Hello everybody!
I would like continue with discussion in this https://forum.archive.openwrt.org/viewtopic.php?id=30982&p=1 thread.
I am trying to create VPN server based on L2TP over IPsec (later for Android phone). I followed tutorial to set-up the connection from mentioned thread. But I have still no success with connection (tested with native Linux, Windows and Android).
racoon: INFO: @(#)ipsec-tools 0.8.2 (http://ipsec-tools.sourceforge.net)
racoon: INFO: @(#)This product linked OpenSSL 1.0.2n 7 Dec 2017 (http://www.openssl.org/)
racoon: INFO: Reading configuration from "/opt/etc/racoon.conf"
racoon: INFO: Reading configuration from "/opt/etc/racoon.conf"
racoon: INFO: 10.0.0.1[500] used for NAT-T
racoon: INFO: 10.0.0.1[500] used as isakmp port (fd=8)
racoon: INFO: 10.0.0.1[4500] used for NAT-T
racoon: INFO: 10.0.0.1[4500] used as isakmp port (fd=9)
racoon: INFO: 92.52.x.x[500] used for NAT-T
<--- domain IP
racoon: INFO: 92.52.x.x[500] used as isakmp port (fd=10)
racoon: INFO: 92.52.x.x[4500] used for NAT-T
racoon: INFO: 92.52.x.x[4500] used as isakmp port (fd=11)
racoon: INFO: 127.0.0.0[500] used for NAT-T
racoon: INFO: 127.0.0.0[500] used as isakmp port (fd=12)
racoon: INFO: 127.0.0.0[4500] used for NAT-T
racoon: INFO: 127.0.0.0[4500] used as isakmp port (fd=13)
racoon: INFO: 127.0.0.1[500] used for NAT-T
racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=14)
racoon: INFO: 127.0.0.1[4500] used for NAT-T
racoon: INFO: 127.0.0.1[4500] used as isakmp port (fd=15)
xl2tpd[4464]: xl2tpd version xl2tpd-1.3.10 started on RT-N65U PID:4464
<--- seems to be, that everything was started without problems
racoon: INFO: respond new phase 1 negotiation: 92.52.x.x[500]<=>151.236.x.x[16132]
racoon: INFO: begin Identity Protection mode.
racoon: INFO: received Vendor ID: RFC 3947
racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
racoon: INFO: received broken Microsoft ID: FRAGMENTATION
racoon: INFO: received Vendor ID: DPD
racoon: [151.236.x.x] INFO: Selected NAT-T version: RFC 3947
racoon: [92.52.x.x] INFO: Hashing 92.52.x.x[500] with algo #2
racoon: INFO: NAT-D payload #0 verified
racoon: [151.236.x.x] INFO: Hashing 151.236.x.x[16132] with algo #2
racoon: INFO: NAT-D payload #1 doesn't match
racoon: INFO: NAT detected: PEER
racoon: [151.236.x.x] INFO: Hashing 151.236.x.x[16132] with algo #2
racoon: [92.52.x.x] INFO: Hashing 92.52.x.x[500] with algo #2
racoon: INFO: Adding remote and local NAT-D payloads.
racoon: [151.236.x.x] ERROR: couldn't find the pskey for 151.236.x.x.
racoon: [151.236.x.x] NOTIFY: Using default PSK.
racoon: INFO: NAT-T: ports changed to: 151.236.x.x[16133]<->92.52.x.x[4500]
racoon: INFO: KA list add: 92.52.x.x[4500]->151.236.x.x[16133]
racoon: INFO: ISAKMP-SA established 92.52.x.x[4500]-151.236.x.x[16133] spi:ba1e7bxxxxxxxxxx:340212xxxxxxxxxx
racoon: [151.236.x.x] INFO: received INITIAL-CONTACT
racoon: INFO: respond new phase 2 negotiation: 92.52.x.x[4500]<=>151.236.x.x[16133]
racoon: INFO: no policy found, try to generate the policy : 100.125.69.230/32[0] 92.52.x.x/32[1701] proto=udp dir=in
racoon: INFO: Adjusting my encmode UDP-Transport->Transport
racoon: INFO: Adjusting peer's encmode UDP-Transport(4)->Transport(2)
racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha512
racoon: WARNING: authtype mismatched: my:hmac-sha256 peer:hmac-sha512
<---- multiple proposals, hmac-sha512 matched
racoon: INFO: IPsec-SA established: ESP/Transport 92.52.x.x[4500]->151.236.x.x[16133] spi=46632247(0x2c78d37)
racoon: INFO: IPsec-SA established: ESP/Transport 92.52.x.x[4500]->151.236.x.x[16133] spi=55463204(0x34e4d24)
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: sending SCCRP
<--- looks fine SCCRP was sent
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: Peer requested tunnel 28729 twice, ignoring second one.
xl2tpd[4464]: build_fdset: closing down tunnel 14508
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: Peer requested tunnel 28729 twice, ignoring second one.
xl2tpd[4464]: build_fdset: closing down tunnel 61236
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: Peer requested tunnel 28729 twice, ignoring second one.
xl2tpd[4464]: build_fdset: closing down tunnel 36039
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: Peer requested tunnel 28729 twice, ignoring second one.
xl2tpd[4464]: build_fdset: closing down tunnel 3762
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: Peer requested tunnel 28729 twice, ignoring second one.
xl2tpd[4464]: build_fdset: closing down tunnel 31561
xl2tpd[4464]: network_thread: recv packet from 151.236.x.x, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[4464]: get_call: allocating new tunnel for host 151.236.x.x, port 40531.
xl2tpd[4464]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 28729, call is 0.
xl2tpd[4464]: control_finish: Peer requested tunnel 28729 twice, ignoring second one.
xl2tpd[4464]: build_fdset: closing down tunnel 30238
As you can see, it only loops in tunnel creation, without any additional movements forward.
As I understood it correctly, pppd daemon has to be started from xl2tpd, but wasn't ... .
/opt/etc/xl2tpd/xl2tpd.conf:
[lns default]
...
pppoptfile = /opt/etc/ppp/options.xl2tpd
Doesn't matter, what I have written after pppoptfile = xxx, it wasn't processed.
Do you have some info, what could be wrong?
Many thanks for any help
Andy