Hi,
I’m trying configure IPsec RW with enabled L2TP/IPsec server.
I have working L2TP/IPsec server, works very good. I would like add new VPN conenction like RW IPsec + local auth, finally, should be works with RADIUS auth.
ip ipsec peer print
Flags: X - disabled, D - dynamic, R - responder
0 address=0.0.0.0/0 auth-method=pre-shared-key secret="test"
generate-policy=port-override policy-template-group=default
exchange-mode=main-l2tp send-initial-contact=yes nat-traversal=yes
proposal-check=obey hash-algorithm=sha1 enc-algorithm=3des
dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
1 R address=0.0.0.0/0 passive=yes auth-method=pre-shared-key-xauth
secret="test2" generate-policy=port-strict
policy-template-group=RoadWarrior exchange-mode=main mode-config=cfg1
send-initial-contact=yes nat-traversal=yes proposal-check=obey
hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1024 lifetime=1d
dpd-interval=2m dpd-maximum-failures=5
When I’ve enabled second peer with pre-shared-key-xauth, I can’t connect as L2TP/IPsec client but IPsec connection from Android works well (local auth).
If I disabled “pre-shared-key-xauth secret” peer, L2TP/IPsec connection also works well.
jan/14 00:03:47 ipsec,info respond new phase 1 (Identity Protection): 178.233.33.333[500]<=>91.200.11.111[500]
jan/14 00:03:47 ipsec,error no suitable proposal found.
jan/14 00:03:47 ipsec,error 91.200.11.111 failed to get valid proposal.
jan/14 00:03:47 ipsec,error 91.200.11.111 failed to pre-process ph1 packet (side: 1, status 1).
jan/14 00:03:47 ipsec,error 91.200.11.111 phase1 negotiation failed.
Is it possible use IPsec peers for everyone “0.0.0.0/0” with “pre-shared-key secret + main-l2tp” and “pre-shared-key-xauth secret + main” together ?