Hi all,
I’m getting a very weird set of log entries from configuration I have used quite a bit in the past. It’s clearly something with NAT traversal, and while the L2TP server has NAT running on it, the IPSEC interface is not behind it.
The messages:
The VPN configuration:
[size=x-small][font=Helvetica]vyos@router1# run show interfaces[/font][/size]
The messages that follow the INVALID_MESSAGE_ID are all of “[font=Helvetica][size=small]remote-access-mac-zzz”[2] 71.211.239.136:4500 #4: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xa609e4a1 (perhaps this is a duplicated packet)".[/size][/font]
[font=Helvetica][size=x-small]How can I provide more information and learn how to solve this?[/size][/font]
[font=Helvetica][size=x-small]Thanks, Brian[/size][/font]
Is that L2TP client coming in on the vti tunnel ? (assuming 192.168.1.25 is IP address of l2tp vpn client)
Hi @16again , 192.168.1.25 is the natted address of 174.16.180.201 (whatever random public address it got from Comcast). 173.x.x.118 is the address of the ethernet port for the router. vti1 is also on that address, which serves a separate point-to=point VPN.
Do you think that the vti might be intercepting the traffic that is intended for the L2TP? I wonder if it might help to create a separate IP address that is just for the L2TP?