IPsec server behind router with NAT, dynamic IP

l2tp
vpn
ipsec
nat

#1

Hi :slight_smile:
I try to run IPsec L2TP server. Server is behind my provider router. I use DMZ on it.
Sever works in local network of course after changing ipsec-interfaces and outsiede-address (l2tp-remote access)
My clients are some devices with LTE connection so behind NAT too.
My configuration

admin@R2# sh vpn
ipsec {
auto-update 60
ipsec-interfaces {
interface eth0.93
interface eth1.92
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username … {
password …
}
}
mode local
}
client-ip-pool {
start 192.168.80.100
stop 192.168.80.200
}
dns-servers {
server-1 8.8.8.8
server-2 8.8.4.4
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret …
}
ike-lifetime 3600
}
outside-address real external IP address - witch is dynamic so NOT GOOD
}
}

i have logs like

Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: received Vendor ID payload [RFC 3947]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: received Vendor ID payload [Dead Peer Detection]
Aug 21 02:09:55 R2 pluto[25634]: packet from client IP:38744: initial Main Mode message received on 192.168.1.4:500 but no connection has been authorized with policy=PSK

I don’t know what is wrong :frowning:
Can You help me? Please :slight_smile: