[strongSwan] Problem with IPsec/L2TP VPN!
A P
sashka76 at hotmail.com
Mon Apr 8 15:09:01 CEST 2019
I've added
rightsubnet=0.0.0.0/0
leftsubnet=0.0.0.0/0
to ipsec.conf and now get
connection 'myvpn' established successfully
still no ip addess for the connection (just keep-alives), but that's next I suppose (need username/password probably)
________________________________
From: Users <users-bounces at lists.strongswan.org> on behalf of A P <sashka76 at hotmail.com>
Sent: Monday, 8 April 2019 22:08
To: users at lists.strongswan.org
Subject: Re: [strongSwan] Problem with IPsec/L2TP VPN!
Ok, I have enabled all the logs to level 4. Here is what I get around the error. Is this any more helpful? Perhaps, I need to set left/rightsubmask? Is the problem that it used my public ip rather than router internal? I don't think there is anything else missing from config (I don't have access to server log unfortunately)
LOG
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] changing received traffic selectors <my-public-ip>/32[udp]=== <vpn-server-ip>/32[udp/l2f] due to NAT
Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: CREATED => INSTALLING
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] no acceptable traffic selectors found
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] queueing INFORMATIONAL task
Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: INSTALLING => DESTROYING
Apr 08 21:19:45 cosmic charon[3199]: 04[KNL] deleting SAD entry with SPI cb524fd7
later there's also stuff like
Apr 08 21:47:49 cosmic ipsec[3798]: 03[IKE] received retransmit of response with ID 2810990975, but next request already sent
CONFIGS
ipsec.conf (I don't think the others really mater at this point)
conn myvpn
type=transport
authby=secret
pfs=no
rekey=no
keyingtries=1
left=%defaultroute
leftprotoport=udp/l2tp
right=<vpn-server-ip>
rightprotoport=udp/%any
auto=add
ike=3des-sha1-modp1536!
esp=3des-sha1!
keyexchange=ikev1
xl2tpd.conf (tried with lac section as well)
[global]
port = 1701
access control = no
[lns default]
local ip = 192.168.1.2
require authentication = yes
name = myvpn
pppoptfile = /etc/ppp/options.l2tpd
options.l2tp (tried many others, with username/password, too)
noccp
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
lock
proxyarp
silent
also there a secrets file obviously
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190408/2bfbdb59/attachment.html>
More information about the Users
mailing list