L2TP over IPSec VPN (OpenSwan, CentOS 6) unable to connect via iPhone (iOS 5.1) and Android (JellyBean)IPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”How do I troubleshoot an IPsec tunnel (from a cellular router to a public server)?OpenSwan IPSec phase #2 complicationsConnecting to IPSec/L2tp with OpenSwan/xl2tpd from Windows7 to Amazon EC2Cannot connect to my L2TP IPSec VPNUse Openswan / IPSec on Ubuntu server to connect to existing Openswan VPN - NAT brokenpfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsHow to setup L2TP IPsec VPN server on Windows Server 2008 R2?Configuring L2TP/IPSec on Cisco Router 2911L2TP over IPsec VPN between ZyWALL USG 100 and iPhone NO_PROPOSAL_CHOSEN
Can I use a 11-23 11-speed shimano cassette with the RD-R8000 11-speed Ultegra Shadow Rear Derailleur (short cage)?
What's an appropriate age to involve kids in life changing decisions?
Is there a need for better software for writers?
Does a surprised creature obey the 1st level spell Command?
How can I test a shell script in a "safe environment" to avoid harm to my computer?
Not taking the bishop by the knight, why?
How do I minimise waste on a flight?
Locked my sa user out
Is it a good idea to copy a trader when investing?
Can you turn a recording upside-down?
What is the Ancient One's mistake?
Is there any evidence to support the claim that the United States was "suckered into WW1" by Zionists, made by Benjamin Freedman in his 1961 speech
How come mathematicians published in Annals of Eugenics?
Using wilcox.test() and t.test() in R yielding different p-values
Row vectors and column vectors (Mathematica vs Matlab)
Is it safe to keep the GPU on 100% utilization for a very long time?
Does Thread.yield() do anything if we have enough processors to service all threads?
Is there an application which does HTTP PUT?
What is the minimum required technology to reanimate someone who has been cryogenically frozen?
My perfect evil overlord plan... or is it?
Why does the electron wavefunction not collapse within atoms at room temperature in gas, liquids or solids due to decoherence?
How long can fsck take on a 30 TB volume?
Two (probably) equal real numbers which are not proved to be equal?
Compactness in normed vector spaces.
L2TP over IPSec VPN (OpenSwan, CentOS 6) unable to connect via iPhone (iOS 5.1) and Android (JellyBean)
IPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”How do I troubleshoot an IPsec tunnel (from a cellular router to a public server)?OpenSwan IPSec phase #2 complicationsConnecting to IPSec/L2tp with OpenSwan/xl2tpd from Windows7 to Amazon EC2Cannot connect to my L2TP IPSec VPNUse Openswan / IPSec on Ubuntu server to connect to existing Openswan VPN - NAT brokenpfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsHow to setup L2TP IPsec VPN server on Windows Server 2008 R2?Configuring L2TP/IPSec on Cisco Router 2911L2TP over IPsec VPN between ZyWALL USG 100 and iPhone NO_PROPOSAL_CHOSEN
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
2
I have successfully installed L2TP over IPsec VPN (PSK) using OpenSwan 2.6.38 running on CentOS.
Connect DOES WORK perfectly from Windows 8.
But doesn't work AT ALL from iPhone 4 (ios 5.1) or Android 4.1 - fails with errors "VPN server doesn't respond / Timed out".
