Please, ignore my previous message, as the problem was meanwhile fixed: It was ill-configuration of the L2TP PPP Options (it was my fault).
Thank you so much for your help! Paul On Wed, Nov 13, 2019 at 8:52 PM Paul Smith <[email protected]> wrote: > > Thanks, Paul, for the tremendous help! > > By following your advice and disabling PFS (on NetworkManager), I got > through Phase 2. However, I am now facing another problem. Please, see > the logs below > > Any ideas? > > Thanks in advance, > > Paul > > ------------------------------ > 117 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1: initiate > 003 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: ignoring informational > payload IPSEC_RESPONDER_LIFETIME, msgid=0dbd67ce, length=28 > 004 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I2: sent > QI2, IPsec SA established transport mode {ESP/NAT=>0xd14c041b > <0xf224a233 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none > NATD=193.136.25.122:4500 DPD=passive} > nm-l2tp[19108] <info> Libreswan IPsec tunnel is up. > ** Message: 20:37:59.170: xl2tpd started with pid 19515 > xl2tpd[19515]: Not looking for kernel SAref support. > xl2tpd[19515]: Using l2tp kernel support. > xl2tpd[19515]: xl2tpd version xl2tpd-1.3.14 started on xhost PID:19515 > xl2tpd[19515]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. > xl2tpd[19515]: Forked by Scott Balmos and David Stipp, (C) 2001 > xl2tpd[19515]: Inherited by Jeff McAdams, (C) 2002 > xl2tpd[19515]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 > xl2tpd[19515]: Listening on IP address 0.0.0.0, port 1701 > xl2tpd[19515]: get_call: allocating new tunnel for host > 193.136.25.122, port 1701. > xl2tpd[19515]: Connecting to host 193.136.25.122, port 1701 > xl2tpd[19515]: control_finish: message type is (null)(0). Tunnel is > 0, call is 0. > xl2tpd[19515]: control_finish: sending SCCRQ > xl2tpd[19515]: message_type_avp: message type 2 > (Start-Control-Connection-Reply) > xl2tpd[19515]: protocol_version_avp: peer is using version 1, revision 0. > xl2tpd[19515]: framing_caps_avp: supported peer frames: async sync > xl2tpd[19515]: hostname_avp: peer reports hostname 'warrior' > xl2tpd[19515]: assigned_tunnel_avp: using peer's tunnel 43071 > xl2tpd[19515]: vendor_avp: peer reports vendor 'Check Point' > xl2tpd[19515]: control_finish: message type is > Start-Control-Connection-Reply(2). Tunnel is 43071, call is 0. > xl2tpd[19515]: control_finish: sending SCCCN > xl2tpd[19515]: Connection established to 193.136.25.122, 1701. Local: > 29706, Remote: 43071 (ref=0/0). > xl2tpd[19515]: Calling on tunnel 29706 > xl2tpd[19515]: control_finish: message type is (null)(0). Tunnel is > 43071, call is 0. > xl2tpd[19515]: control_finish: sending ICRQ > xl2tpd[19515]: message_type_avp: message type 11 (Incoming-Call-Reply) > xl2tpd[19515]: assigned_call_avp: using peer's call 35143 > xl2tpd[19515]: control_finish: message type is > Incoming-Call-Reply(11). Tunnel is 43071, call is 35143. > xl2tpd[19515]: control_finish: Sending ICCN > xl2tpd[19515]: Call established with 193.136.25.122, Local: 65505, > Remote: 35143, Serial: 1 (ref=0/0) > nm-l2tp[19108] <info> Terminated xl2tpd daemon with PID 19515. > xl2tpd[19515]: death_handler: Fatal signal 15 received > xl2tpd[19515]: Connection 43071 closed to 193.136.25.122, port 1701 > (Server closing) > 002 "ec9a3d05-1842-403a-84b5-371af56faa30": terminating SAs using this > connection > 002 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: deleting state > (STATE_QUICK_I2) aged 0.353s and sending notification > 005 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: ESP traffic > information: in=382B out=561B > 002 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: deleting state > (STATE_MAIN_I4) aged 0.439s and sending notification > ** Message: 20:37:59.409: ipsec shut down > nm-l2tp[19108] <warn> xl2tpd exited with error code 1 > ** Message: 20:37:59.425: ipsec shut down > ------------------------------ > > > On Wed, Nov 13, 2019 at 8:06 PM Paul Wouters <[email protected]> wrote: > > > > On Wed, 13 Nov 2019, Paul Smith wrote: > > > > > I am trying to establish a L2TP VPN connection using libreswan on > > > Fedora 31 to connect to a MS Windows server, but getting the problem > > > below. > > > > > 004 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: STATE_MAIN_I4: ISAKMP > > > SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 > > > group=MODP1024} > > > > phase 1 established. > > > > > 002 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: initiating Quick Mode > > > PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > > > {using isakmp#1 msgid:b951826e proposal=3DES_CBC-HMAC_SHA1_96 > > > pfsgroup=MODP1024} > > > 117 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1: initiate > > > 010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1: > > > retransmission; will wait 0.5 seconds for response > > > > this times out. Usually it means the other end does not like your phase2 > > proposal but did not bother to tell you. Check the esp/phase2alg and pfs > > settings. Also make sure you have leftprotoport/rightprotoport setup for > > L2TP. Also check if you are using transport mode, not tunnel mode. > > > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
