Hey everyone, I have a laptop tethered via my phone, Ubuntu 18.4. I am unable to establish a connection and none of my research has thus far revealed anything helpful. Please review the below and advise. Other proprietary clients are able to connect without issue.
I have an ipsec.conf file which looks like: conn officeVPN aggressive=yes type=tunnel authby=secret keyexchange=ikev1 ike=aes128-sha1-modp2048 esp= aes256-sha256-modp2048 mobike=no left=%defaultroute leftsourceip=%config modeconfig=push leftprotoport=udp/l2tp right= 50.45.0.51 rightprotoport=udp/l2tp righted=10.0.0.254 auto=add xauth_identity=user An ipsec.secrets that looks like: 50.45.0.51 %any : PSK "StrongKey-Honest!" user %any : XAUTH "password" An /etc/strongswan.conf that has the following line: i_dont_care_about_security_and_use_aggressive_mode_psk=yes Then the ipsec up officeVPN command is run: $ sudo ipsec up officeVPN initiating Aggressive Mode IKE_SA officeVPN[1] to 50.54.0.51 generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ] sending packet: from 1.0.0.127[500] to 50.54.0.51[500] (548 bytes) received packet: from 50.54.0.51[500] to 1.0.0.127[500] (564 bytes) parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ] received NAT-T (RFC 3947) vendor ID received DPD vendor ID received XAuth vendor ID received unknown vendor ID: 00:00:00:00:00:00:00:00:00:08:00:00:00:00:00:00 received FRAGMENTATION vendor ID received FRAGMENTATION vendor ID local host is behind NAT, sending keep alives remote host is behind NAT IKE_SA officeVPN[1] established between 1.0.0.127[1.0.0.127]... 50.54.0.51[10.0.0.254] scheduling reauthentication in 9761s maximum IKE_SA lifetime 10301s generating AGGRESSIVE request 0 [ HASH NAT-D ] sending packet: from 1.0.0.127[4500] to 50.54.0.51[4500] (108 bytes) received packet: from 50.54.0.51[4500] to 1.0.0.127[4500] (76 bytes) generating TRANSACTION response 890044400 [ HASH CP ] sending packet: from 1.0.0.127[4500] to 50.54.0.51[4500] (76 bytes) sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] received packet: from 50.54.0.51[500] to 1.0.0.127[500] (92 bytes) parsed INFORMATIONAL_V1 request 4321098765 [ HASH N(DPD) ] generating INFORMATIONAL_V1 request 0987654321 [ HASH N(DPD_ACK) ] sending packet: from 1.0.0.127[4500] to 50.54.0.51[4500] (92 bytes) sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] received packet: from 50.54.0.51[500] to 1.0.0.127[500] (92 bytes) parsed INFORMATIONAL_V1 request 7654321098 [ HASH N(DPD) ] generating INFORMATIONAL_V1 request 2109876543 [ HASH N(DPD_ACK) ] sending packet: from 1.0.0.127[4500] to 50.54.0.51[4500] (92 bytes) sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] received packet: from 50.54.0.51[500] to 1.0.0.127[500] (92 bytes) parsed INFORMATIONAL_V1 request 3210987654 [ HASH N(DPD) ] generating INFORMATIONAL_V1 request 6543210987 [ HASH N(DPD_ACK) ] sending packet: from 1.0.0.127[4500] to 50.54.0.51[4500] (92 bytes) sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] sending keep alive to 50.54.0.51[4500] deleting IKE_SA officeVPN[1] between 1.0.0.127[1.0.0.127]... 50.54.0.51[10.0.0.254] sending DELETE for IKE_SA officeVPN[1] parsed INFORMATIONAL_V1 request 5432109876 [ HASH D ] sending packet: from 1.0.0.127[4500] to 50.54.0.51[4500] (92 bytes) establishing connection 'officeVPN' failed Thank you. -- Stephen Feyrer DevOps Engineer Greensill Capital stephen.fey...@greensill.com<mailto:stephen.fey...@greensill.com> http://www.greensill.com This message is for the designated recipient only and may contain privileged, proprietary or otherwise confidential information. If you have received this in error, please contact the sender immediately and delete the original. Any other use of this e-mail by you is prohibited. If we collect and use your personal data we will use it in accordance with our privacy policy<http://www.greensill.com/privacy/>. Greensill Capital (UK) Limited. Registered in England and Wales. Registered Number: 8126173. Registered Office: One Southampton Street, Covent Garden, London, WC2R 0LR, United Kingdom. Greensill Capital Pty Limited. Australian Company Number: 154 088 132. Registered Office: 62 -66 Woondooma Street, Bundaberg, Queensland 4670, Australia.