ipsec.conf:
config setup
protostack=klips
nat_traversal=yes
virtual_private=%v4:0.0.0.0/0,%v4:!1.0.0.0/24
oe=off
interfaces=%defaultroute
uniqueids=yes
conn %default
keyingtries=1
compress=no
disablearrivalcheck=no
authby=secret
conn L2TP-WIN_N
leftprotoport=17/1701
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP
leftprotoport=17/0
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP-MAC
leftprotoport=17/1701
rightprotoport=17/%any
also=L2TP-PSK
conn L2TP-PSK
auto=add
pfs=no
rekey=no
ikev2=never
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=EXTERNAL_SERV_IP
right=%any
rightsubnet=vhost:%priv
conn passthrough-for-non-l2tp
type=passthrough
left=EXTERNAL_SERV_IP
leftnexthop=%defaultroute
right=%any
auto=route
log:
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [RFC 3947] method set to=115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [Dead Peer Detection]
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: responding to Main Mode from unknown peer 31.42.69.*
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.202'
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: switched from "L2TP-WIN_N" to "L2TP-WIN_N"
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: deleting connection "L2TP-WIN_N" instance with peer 31.42.69.* isakmp=#0/ipsec=#0
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: new NAT mapping for #5, was 31.42.69.*:500, now 31.42.69.*:4500
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: the peer proposed: 178.63.149.*/32:17/1701 -> 192.168.0.202/32:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: responding to Quick Mode proposal msgid:3ed534a0
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: us: 178.63.149.*<178.63.149.*>:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: them: 31.42.69.*[192.168.0.202]:17/57118===192.168.0.202/32
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R2: IPsec SA established transport mode ESP=>0x03d13d42 <0xae30f2d7 xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.202 NATD=31.42.69.*:4500 DPD=enabled
Dec 31 11:37:15 uapeer pluto[20894]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 31.42.69.* port 4500, complainant 31.42.69.*: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
I don't provide iptables rules because Win 8 client work's fine.
I couldn't find ANY solution for Android and iPhone.
vpn ipsec iphone android l2tp
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
add a comment |
2
I have successfully installed L2TP over IPsec VPN (PSK) using OpenSwan 2.6.38 running on CentOS.
Connect DOES WORK perfectly from Windows 8.
But doesn't work AT ALL from iPhone 4 (ios 5.1) or Android 4.1 - fails with errors "VPN server doesn't respond / Timed out".
ipsec.conf:
config setup
protostack=klips
nat_traversal=yes
virtual_private=%v4:0.0.0.0/0,%v4:!1.0.0.0/24
oe=off
interfaces=%defaultroute
uniqueids=yes
conn %default
keyingtries=1
compress=no
disablearrivalcheck=no
authby=secret
conn L2TP-WIN_N
leftprotoport=17/1701
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP
leftprotoport=17/0
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP-MAC
leftprotoport=17/1701
rightprotoport=17/%any
also=L2TP-PSK
conn L2TP-PSK
auto=add
pfs=no
rekey=no
ikev2=never
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=EXTERNAL_SERV_IP
right=%any
rightsubnet=vhost:%priv
conn passthrough-for-non-l2tp
type=passthrough
left=EXTERNAL_SERV_IP
leftnexthop=%defaultroute
right=%any
auto=route
log:
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [RFC 3947] method set to=115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [Dead Peer Detection]
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: responding to Main Mode from unknown peer 31.42.69.*
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.202'
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: switched from "L2TP-WIN_N" to "L2TP-WIN_N"
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: deleting connection "L2TP-WIN_N" instance with peer 31.42.69.* isakmp=#0/ipsec=#0
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: new NAT mapping for #5, was 31.42.69.*:500, now 31.42.69.*:4500
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: the peer proposed: 178.63.149.*/32:17/1701 -> 192.168.0.202/32:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: responding to Quick Mode proposal msgid:3ed534a0
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: us: 178.63.149.*<178.63.149.*>:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: them: 31.42.69.*[192.168.0.202]:17/57118===192.168.0.202/32
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R2: IPsec SA established transport mode ESP=>0x03d13d42 <0xae30f2d7 xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.202 NATD=31.42.69.*:4500 DPD=enabled
Dec 31 11:37:15 uapeer pluto[20894]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 31.42.69.* port 4500, complainant 31.42.69.*: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
I don't provide iptables rules because Win 8 client work's fine.
I couldn't find ANY solution for Android and iPhone.
vpn ipsec iphone android l2tp
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
add a comment |
2
2
2
1
I have successfully installed L2TP over IPsec VPN (PSK) using OpenSwan 2.6.38 running on CentOS.
