Hello! I have a problem with setting up l2tp over ipsec remote acces VPN.
I configured this like in docs, and trying to connection.
Here is my log from Android device:
Oct 14 17:00:13 vyos pluto[2899]: packet from 94.25.168.152:14849: received Vendor ID payload [RFC 3947]
Oct 14 17:00:13 vyos pluto[2899]: packet from 94.25.168.152:14849: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Oct 14 17:00:13 vyos pluto[2899]: packet from 94.25.168.152:14849: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 14 17:00:13 vyos pluto[2899]: packet from 94.25.168.152:14849: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 14 17:00:13 vyos pluto[2899]: packet from 94.25.168.152:14849: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Oct 14 17:00:13 vyos pluto[2899]: packet from 94.25.168.152:14849: received Vendor ID payload [Dead Peer Detection]
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: responding to Main Mode from unknown peer 94.25.168.152:14849
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: Oakley Transform [AES_CBC (256), HMAC_SHA2_384, MODP_1024] refused due to strict flag
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: Oakley Transform [AES_CBC (256), HMAC_SHA2_256, MODP_1024] refused due to strict flag
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: Oakley Transform [AES_CBC (256), HMAC_SHA2_512, MODP_1024] refused due to strict flag
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: NAT-Traversal: Result using RFC 3947: peer is NATed
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:13 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:16 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:16 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:16 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:19 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:19 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:19 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:22 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:22 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:22 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:25 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:25 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:25 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:28 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:28 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:28 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:31 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:31 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:31 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:34 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:34 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:34 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:37 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:37 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:37 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
Oct 14 17:00:40 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: next payload type of ISAKMP Identification Payload has an unknown value: 73
Oct 14 17:00:40 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Oct 14 17:00:40 vyos pluto[2899]: "remote-access-mac-zzz"[8] 94.25.168.152:14849 #8: sending encrypted notification PAYLOAD_MALFORMED to 94.25.168.152:14849
And here is log from windows 10:
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: ignoring Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: received Vendor ID payload [RFC 3947]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: ignoring Vendor ID payload [FRAGMENTATION]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 12 22:49:42 vyos pluto[3962]: packet from 178.173.21.41:500: ignoring Vendor ID payload [IKE CGA version 1]
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: responding to Main Mode from unknown peer 178.173.21.41
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: Oakley Transform [AES_CBC (256), HMAC_SHA1, ECP_384] refused due to strict flag
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: Oakley Transform [AES_CBC (128), HMAC_SHA1, ECP_256] refused due to strict flag
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: Oakley Transform [AES_CBC (256), HMAC_SHA1, MODP_2048] refused due to strict flag
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP_2048] refused due to strict flag
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: NAT-Traversal: Result using RFC 3947: peer is NATed
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[1] 178.173.21.41 #26: Peer ID is ID_IPV4_ADDR: '192.168.254.1'
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41 #26: deleting connection "remote-access-mac-zzz" instance with peer 178.173.21.41 {isakmp=#0/ipsec=#0}
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500 #26: sent MR3, ISAKMP SA established
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500 #27: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500 #27: responding to Quick Mode
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500 #27: IPsec SA established {ESP=>0x0cf68da4 <0xc9e77aef NATOA=192.168.254.1}
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500 #26: received Delete SA(0x0cf68da4) payload: deleting IPSEC State #27
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500 #26: received Delete SA payload: deleting ISAKMP State #26
Oct 12 22:49:42 vyos pluto[3962]: "remote-access-mac-zzz"[2] 178.173.21.41:4500: deleting connection "remote-access-mac-zzz" instance with peer 178.173.21.41 {isakmp=#0/ipsec=#0}
VyOS v1.1.8
What have I done wrong? Thank u for answer.
Dmitry, I have been updated vyos to latest release VyOS 1.2-rolling-201910150117
And now it doesn’t work…
Help please!
