L2TP Connection Failure
 

Help,
I'm trying to open an l2tp connection and it doesn't connect. I'm lost as to why this is failing so badly - any help anyone can provide?

xl2tpd -D

[root@ ~]# xl2tpd -D
xl2tpd[11273]: setsockopt recvref[30]: Protocol not available
xl2tpd[11273]: This binary does not support kernel L2TP.
xl2tpd[11273]: xl2tpd version xl2tpd-1.3.1 started on vpn02 PID:11273
xl2tpd[11273]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[11273]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[11273]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[11273]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[11273]: Listening on IP address 64.211.xxx.xxx, port 1701

secure.log
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [RFC 3947] method set to=109
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [Dead Peer Detection]
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: responding to Main Mode from unknown peer 64.211.xxx.rec
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: Main mode peer ID is ID_IPV4_ADDR: '10.69.18.91'
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: deleting connection "L2TP-PSK-NAT" instance with peer 64.211.xxx.rec {isakmp=#0/ipsec=#0}
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: new NAT mapping for #13, was 64.211.xxx.rec:18935, now 64.211.xxx.rec:64113
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: the peer proposed: 64.211.xxx.xxx/32:17/1701 -> 10.69.18.91/32:17/0
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: responding to Quick Mode proposal {msgid:c8030e82}
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: us: 64.211.xxx.xxx<64.211.xxx.xxx>[+S=C]:17/1701
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: them: 64.211.xxx.rec[10.69.18.91,+S=C]:17/58382===10.69.18.91/32
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0145a385 <0x958cc9d9 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=64.211.xxx.rec:64113 DPD=none}
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: received Delete SA(0x0145a385) payload: deleting IPSEC State #14
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: received and ignored informational message
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: received Delete SA payload: deleting ISAKMP State #13
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec: deleting connection "L2TP-PSK-NAT" instance with peer 64.211.xxx.rec {isakmp=#0/ipsec=#0}
Apr 1 15:11:41 l2tp pluto[2207]: packet from 64.211.xxx.rec:64113: received and ignored informational message



ppp.log
Mon Apr 1 15:40:18 2013 : L2TP connecting to server '64.211.xxx.xxx' (64.211.xxx.xxx)...
Mon Apr 1 15:40:18 2013 : IPSec connection started
Mon Apr 1 15:40:18 2013 : IPSec phase 1 client started
Mon Apr 1 15:40:18 2013 : IPSec phase 1 server replied
Mon Apr 1 15:40:19 2013 : IPSec phase 2 started
Mon Apr 1 15:40:19 2013 : IPSec phase 2 established
Mon Apr 1 15:40:19 2013 : IPSec connection established
Mon Apr 1 15:40:19 2013 : L2TP sent SCCRQ
Mon Apr 1 15:40:39 2013 : L2TP cannot connect to the server


ipsec.conf

version 2.0 # conforms to second version of ipsec.conf specification

config setup
dumpdir=/var/run/pluto/
#in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
nat_traversal=yes
#whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade") workaround for IPsec
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
#contains the networks that are allowed as subnet= for the remote client. In other words, the address
#ranges that may live behind a NAT router through which a client connects.
protostack=netkey
#decide which protocol stack is going to be used.
oe=off
#Disable Opertunistic Encryption.

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
#shared secret. Use rsasig for certificates.
pfs=no
#Disable pfs
auto=add
#start at boot
keyingtries=8
#Only negotiate a conn. 3 times.
ikelifetime=8h
keylife=1h
type=transport
#because we use l2tp as tunnel protocol
left=64.211.xxx.xxx
#fill in server IP above
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

I'm not familiar with l2tp, but I did find a setup guide for it: http://www.linuxhelp.in/2011/06/inst...-l2tp-vpn.html

It might be worth comparing his configuration with yours and seeing if there's anything different.