Hi, everyone. I have a problem with my L2TP/IPsec VPN setup.
Map:
My server <---> Internet <---> Router (NAT) <---> My client
(public IP) (Public IP) 192.168.0.XXX
I used openswan xl2tpd to setup the vpn server on debian.
The server received the request properly, but xl2tpd daemon never received any thing.
So I digged out /var/log/auth.log, found the following:
Code:
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: responding to Main Mode from unknown peer MY.CLIENT.IP.ADDRESS
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: STATE_MAIN_R1: sent MR1, expecting MI2
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: STATE_MAIN_R2: sent MR2, expecting MI3
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.102'
pluto[4599]: "L2TP-PSK-NAT"[3] MY.CLIENT.IP.ADDRESS #8: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #8: deleting connection "L2TP-PSK-NAT" instance with peer MY.CLIENT.IP.ADDRESS {isakmp=#0/ipsec=#0}
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #8: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #8: new NAT mapping for #8, was MY.CLIENT.IP.ADDRESS:500, now MY.CLIENT.IP.ADDRESS:4500
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #8: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #8: the peer proposed: VPN.SERVER.IP.ADDRESS/32:17/1701 -> 192.168.0.102/32:17/0
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #8: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #9: responding to Quick Mode proposal {msgid:01000000}
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #9: us: VPN.SERVER.IP.ADDRESS<VPN.SERVER.IP.ADDRESS>[+S=C]:17/1701
pluto[4599]: "L2TP-PSK-NAT"[4] MY.CLIENT.IP.ADDRESS #9: them: MY.CLIENT.IP.ADDRESS[192.168.0.102,+S=C]:17/1701===192.168.0.102/32
Then it just retry several time and give up, because server IP cant connect to the 192.168.0.102 :S
I am a newbie to linux, Please help