Oct 15 19:32:41 vyos charon: 07[NET] received packet: from 178.173.21.41[500] to 37.18.88.193[500] (408 bytes)
Oct 15 19:32:41 vyos charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Oct 15 19:32:41 vyos charon: 07[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Oct 15 19:32:41 vyos charon: 07[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Oct 15 19:32:41 vyos charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Oct 15 19:32:41 vyos charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Oct 15 19:32:41 vyos charon: 07[IKE] received FRAGMENTATION vendor ID
Oct 15 19:32:41 vyos charon: 07[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Oct 15 19:32:41 vyos charon: 07[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Oct 15 19:32:41 vyos charon: 07[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Oct 15 19:32:41 vyos charon: 07[IKE] 178.173.21.41 is initiating a Main Mode IKE_SA
Oct 15 19:32:41 vyos charon: 07[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 15 19:32:41 vyos charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Oct 15 19:32:41 vyos charon: 07[NET] sending packet: from 37.18.88.193[500] to 178.173.21.41[500] (156 bytes)
Oct 15 19:32:41 vyos charon: 08[NET] received packet: from 178.173.21.41[500] to 37.18.88.193[500] (260 bytes)
Oct 15 19:32:41 vyos charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 15 19:32:41 vyos charon: 08[IKE] remote host is behind NAT
Oct 15 19:32:41 vyos charon: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 15 19:32:41 vyos charon: 08[NET] sending packet: from 37.18.88.193[500] to 178.173.21.41[500] (244 bytes)
Oct 15 19:32:41 vyos charon: 09[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (68 bytes)
Oct 15 19:32:41 vyos charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
Oct 15 19:32:41 vyos charon: 09[CFG] looking for pre-shared key peer configs matching 37.18.88.193...178.173.21.41[192.168.254.1]
Oct 15 19:32:41 vyos charon: 09[CFG] selected peer config "remote-access"
Oct 15 19:32:41 vyos charon: 09[IKE] IKE_SA remote-access[1] established between 37.18.88.193[37.18.88.193]...178.173.21.41[192.168.254.1]
Oct 15 19:32:41 vyos charon: 09[IKE] DPD not supported by peer, disabled
Oct 15 19:32:41 vyos charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
Oct 15 19:32:41 vyos charon: 09[NET] sending packet: from 37.18.88.193[4500] to 178.173.21.41[4500] (68 bytes)
Oct 15 19:32:41 vyos charon: 11[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (436 bytes)
Oct 15 19:32:41 vyos charon: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 15 19:32:41 vyos charon: 11[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Oct 15 19:32:41 vyos charon: 11[IKE] received 3600s lifetime, configured 0s
Oct 15 19:32:41 vyos charon: 11[IKE] received 250000000 lifebytes, configured 0
Oct 15 19:32:41 vyos charon: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 15 19:32:41 vyos charon: 11[NET] sending packet: from 37.18.88.193[4500] to 178.173.21.41[4500] (204 bytes)
Oct 15 19:32:41 vyos charon: 12[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (60 bytes)
Oct 15 19:32:41 vyos charon: 12[ENC] parsed QUICK_MODE request 1 [ HASH ]
Oct 15 19:32:41 vyos charon: 12[IKE] CHILD_SA remote-access{1} established with SPIs cbfb07a0_i 6ade0464_o and TS 37.18.88.193/32[udp/l2f] === 178.173.21.41/32[udp/l2f]
Oct 15 19:32:41 vyos charon: 13[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (76 bytes)
Oct 15 19:32:41 vyos charon: 13[ENC] parsed INFORMATIONAL_V1 request 1690522692 [ HASH D ]
Oct 15 19:32:41 vyos charon: 13[IKE] received DELETE for ESP CHILD_SA with SPI 6ade0464
Oct 15 19:32:41 vyos charon: 13[IKE] closing CHILD_SA remote-access{1} with SPIs cbfb07a0_i (0 bytes) 6ade0464_o (0 bytes) and TS 37.18.88.193/32[udp/l2f] === 178.173.21.41/32[udp/l2f]
Oct 15 19:32:41 vyos charon: 14[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (84 bytes)
Oct 15 19:32:41 vyos charon: 14[ENC] parsed INFORMATIONAL_V1 request 1502983837 [ HASH D ]
Oct 15 19:32:41 vyos charon: 14[IKE] received DELETE for IKE_SA remote-access[1]
Oct 15 19:32:41 vyos charon: 14[IKE] deleting IKE_SA remote-access[1] between 37.18.88.193[37.18.88.193]...178.173.21.41[192.168.254.1]
The latest log which I sent to you, was trying of connect from Win10 device.
