setup a
l2tp/ipsec server based on FreeBSD 9.0 with strongswan 5.0.0.

My network looks like this:

[ISP]->[FREEBSD 9.0 re0 public em0 private) em0 is in 192.168.1.0/24

Trying to connect from outside (from another isp) the ike steps
succeeds but mpd does not receive any traffic:
Code:

IKE_SA l2tp[8] established between x.x.x.x[x.x.x.x]...y.y.y.y[10.95.1.2]
Sep 18 18:46:04 hostname charon: 01[IKE] deleting IKE_SA l2tp[8]
between x.x.x.x[x.x.x.x]...y.y.y.y[10.95.1.2]

When I connect from a (network bridged to 192.168.1.0/24 virtualbox)
Windows 7 to my external ip l2tp does get traffic and sets up an
interface.

This look like this in the log:

Code:

Sep 18 19:20:18 hostname charon: 13[IKE] 192.168.1.147 is initiating a
Main Mode IKE_SA
Sep 18 19:20:19 hostname charon: 09[IKE] IKE_SA l2tp[10] established
between x.x.x.x[x.x.x.x]...192.168.1.147[192.168.1.147]
Sep 18 19:20:19 hostname charon: 10[IKE] CHILD_SA l2tp{5} established
with SPIs cb460e16_i 4c4c6c5d_o and TS x.x.x.x/32[udp/l2f] ===
192.168.1.147/32[udp/l2f]

and the mpd log:
Code:

x mpd: [L_l2tp-1] LCP: authorization successful
Sep 18 19:20:22 hostname mpd: [L_l2tp-1] Link: Matched action 'bundle
"B_l2tp" ""'
Sep 18 19:20:22 hostname mpd: [L_l2tp-1] Creating new bundle using
template "B_l2tp".
Sep 18 19:20:22 hostname mpd: [B_l2tp-1] Bundle: Interface ng0 created
Sep 18 19:20:22 hostname mpd: [L_l2tp-1] Link: Join bundle "B_l2tp-1"
.......
Sep 18 19:20:22 hostname mpd: [B_l2tp-1] IFACE: Up event

I do not have any idea, the only difference to me seems to be the
remote subnet is of another class, I have not the possible to check
from a similar remote subnet.

I'm using pf after trying ipfw with the same result. I've set up a
setkey.conf to require esp over 1701, and I'm allowing enc0 and
esp,ah.

Any clues are highly appreciated.

Best regards.