[strongSwan] L2TP over strongswan

Rajiv Kulkarni rajivkulkarni69 at gmail.com
Mon Apr 27 21:05:25 CEST 2015 

why dont you try the below sample configs please:

On L2TP-Server
===============
# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
    strictcrlpolicy=no
    crlcheckinterval=180

conn %default
    ikelifetime=30m
    keylife=15m
    rekeymargin=3m
    keyingtries=1
    mobike=no
    dpdaction=clear
    dpddelay=30
    dpdtimeout=120

conn mainconn
    left=2.2.2.2
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/1701
    authby=secret
    type=transport
    keyexchange=ikev1
    auto=add

# /etc/ipsec.secrets - strongSwan IPsec secrets file
: PSK "123456"

On the L2TP-Client
===================
# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
    strictcrlpolicy=no

conn %default
    ikelifetime=30m
    keylife=15m
    rekeymargin=3m
    keyingtries=1
    mobike=no
    dpdaction=restart
    dpddelay=30
    dpdtimeout=120

conn topeergwconnection
    left=1.1.1.2
    leftprotoport=17/1701
    right=2.2.2.2
    rightprotoport=17/1701
    authby=secret
    type=transport
    keyexchange=ikev1
    auto=route

# /etc/ipsec.secrets - strongSwan IPsec secrets file
: PSK "123456"

=======================================

There is NO leftsubnet, on either server or the client, to be mentioned as
its a transport mode tunnel (using udp/1701, the l2tp port, as the selector)

thanks & regards
Rajiv





On Mon, Apr 27, 2015 at 10:51 PM, Randy Wyatt <rwwyatt01 at gmail.com> wrote:

> I am trying to setup a roadwarrior L2TP server using strongswan as the
> ipsec layer.
>
> I keep running into the following error message in the logs:
>
> pr 27 13:15:59 Saturn charon: 11[NET] received packet: from client1[12117
> ] to server1[500] (408 bytes)
> Apr 27 13:15:59 Saturn charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V
> V V V V V ]
> Apr 27 13:15:59 Saturn charon: 11[IKE] no IKE config found for
> server1...client1, sending NO_PROPOSAL_CHOSEN
>
> The configuration in ipsec is as follows:
> [root at Saturn log]# cat /etc/ipsec.conf
> config setup
>         cachecrls=yes
>         strictcrlpolicy=yes
>         charondebug="ike 2, knl 3, cfg 2"
>
> conn %default
>         keyingtries=1
>         keyexchange=ike
>
> conn roadwarrior
>         type=transport
>         authby=secret
>         pfs=yes
>         rekey=no
>         left=server1
>         leftsubnet=172.17.1.0/24
>         leftprotoport=1701
>         right=%any
>         rightprotoport=1701
>         auto=add
>
>  cat /etc/ipsec.secrets
> server1 %any : PSK "mypsk"
>
>
> Any ideas on What I am doing wrong?
>
> Regards,
> Randy
> --
> Randy W. Wyatt
> rwwyatt01 at gmail.com
> Home: 858-309-5303
> Cell: 858-598-4421
> Fax: 858-408-7554
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150428/70518e64/attachment-0001.html>

More information about the Users mailing list