My android device is Samsung Galaxy S9+. But windows is prefer than android.
Also, I’ll try to send you from android device.
vyos@vyos:~$ show log | match "23:06:"
Oct 15 23:06:17 vyos charon[18614]: 08[NET] received packet: from 178.173.21.41[500] to 37.18.88.193[500] (408 bytes)
Oct 15 23:06:17 vyos charon[18614]: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Oct 15 23:06:17 vyos charon[18614]: 08[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Oct 15 23:06:17 vyos charon[18614]: 08[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Oct 15 23:06:17 vyos charon[18614]: 08[IKE] received NAT-T (RFC 3947) vendor ID
Oct 15 23:06:17 vyos charon[18614]: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Oct 15 23:06:17 vyos charon[18614]: 08[IKE] received FRAGMENTATION vendor ID
Oct 15 23:06:17 vyos charon[18614]: 08[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Oct 15 23:06:17 vyos charon[18614]: 08[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Oct 15 23:06:17 vyos charon[18614]: 08[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Oct 15 23:06:17 vyos charon[18614]: 08[IKE] 178.173.21.41 is initiating a Main Mode IKE_SA
Oct 15 23:06:17 vyos charon[18614]: 08[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 15 23:06:17 vyos charon[18614]: 08[ENC] generating ID_PROT response 0 [ SA V V V V ]
Oct 15 23:06:17 vyos charon[18614]: 08[NET] sending packet: from 37.18.88.193[500] to 178.173.21.41[500] (156 bytes)
Oct 15 23:06:17 vyos charon[18614]: 09[NET] received packet: from 178.173.21.41[500] to 37.18.88.193[500] (260 bytes)
Oct 15 23:06:17 vyos charon[18614]: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 15 23:06:17 vyos charon[18614]: 09[IKE] remote host is behind NAT
Oct 15 23:06:17 vyos charon[18614]: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 15 23:06:17 vyos charon[18614]: 09[NET] sending packet: from 37.18.88.193[500] to 178.173.21.41[500] (244 bytes)
Oct 15 23:06:17 vyos charon[18614]: 10[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (68 bytes)
Oct 15 23:06:17 vyos charon[18614]: 10[ENC] parsed ID_PROT request 0 [ ID HASH ]
Oct 15 23:06:17 vyos charon[18614]: 10[CFG] looking for pre-shared key peer configs matching 37.18.88.193...178.173.21.41[192.168.254.1]
Oct 15 23:06:17 vyos charon[18614]: 10[CFG] selected peer config "remote-access"
Oct 15 23:06:17 vyos charon[18614]: 10[IKE] IKE_SA remote-access[2] established between 37.18.88.193[37.18.88.193]...178.173.21.41[192.168.254.1]
Oct 15 23:06:17 vyos charon[18614]: 10[IKE] DPD not supported by peer, disabled
Oct 15 23:06:17 vyos charon[18614]: 10[ENC] generating ID_PROT response 0 [ ID HASH ]
Oct 15 23:06:17 vyos charon[18614]: 10[NET] sending packet: from 37.18.88.193[4500] to 178.173.21.41[4500] (68 bytes)
Oct 15 23:06:17 vyos charon[18614]: 12[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (436 bytes)
Oct 15 23:06:17 vyos charon[18614]: 12[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 15 23:06:17 vyos charon[18614]: 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Oct 15 23:06:17 vyos charon[18614]: 12[IKE] received 3600s lifetime, configured 0s
Oct 15 23:06:17 vyos charon[18614]: 12[IKE] received 250000000 lifebytes, configured 0
Oct 15 23:06:17 vyos charon[18614]: 12[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 15 23:06:17 vyos charon[18614]: 12[NET] sending packet: from 37.18.88.193[4500] to 178.173.21.41[4500] (204 bytes)
Oct 15 23:06:17 vyos charon[18614]: 13[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (60 bytes)