Connect DOES WORK perfectly from Windows 8.
But doesn't work AT ALL from iPhone 4 (ios 5.1) or Android 4.1 - fails with errors "VPN server doesn't respond / Timed out".
ipsec.conf:
config setup
protostack=klips
nat_traversal=yes
virtual_private=%v4:0.0.0.0/0,%v4:!1.0.0.0/24
oe=off
interfaces=%defaultroute
uniqueids=yes
conn %default
keyingtries=1
compress=no
disablearrivalcheck=no
authby=secret
conn L2TP-WIN_N
leftprotoport=17/1701
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP
leftprotoport=17/0
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP-MAC
leftprotoport=17/1701
rightprotoport=17/%any
also=L2TP-PSK
conn L2TP-PSK
auto=add
pfs=no
rekey=no
ikev2=never
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=EXTERNAL_SERV_IP
right=%any
rightsubnet=vhost:%priv
conn passthrough-for-non-l2tp
type=passthrough
left=EXTERNAL_SERV_IP
leftnexthop=%defaultroute
right=%any
auto=route
log:
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [RFC 3947] method set to=115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [Dead Peer Detection]
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: responding to Main Mode from unknown peer 31.42.69.*
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.202'
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: switched from "L2TP-WIN_N" to "L2TP-WIN_N"
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: deleting connection "L2TP-WIN_N" instance with peer 31.42.69.* isakmp=#0/ipsec=#0
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: new NAT mapping for #5, was 31.42.69.*:500, now 31.42.69.*:4500
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: the peer proposed: 178.63.149.*/32:17/1701 -> 192.168.0.202/32:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: responding to Quick Mode proposal msgid:3ed534a0
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: us: 178.63.149.*<178.63.149.*>:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: them: 31.42.69.*[192.168.0.202]:17/57118===192.168.0.202/32
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R2: IPsec SA established transport mode ESP=>0x03d13d42 <0xae30f2d7 xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.202 NATD=31.42.69.*:4500 DPD=enabled
Dec 31 11:37:15 uapeer pluto[20894]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 31.42.69.* port 4500, complainant 31.42.69.*: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
I don't provide iptables rules because Win 8 client work's fine.
I couldn't find ANY solution for Android and iPhone.
vpn ipsec iphone android l2tp
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
I have successfully installed L2TP over IPsec VPN (PSK) using OpenSwan 2.6.38 running on CentOS.
Connect DOES WORK perfectly from Windows 8.
But doesn't work AT ALL from iPhone 4 (ios 5.1) or Android 4.1 - fails with errors "VPN server doesn't respond / Timed out".
ipsec.conf:
config setup
protostack=klips
nat_traversal=yes
virtual_private=%v4:0.0.0.0/0,%v4:!1.0.0.0/24
oe=off
interfaces=%defaultroute
uniqueids=yes
conn %default
keyingtries=1
compress=no
disablearrivalcheck=no
authby=secret
conn L2TP-WIN_N
leftprotoport=17/1701
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP
leftprotoport=17/0
rightprotoport=17/1701
also=L2TP-PSK
conn L2TP-MAC
leftprotoport=17/1701
rightprotoport=17/%any
also=L2TP-PSK
conn L2TP-PSK
auto=add
pfs=no
rekey=no
ikev2=never
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=EXTERNAL_SERV_IP
right=%any
rightsubnet=vhost:%priv
conn passthrough-for-non-l2tp
type=passthrough
left=EXTERNAL_SERV_IP
leftnexthop=%defaultroute
right=%any
auto=route
log:
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [RFC 3947] method set to=115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Dec 31 11:36:53 uapeer pluto[20894]: packet from 31.42.69.*:500: received Vendor ID payload [Dead Peer Detection]
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: responding to Main Mode from unknown peer 31.42.69.*
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.202'
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[4] 31.42.69.* #5: switched from "L2TP-WIN_N" to "L2TP-WIN_N"
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: deleting connection "L2TP-WIN_N" instance with peer 31.42.69.* isakmp=#0/ipsec=#0
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: new NAT mapping for #5, was 31.42.69.*:500, now 31.42.69.*:4500
