L2TP/IPsec configuration failure logs. I need helps.
The following are the logs trying to connect L2TP/IPsec type VPN. I appreciate any helps on this.
Sep 16 08:47:25 ubuntu pluto[1407]: packet from 117.136.40.179:20439: received Vendor ID payload [RFC 3947] method set to=115
Sep 16 08:47:25 ubuntu pluto[1407]: packet from 117.136.40.179:20439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Sep 16 08:47:25 ubuntu pluto[1407]: packet from 117.136.40.179:20439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02n] meth=106, but already using method 115
Sep 16 08:47:25 ubuntu pluto[1407]: packet from 117.136.40.179:20439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 16 08:47:25 ubuntu pluto[1407]: packet from 117.136.40.179:20439: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Sep 16 08:47:25 ubuntu pluto[1407]: packet from 117.136.40.179:20439: received Vendor ID payload [Dead Peer Detection]
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: responding to Main Mode from unknown peer 117.136.40.179
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: transition from state STATEMAINR0 to state STATEMAINR1
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: STATEMAINR1: sent MR1, expecting MI2
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: transition from state STATEMAINR1 to state STATEMAINR2
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: STATEMAINR2: sent MR2, expecting MI3
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: Main mode peer ID is IDIPV4ADDR: '10.50.8.134'
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[6] 117.136.40.179 #6: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: deleting connection "L2TP-PSK-NAT" instance with peer 117.136.40.179 {isakmp=#0/ipsec=#0}
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: transition from state STATEMAINR2 to state STATEMAINR3
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: new NAT mapping for #6, was 117.136.40.179:20439, now 117.136.40.179:15985
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: STATEMAINR3: sent MR3, ISAKMP SA established {auth=OAKLEYPRESHAREDKEY cipher=aes256 prf=OAKLEYSHA2256 group=modp1024}
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: ignoring informational payload, type IPSECINITIALCONTACT msgid=00000000
Sep 16 08:47:25 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: received and ignored informational message
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: the peer proposed: 139.162.116.55/32:17/1701 -> 10.50.8.134/32:17/0
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: responding to Quick Mode proposal {msgid:560c91ad}
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: us: 139.162.116.55<139.162.116.55>:17/1701
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: them: 117.136.40.179[10.50.8.134]:17/0===10.50.8.134/32
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: transition from state STATEQUICKR0 to state STATEQUICKR1
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: STATEQUICKR1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: transition from state STATEQUICKR1 to state STATEQUICKR2
Sep 16 08:47:26 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #7: STATEQUICKR2: IPsec SA established transport mode {ESP=>0x08d1390f <0x648b97e7 xfrm=AES256-HMACSHA2256 NATOA=none NATD=117.136.40.179:15985 DPD=none}
Sep 16 08:48:24 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: received Delete SA(0x08d1390f) payload: deleting IPSEC State #7
Sep 16 08:48:24 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: ERROR: netlink XFRMMSGDELPOLICY response for flow erouteconnection delete included errno 2: No such file or directory
Sep 16 08:48:24 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: received and ignored informational message
Sep 16 08:48:24 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179 #6: received Delete SA payload: deleting ISAKMP State #6
Sep 16 08:48:24 ubuntu pluto[1407]: "L2TP-PSK-NAT"[7] 117.136.40.179: deleting connection "L2TP-PSK-NAT" instance with peer 117.136.40.179 {isakmp=#0/ipsec=#0}
Sep 16 08:48:24 ubuntu pluto[1407]: packet from 117.136.40.179:15985: received and ignored informational message
1 Reply
Attached my configurations:
/etc/ipsec.conf
config setup
protostack=netkey
dumpdir=/var/run/pluto/
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,
%v6:fe80::/10
oe=off
nat_traversal=yes
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=139.162.116.55
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
/etc/xl2tpd/xl2tpd.conf
[lns default]
ip range = 192.168.30.2-192.168.1.254
local ip = 192.168.30.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
[global]
ipsec saref = no
iptables -t nat -A POSTROUTING -s 192.168.30.0/24 -o eth0 -j MASQUERADE
/etc/ppp/chap-secrets
Secrets for authentication using CHAP
client server secret IP addresses
user * testing *
/etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
mtu 1400
noccp
connect-delay 5000
/etc/sysctl.conf
net.ipv4.ip_forward=1