Oct 15 23:06:17 vyos charon[18614]: 13[ENC] parsed QUICK_MODE request 1 [ HASH ]
Oct 15 23:06:17 vyos charon[18614]: 13[IKE] CHILD_SA remote-access{1} established with SPIs c1b3f642_i 25619316_o and TS 37.18.88.193/32[udp/l2f] === 178.173.21.41/32[udp/l2f]
Oct 15 23:06:17 vyos charon[18614]: 14[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (76 bytes)
Oct 15 23:06:17 vyos charon[18614]: 14[ENC] parsed INFORMATIONAL_V1 request 93092637 [ HASH D ]
Oct 15 23:06:17 vyos charon[18614]: 14[IKE] received DELETE for ESP CHILD_SA with SPI 25619316
Oct 15 23:06:17 vyos charon[18614]: 14[IKE] closing CHILD_SA remote-access{1} with SPIs c1b3f642_i (0 bytes) 25619316_o (0 bytes) and TS 37.18.88.193/32[udp/l2f] === 178.173.21.41/32[udp/l2f]
Oct 15 23:06:17 vyos charon[18614]: 15[NET] received packet: from 178.173.21.41[4500] to 37.18.88.193[4500] (84 bytes)
Oct 15 23:06:17 vyos charon[18614]: 15[ENC] parsed INFORMATIONAL_V1 request 4146135641 [ HASH D ]
Oct 15 23:06:17 vyos charon[18614]: 15[IKE] received DELETE for IKE_SA remote-access[2]
Oct 15 23:06:17 vyos charon[18614]: 15[IKE] deleting IKE_SA remote-access[2] between 37.18.88.193[37.18.88.193]...178.173.21.41[192.168.254.1]
Oct 15 23:06:24 vyos sudo[18824]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/bin/journalctl
Oct 15 23:06:24 vyos sudo[18824]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 15 23:06:24 vyos sudo[18824]: pam_unix(sudo:session): session closed for user root
Oct 15 23:06:34 vyos sudo[18845]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/bin/journalctl
Oct 15 23:06:34 vyos sudo[18845]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 15 23:06:34 vyos sudo[18845]: pam_unix(sudo:session): session closed for user root
Oct 15 23:06:55 vyos sudo[18866]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/bin/journalctl
Oct 15 23:06:55 vyos sudo[18866]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 15 23:06:55 vyos sudo[18866]: pam_unix(sudo:session): session closed for user root
Oct 15 23:06:58 vyos sudo[18887]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/bin/journalctl
Oct 15 23:06:58 vyos sudo[18887]: pam_unix(sudo:session): session opened for user root by vyos(uid=0)
Oct 15 23:06:58 vyos sudo[18887]: pam_unix(sudo:session): session closed for user root
_
vyos@vyos:~$ show configuration commands | strip-private | match vpn
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-networks allowed-network xxx.xxx.0.0/0
set vpn ipsec nat-traversal 'enable'
set vpn l2tp remote-access authentication local-users username xxxxxx password xxxxxx
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access client-ip-pool start 'xxx.xxx.0.1'
set vpn l2tp remote-access client-ip-pool stop 'xxx.xxx.0.100'
set vpn l2tp remote-access description 'TestRemoteAccessVPN'
set vpn l2tp remote-access dns-servers server-1 'xxx.xxx.8.8'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret xxxxxx
set vpn l2tp remote-access ipsec-settings ike-lifetime '3600'
set vpn l2tp remote-access outside-address 'xxx.xxx.88.193'
Trying to connect frome iOS:
07[NET] received packet: from 31.173.86.255[35553] to 37.18.88.193[500] (788 bytes)
07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
07[IKE] received NAT-T (RFC 3947) vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
07[IKE] received FRAGMENTATION vendor ID
07[IKE] received DPD vendor ID
07[IKE] 31.173.86.255 is initiating a Main Mode IKE_SA
07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
