On Oct 4, 2014, at 5:51 PM, mishve...@rambler.ru wrote: > I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp + > password). > > LAN 192.168.1.1/255.255.255.0 > > WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0 > > ISP GET ME GLOBAL IP SERVER1-Openbsd - 1.2.3.4 > > WIN 2003 SERVER2 IP - 9.8.7.6 > > WIN 2003 SERVER3 IP - 192.168.1.100 > > When server boot > > # cat /etc/hostname.em0 > > inet 192.168.1.1 255.255.255.0 > > # ifconfig em0 > > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > priority: 0 > > media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) > > status: active > > inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 > > # cat /etc/hostname.re0 > > dhcp > > # ifconfig re0 > > re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > priority: 0 > > groups: egress > > media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) > > status: active > > inet 10.200.81.220 netmask 0xfffff000 broadcast 10.200.95.255 > > # route show > > Routing tables > > Internet: > > Destination Gateway Flags Refs Use Mtu Prio Iface > > default 10.200.80.1 UGS 6 1439 - 8 re0 > > 10.200.80/20 link#2 UC 1 0 - 4 re0 > > 10.200.80.1 28:6e:d4:6e:0a:e1 UHLc 1 0 - 4 re0 > > 10.200.81.220 localhost UGS 0 0 33144 8 lo0 > > loopback localhost UGRS 0 0 33144 8 lo0 > > localhost localhost UH 2 35 33144 4 lo0 > > 192.168.1/24 link#1 UC 2 0 - 4 em0 > > 192.168.1.67 00:1a:13:18:b3:7c UHLc 0 0 - 4 em0 > > 192.168.1.255 link#1 UHLc 3 43 - 4 em0 > > BASE-ADDRESS.MCAST localhost URS 0 0 33144 8 lo0 > > # cat /etc/resolv.conf > > # Generated by re0 dhclient > > search smilenet.ru > > nameserver 10.0.1.24 > > nameserver 10.0.1.13 > > From LAN i connect win server 192.168.1.100 to 192.168.1.1. > > From internet i can't connect win server 9.8.7.6 to 1.2.3.4 > > # cat /etc/ipsec.conf > > ike passive esp transport proto udp from 192.168.1.1 to 192.168.1.100 port > 1701 > main auth "hmac-sha1" enc "3des" group modp2048 quick auth "hmac-sha1" enc > "3des" > psk "pass" > > ike passive esp transport proto udp from 10.200.81.220 to 9.8.7.6 port 1701 > main > auth "hmac-sha1" enc "3des" group modp2048 quick auth "hmac-sha1" enc "3des" > psk > "pass" > > ike passive esp transport proto udp from 1.2.3.4 to 9.8.7.6 port 1701 main > auth > "hmac-sha1" enc "3des" group modp2048 quick auth "hmac-sha1" enc "3des" psk > "pass" > > # tail /var/log/daemon > > isakmpd: message_recv: invalid message id > > isakmpd: dropped message from 9.8.7.6 port 500 due to notification type > INVALID_MESSAGE_ID > > Please help me connect server2 9.8.7.6 to 1.2.3.4 >
L2TP over IPsec on OpenBSD 5.5 is very easy for me, you may read my guide. http://siegfried.github.io/unix/openbsd/vpn/ipsec/l2tp/2014/09/29/l2tp-over-ipsec-vpn-on-openbsd-5-5/
