Community discussions

MikroTik App
  4. RouterOS
  5. General

L2TP VPN Client to Debian xl2tpd with racoon

Post Reply
 
HighTower
just joined
Topic Author
Posts: 16
Joined: Wed Feb 18, 2015 4:06 pm

L2TP VPN Client to Debian xl2tpd with racoon

Thu Jul 13, 2017 2:55 pm

Hello,

I unable to set up l2tp client to my debian server...
on debian I have xl2tpd daemon with racoon and polity to use encryption for 1701 port

I can connect to it from windows, mac, ios, android with no problems and works fine, but I can't connect to it from 951G

/interface l2tp-client
add allow=mschap2 connect-to=5.5.5.5 ipsec-secret=<secret> name=l2tp-out password=<pass> use-ipsec=yes \
user=<user>

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,3des pfs-group=none
/ip ipsec peer
add address=5.5.5.5/32 compatibility-options=skip-peer-id-validation dh-group=modp1536,modp1024 dpd-interval=disable-dpd \
generate-policy=port-override lifetime=5m passive=yes secret=<secret> send-initial-contact=no
add address=5.5.5.5/32 compatibility-options=skip-peer-id-validation dh-group=modp1536,modp1024 dpd-interval=disable-dpd \
generate-policy=port-override lifetime=5m passive=yes secret=<secret> send-initial-contact=no
/ip ipsec policy
add action=none dst-address=<secret>/32 dst-port=1701 protocol=udp src-address=192.168.100.118/32


but no connection is established

from server log is

Jul 13 14:50:17 office daemon.info racoon: [5.5.5.5] INFO: Hashing 5.5.5.5[500] with algo #2
Jul 13 14:50:17 office daemon.info racoon: INFO: NAT-D payload #0 verified
Jul 13 14:50:17 office daemon.info racoon: [1.1.1.1] INFO: Hashing 1.1.1.1[500] with algo #2
Jul 13 14:50:17 office daemon.info racoon: INFO: NAT-D payload #1 doesn't match
Jul 13 14:50:17 office daemon.info racoon: INFO: NAT detected: PEER
Jul 13 14:50:17 office daemon.info racoon: [1.1.1.1] INFO: Hashing 1.1.1.1[500] with algo #2
Jul 13 14:50:17 office daemon.info racoon: [5.5.5.5] INFO: Hashing 5.5.5.5[500] with algo #2
Jul 13 14:50:17 office daemon.info racoon: INFO: Adding remote and local NAT-D payloads.
Jul 13 14:50:17 office daemon.info racoon: INFO: NAT-T: ports changed to: 1.1.1.1[4500]<->5.5.5.5[4500]
Jul 13 14:50:17 office daemon.info racoon: INFO: KA list add: 5.5.5.5[4500]->1.1.1.1[4500]
Jul 13 14:50:17 office daemon.info racoon: INFO: ISAKMP-SA established 5.5.5.5[4500]-1.1.1.1[4500] spi:43c025db3f92948e:20e3b04a403a2b1e
Jul 13 14:50:18 office daemon.info racoon: [1.1.1.1] INFO: received INITIAL-CONTACT
Jul 13 14:50:18 office daemon.info racoon: INFO: respond new phase 2 negotiation: 5.5.5.5[4500]<=>1.1.1.1[4500]
Jul 13 14:50:18 office daemon.info racoon: INFO: Adjusting my encmode UDP-Transport->Transport
Jul 13 14:50:18 office daemon.info racoon: INFO: Adjusting peer's encmode UDP-Transport(4)->Transport(2)
Jul 13 14:50:18 office daemon.info racoon: INFO: IPsec-SA established: ESP/Transport 5.5.5.5[4500]->1.1.1.1[4500] spi=80161320(0x4c72a28)
Jul 13 14:50:18 office daemon.info racoon: INFO: IPsec-SA established: ESP/Transport 5.5.5.5[4500]->1.1.1.1[4500] spi=146014473(0x8b40109)
Jul 13 14:50:37 office daemon.info racoon: INFO: purged IPsec-SA proto_id=ESP spi=146014473.
Jul 13 14:50:37 office daemon.info racoon: ERROR: no iph2 found: ESP 5.5.5.5[4500]->1.1.1.1[4500] spi=146014473(0x8b40109)
Jul 13 14:50:37 office daemon.info racoon: ERROR: no iph2 found: ESP 5.5.5.5[4500]->1.1.1.1[4500] spi=146014473(0x8b40109)
Jul 13 14:50:37 office daemon.info racoon: ERROR: no iph2 found: ESP 5.5.5.5[4500]->1.1.1.1[4500] spi=146014473(0x8b40109)
Jul 13 14:50:37 office daemon.info racoon: INFO: purging ISAKMP-SA spi=43c025db3f92948e:20e3b04a403a2b1e.
Jul 13 14:50:37 office daemon.info racoon: INFO: purged IPsec-SA spi=80161320.
Jul 13 14:50:37 office daemon.info racoon: INFO: purged ISAKMP-SA spi=43c025db3f92948e:20e3b04a403a2b1e.
Jul 13 14:50:37 office daemon.info racoon: INFO: ISAKMP-SA deleted 5.5.5.5[4500]-1.1.1.1[4500] spi:43c025db3f92948e:20e3b04a403a2b1e
Jul 13 14:50:37 office daemon.info racoon: INFO: KA remove: 5.5.5.5[4500]->1.1.1.1[4500]
Jul 13 14:50:37 office daemon.info racoon: ERROR: no iph2 found: ESP 1.1.1.1[4500]->5.5.5.5[4500] spi=80161320(0x4c72a28)
Jul 13 14:50:37 office daemon.info racoon: ERROR: no iph2 found: ESP 1.1.1.1[4500]->5.5.5.5[4500] spi=80161320(0x4c72a28)
Jul 13 14:50:37 office daemon.info racoon: ERROR: no iph2 found: ESP 1.1.1.1[4500]->5.5.5.5[4500] spi=80161320(0x4c72a28)
Top
 
HighTower
just joined
Topic Author
Posts: 16
Joined: Wed Feb 18, 2015 4:06 pm

Re: L2TP VPN Client to Debian xl2tpd with racoon

Sun Jul 16, 2017 7:14 pm

nobody can help?
Top
Post Reply
  4. RouterOS
  5. General