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024
Dec 31 11:36:53 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: the peer proposed: 178.63.149.*/32:17/1701 -> 192.168.0.202/32:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-WIN_N"[5] 31.42.69.* #5: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: responding to Quick Mode proposal msgid:3ed534a0
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: us: 178.63.149.*<178.63.149.*>:17/1701
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: them: 31.42.69.*[192.168.0.202]:17/57118===192.168.0.202/32
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: Dead Peer Detection (RFC 3706): enabled
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 31 11:36:54 uapeer pluto[20894]: "L2TP-MAC"[2] 31.42.69.* #6: STATE_QUICK_R2: IPsec SA established transport mode ESP=>0x03d13d42 <0xae30f2d7 xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.202 NATD=31.42.69.*:4500 DPD=enabled
Dec 31 11:37:15 uapeer pluto[20894]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 31.42.69.* port 4500, complainant 31.42.69.*: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
I don't provide iptables rules because Win 8 client work's fine.
I couldn't find ANY solution for Android and iPhone.
vpn ipsec iphone android l2tp
vpn ipsec iphone android l2tp
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
edited Dec 31 '12 at 19:28
Neolo
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
asked Dec 31 '12 at 17:16
NeoloNeolo
4115
4115
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
0
I had a similar issue. There is a clue in the config file:
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port. If this does
# not work, use 17/%any instead.
rightprotoport=17/0
#rightprotoport=17/%any
I found that rightprotoport setting works for iPhone clients only if set to 17/0. The setting 17/%any did not work for me.
edited Jul 31 '13 at 23:03
slm
5,126124360
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f461996%2fl2tp-over-ipsec-vpn-openswan-centos-6-unable-to-connect-via-iphone-ios-5-1%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
I had a similar issue. There is a clue in the config file:
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port. If this does
# not work, use 17/%any instead.
rightprotoport=17/0
#rightprotoport=17/%any
I found that rightprotoport setting works for iPhone clients only if set to 17/0. The setting 17/%any did not work for me.
edited Jul 31 '13 at 23:03
slm
5,126124360
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
add a comment |
0
I had a similar issue. There is a clue in the config file:
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port. If this does
# not work, use 17/%any instead.
rightprotoport=17/0
#rightprotoport=17/%any
I found that rightprotoport setting works for iPhone clients only if set to 17/0. The setting 17/%any did not work for me.
edited Jul 31 '13 at 23:03
slm
5,126124360
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
add a comment |
0
0
0
I had a similar issue. There is a clue in the config file:
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port. If this does
# not work, use 17/%any instead.
rightprotoport=17/0
#rightprotoport=17/%any
I found that rightprotoport setting works for iPhone clients only if set to 17/0. The setting 17/%any did not work for me.
edited Jul 31 '13 at 23:03
slm
5,126124360
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
I had a similar issue. There is a clue in the config file:
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port. If this does
# not work, use 17/%any instead.
rightprotoport=17/0
#rightprotoport=17/%any
I found that rightprotoport setting works for iPhone clients only if set to 17/0. The setting 17/%any did not work for me.
edited Jul 31 '13 at 23:03
slm
5,126124360
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
edited Jul 31 '13 at 23:03
slm
5,126124360
edited Jul 31 '13 at 23:03
slm
5,126124360
edited Jul 31 '13 at 23:03
slm
5,126124360
5,126124360
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
answered Jul 31 '13 at 22:44
David LomaxDavid Lomax
34328
34328
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f461996%2fl2tp-over-ipsec-vpn-openswan-centos-6-unable-to-connect-via-iphone-ios-5-1%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
