Hi, I am trying to connect to a freeswan/l2tpd VPN from a windows machine behind a netgear WGT624 ADSL router and am getting a strange problem. The intial IPSEC negotiation works fine, I get a IPSEC SA Established message, but then nothing happens - l2tpd doesn't fire up. I've logged the traffic on ipsec0 and we are getting incoming traffic from the public IP of the remote router to the public IP of the freeswan server on UDP ports 1701->1701, but no reply. Before putting in the router I connected to the same box over a Windows dial-up connection with no problems, so I am confident that l2tpd is running and the config is correct.... after putting in the router I had to add a rightsubnet=x.x.x.x/x in ipsec.conf to get the SA established, but that is the only change I've made.
Here is the relevanct section of ipsec.conf: conn Toby-Mitchell pfs=no left=%defaultroute leftcert=vpn.server.pem leftprotoport=17/0 right=%any rightsubnet=192.168.0.3/32 rightprotoport=17/1701 auto=add .. and here is a section of the logs (all ipsec0 traffic is being logged - 1.2.3.4 is the external freeswan interface, 4.3.2.1 is the router's external interface - the delete SA at the end is me cancelling the connection): Mar 23 23:52:43 rtr1 pluto[4024]: packet from 4.3.2.1:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: responding to Main Mode from unknown peer 4.3.2.1 Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: Peer ID is ID_DER_ASN1_DN: '<Certificate Details>' Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: crl update is overdue since Apr 10 01:51:17 UTC 2003 Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: crl update is overdue since Apr 10 01:51:17 UTC 2003 Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11: deleting c onnection "Toby-Mitchell" instance with peer 4.3.2.1 {isakmp=#0/ipsec=#0} Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11: sent MR3, ISAKMP SA established Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #12: responding to Quick Mode Mar 23 23:52:43 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1 DST=1 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12316 PROTO=UDP SPT=1701 DPT =1701 LEN=106 Mar 23 23:52:44 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #12: IPsec SA e stablished {ESP=>0xf15e6bb4 <0xc539f998} Mar 23 23:52:44 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1 DST=1 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12317 PROTO=UDP SPT=1701 DPT =1701 LEN=106 Mar 23 23:52:46 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1 DST=1 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12318 PROTO=UDP SPT=1701 DPT =1701 LEN=106 Mar 23 23:52:50 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1 DST=1 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12337 PROTO=UDP SPT=1701 DPT =1701 LEN=106 Mar 23 23:52:58 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1 DST=1 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12383 PROTO=UDP SPT=1701 DPT =1701 LEN=106 Mar 23 23:53:02 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11: received D elete SA(0xf15e6bb4) payload: deleting IPSEC State #12 Mar 23 23:53:02 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11: received D elete SA payload: deleting ISAKMP State #11 Mar 23 23:53:02 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1: deleting conne ction "Toby-Mitchell" instance with peer 4.3.2.1 {isakmp=#0/ipsec=#0} Does anyone have any ideas as to why the l2tp daemon might not be responding to the incoming connection? Thanks Toby