lukechai
By:
lukechai

cannot connect L2TP/IPSec VPN

January 8, 2015 2.9k views
VPN

I used OpenSwan & xl2tpd to build a VPN server. Below is my reference.
https://raymii.org/s/tutorials/IPSECL2TPvpnwithUbuntu_14.04.html

After that, I can start IPSec & XL2TPD successfully, but I cannot connect from my MacBook. It will try to connect, then failed after some time. (l2tp-vpn server did not respond...)
Below is my /var/log/auth.log. Any advise?

Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [RFC 3947] method set to=115 
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Jan  8 11:18:44 VPN-PPTP pluto[1499]: packet from 121.204.130.139:500: received Vendor ID payload [Dead Peer Detection]
Jan  8 11:18:44 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: responding to Main Mode from unknown peer 121.204.130.139
Jan  8 11:18:44 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  8 11:18:44 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Jan  8 11:18:44 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Jan  8 11:18:44 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  8 11:18:44 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.105'
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[1] 121.204.130.139 #2: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: new NAT mapping for #2, was 121.204.130.139:500, now 121.204.130.139:4500
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: Dead Peer Detection (RFC 3706): enabled
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: the peer proposed: 104.236.82.206/32:17/1701 -> 192.168.0.105/32:17/0
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #2: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: responding to Quick Mode proposal {msgid:deb619d7}
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3:     us: 104.236.82.206<104.236.82.206>:17/1701
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3:   them: 121.204.130.139[192.168.0.105]:17/51822===192.168.0.105/32
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: Dead Peer Detection (RFC 3706): enabled
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  8 11:18:45 VPN-PPTP pluto[1499]: "L2TP-PSK-NAT"[2] 121.204.130.139 #3: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x08baca35 <0x761f15da xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.105 NATD=121.204.130.139:4500 DPD=enabled}

Thanks in advance.

Be the first one to answer this question.