[strongSwan] Problem with IPsec/L2TP VPN!

A P sashka76 at hotmail.com
Mon Apr 8 15:09:01 CEST 2019 

I've added

rightsubnet=0.0.0.0/0
leftsubnet=0.0.0.0/0

to ipsec.conf and now get
connection 'myvpn' established successfully

still no ip addess for the connection (just keep-alives), but that's next I suppose (need username/password probably)



________________________________
From: Users <users-bounces at lists.strongswan.org> on behalf of A P <sashka76 at hotmail.com>
Sent: Monday, 8 April 2019 22:08
To: users at lists.strongswan.org
Subject: Re: [strongSwan] Problem with IPsec/L2TP VPN!

Ok, I have enabled all the logs to level 4. Here is what I get around the error. Is this any more helpful? Perhaps, I need to set left/rightsubmask? Is the problem that it used my public ip rather than router internal? I don't think there is anything else missing from config (I don't have access to server log unfortunately)


LOG
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] changing received traffic selectors <my-public-ip>/32[udp]=== <vpn-server-ip>/32[udp/l2f] due to NAT
Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: CREATED => INSTALLING
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] no acceptable traffic selectors found
Apr 08 21:19:45 cosmic charon[3199]: 04[IKE] queueing INFORMATIONAL task
Apr 08 21:19:45 cosmic charon[3199]: 04[CHD] CHILD_SA myvpn{1} state change: INSTALLING => DESTROYING
Apr 08 21:19:45 cosmic charon[3199]: 04[KNL] deleting SAD entry with SPI cb524fd7


later there's also stuff like

Apr 08 21:47:49 cosmic ipsec[3798]: 03[IKE] received retransmit of response with ID 2810990975, but next request already sent



CONFIGS

ipsec.conf (I don't think the others really mater at this point)

conn myvpn
  type=transport
  authby=secret
  pfs=no
  rekey=no
  keyingtries=1
  left=%defaultroute
  leftprotoport=udp/l2tp
  right=<vpn-server-ip>
  rightprotoport=udp/%any
  auto=add
  ike=3des-sha1-modp1536!
  esp=3des-sha1!
  keyexchange=ikev1



xl2tpd.conf (tried with lac section as well)

[global]
port = 1701
access control = no

[lns default]
local ip = 192.168.1.2
require authentication = yes
name = myvpn
pppoptfile = /etc/ppp/options.l2tpd



options.l2tp (tried many others, with username/password, too)

noccp
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
lock
proxyarp
silent


also there a secrets file obviously

________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190408/2bfbdb59/attachment.html>

More information about the Users mailing list