Hi there, A short update. Most of the below remains true.
I now have permission to test from a Laptop running Ubuntu which is tethered to my phone. Some additional information from $ sudo ike-scan -v -M -m -1 -y 1 -A 50.45.0.51 DEBUG : pkt len=356 bytes, bandwidth=56000 bps, int=54857 us Startng ike-scan 1.9.4 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan) --- Pass 1 of 3 completed --- Pass 2 of 3 completed --- Pass 3 of 3 completed Ending ike-scan 1.9.4: 1 hosts scanned in 2.451 seconds (0.41 hosts/sec). 0 returned handshake; 0 returned notify The VPN provider is a Fortigate. -- Stephen Feyrer DevOps Engineer Greensill Capital stephen.fey...@greensill.com<mailto:stephen.fey...@greensill.com> http://www.greensill.com From: Stephen Feyrer Sent: 08 August 2019 17:17 To: users@lists.strongswan.org Subject: peer not responding Hi there, My situation is an odd one. I have on my desktop a Linux Virtual Machine (Debian) running in virtual box which I need to setup a IPSec/l2tp VPN client thus to be able to provide guidance to external users to set up their connections. In virtualbox I have set rules to forward the ports 50, 51, 500 and 4500 to the VM. I have an officeVPN.conf file which looks like: conn officeVPN aggressive=yes type=tunnel authby=psk keyexchange=ikev1 left=%defaultroute leftprotoport=udp/l2tp right= 50.45.0.51 rightprotoport=udp/l2tp auto=add An officeVPN.secrets that looks like: : PSK "StrongKey-Honest!" An /etc/strongswan.conf that has the following line: i_dont_care_about_security_and_use_aggressive_mode_psk=yes Then the ipsec up officeVPN command is run: # ipsec up officeVPN Initiating Aggressive Mode IKE_SA officeVPN[1] to 50.54.0.51 Generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ] sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 1 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 2 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 3 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 4 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 5 of request message ID 0, seq 1 giving up after 5 retransmits peer not responding, trying again (2/3) Initiating Aggressive Mode IKE_SA officeVPN[1] to 50.54.0.51 Generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ] sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 1 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 2 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 3 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 4 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 5 of request message ID 0, seq 1 giving up after 5 retransmits peer not responding, trying again (3/3) Initiating Aggressive Mode IKE_SA officeVPN[1] to 50.54.0.51 Generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ] sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 1 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 2 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 3 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.5.0.51[500] (320 bytes) sending retransmit 4 of request message ID 0, seq 1 sending packet: from a.b.c.d [500] to 50.45.0.51[500] (320 bytes) sending retransmit 5 of request message ID 0, seq 1 giving up after 5 retransmits establishing IKE_SA failed, peer not responding establishing connection 'officeVPN' failed. >From the logs I get lines like: Starting strongSwan 5.7.2 IPsec [starter]... Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.0-5-amd64, x86-64) loading ca certificates from '/etc/ipsec.d/cacerts' loading aa certificates from '/etc/ipsec.d/aacerts' loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' loading attribute certificates from '/etc/ipsec.d/acerts' loading crls from '/etc/ipsec.d/crls' loading secrets from '/etc/ipsec.d/officeVPN.sercrets' loading IKE secret for officeVPN 50.45.0.51 loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation... dropped capabilities, running as uid 0, gid 0 spawning 16 worker threads charon (1499) started after 20 ms received stroke: add connection 'officeVPN' added configuration 'officeVPN' received stroke: initiate 'officeVPN' Where a.b.c.d is the local IP of the host and 50.54.0.51 is the VPN server. Nothing that I have tried has had a positive effect. Thank you for your patience. I may be going about this wholly the wrong way, so any suggestions would be gratefully received. Thank you. -- Stephen Feyrer DevOps Engineer Greensill Capital stephen.fey...@greensill.com<mailto:stephen.fey...@greensill.com> http://www.greensill.com This message is for the designated recipient only and may contain privileged, proprietary or otherwise confidential information. If you have received this in error, please contact the sender immediately and delete the original. Any other use of this e-mail by you is prohibited. If we collect and use your personal data we will use it in accordance with our privacy policy<http://www.greensill.com/privacy/>. Greensill Capital (UK) Limited. Registered in England and Wales. Registered Number: 8126173. Registered Office: One Southampton Street, Covent Garden, London, WC2R 0LR, United Kingdom. Greensill Capital Pty Limited. Australian Company Number: 154 088 132. Registered Office: 62 -66 Woondooma Street, Bundaberg, Queensland 4670, Australia.