07[ENC] generating ID_PROT response 0 [ SA V V V V ]
07[NET] sending packet: from 37.18.88.193[500] to 31.173.86.255[35553] (160 bytes)
08[NET] received packet: from 31.173.86.255[35553] to 37.18.88.193[500] (228 bytes)
08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
08[IKE] remote host is behind NAT
08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
08[NET] sending packet: from 37.18.88.193[500] to 31.173.86.255[35553] (244 bytes)
14[NET] received packet: from 31.173.86.255[3092] to 37.18.88.193[4500] (108 bytes)
14[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
14[CFG] looking for pre-shared key peer configs matching 37.18.88.193...31.173.86.255[100.118.117.113]
14[CFG] selected peer config "remote-access"
14[IKE] IKE_SA remote-access[4] established between 37.18.88.193[37.18.88.193]...31.173.86.255[100.118.117.113]
14[ENC] generating ID_PROT response 0 [ ID HASH ]
14[NET] sending packet: from 37.18.88.193[4500] to 31.173.86.255[3092] (76 bytes)
08[NET] received packet: from 31.173.86.255[3092] to 37.18.88.193[4500] (316 bytes)
08[ENC] parsed QUICK_MODE request 3828860548 [ HASH SA No ID ID NAT-OA NAT-OA ]
08[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
08[IKE] received 3600s lifetime, configured 0s
08[ENC] generating QUICK_MODE response 3828860548 [ HASH SA No ID ID NAT-OA NAT-OA ]
08[NET] sending packet: from 37.18.88.193[4500] to 31.173.86.255[3092] (204 bytes)
06[NET] received packet: from 31.173.86.255[3092] to 37.18.88.193[4500] (60 bytes)
06[ENC] parsed QUICK_MODE request 3828860548 [ HASH ]
06[IKE] CHILD_SA remote-access{3} established with SPIs c1ca2a4e_i 019b52a7_o and TS 37.18.88.193/32[udp/l2f] === 31.173.86.255/32[udp/65153]
15[NET] received packet: from 31.173.86.255[3092] to 37.18.88.193[4500] (76 bytes)
15[ENC] parsed INFORMATIONAL_V1 request 1103660005 [ HASH D ]
15[IKE] received DELETE for ESP CHILD_SA with SPI 019b52a7
15[IKE] closing CHILD_SA remote-access{3} with SPIs c1ca2a4e_i (685 bytes) 019b52a7_o (499 bytes) and TS 37.18.88.193/32[udp/l2f] === 31.173.86.255/32[udp/65153]
15[NET] received packet: from 31.173.86.255[3092] to 37.18.88.193[4500] (92 bytes)
15[ENC] parsed INFORMATIONAL_V1 request 1696219511 [ HASH D ]
15[IKE] received DELETE for IKE_SA remote-access[4]
15[IKE] deleting IKE_SA remote-access[4] between 37.18.88.193[37.18.88.193]...31.173.86.255[100.118.117.113]
I tried. The same result. Which address do I need to set in command set vpn l2tp remote-access outside-nexthop ? I tried local-network addres, interface eth0(outside) address. No result
Here is some log from Windows:
Sorry for Russian, but I think u understand that
CoID={210CBA52-8737-4750-B23E-9E9827B80127}: Пользователь SYSTEM начал выполнять подключение VPN, используя профиль подключения per-user с именем L2TP. Параметры подключения:
Dial-in User = testuser
VpnStrategy = L2TP
DataEncryption = Requested
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = EAP
Ipv4DefaultGateway = No
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No
IPsec authentication for L2TP = Pre-shared key.
____
CoID={210CBA52-8737-4750-B23E-9E9827B80127}: Пользователь SYSTEM пытается установить связь с сервером удаленного доступа для подключения L2TP при помощи следующего устройства:
Server address/Phone Number = 37.18.88.193
Device = WAN Miniport (L2TP)
Port = VPN3-1
MediaType = VPN.
____
CoID={210CBA52-8737-4750-B23E-9E9827B80127}: Пользователь SYSTEM установил удаленное подключение L2TP, которое завершилось сбоем. Возвращен код ошибки 651.