Hi!
I have an L2TP/IPsec configured on Mikrotik (v6.7) and it works just fine as peer-to-peer and from Android phone. However, trying to connect with l2tp plugin of the NetworkManager on Linux (I am using strongswan) always fails. This is my Mikrotik configuration:
/ip pool add name=l2tp-pool ranges=10.161.1.105-10.161.1.112
/ppp profile add name=L2TP local-address=10.161.1.101 remote-address=l2tp-pool \
dns-server=10.161.0.1 change-tcp-mss=yes address-list=L2TP_Clients
/ppp secret add name=xxxxx password=xxxxx profile=L2TP service=l2tp
/interface l2tp-server server set default-profile=L2TP enabled=yes
/ip ipsec proposal \
set [ find default=yes ] enc-algorithms=3des,aes-128,aes-192,aes-256 lifetime=12h
/ip ipsec peer \
add address=0.0.0.0/0 exchange-mode=main-l2tp generate-policy=port-strict \
secret="xxxxx" hash-algorithm=sha1 send-initial-contact=yes nat-traversal=yes
What I see NetworkManager do with the stoingswan is the following
[root@yarilo nm-ipsec-l2tp.4932]# cat ipsec.conf
version 2.0
config setup
conn nm-ipsec-l2tp-4932
auto=add
type=transport
authby=secret
keyingtries=0
left=%defaultroute
leftprotoport=udp/l2tp
rightprotoport=udp/l2tp
right=109.165.77.121
esp=3des-sha1
keyexchange=ikev1
ike=3des-sha1-modp1024
forceencaps=yes
And what I see in the debug of the NetworkManager looks like this:
[root@yarilo strongswan]# /usr/lib/NetworkManager/nm-l2tp-service --debug
** Message: nm-l2tp-service (version 0.9.8.5) starting...
connection
id : "Safianovo" (s)
uuid : "fe206c28-d5bf-4976-86d9-934b79a903de" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : (sd)
autoconnect : TRUE (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
secondaries : (sd)
gateway-ping-timeout : 0 (sd)
vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : NULL (sd)
persistent : FALSE (sd)
data : gateway=xxxx.no-ip.biz,ipsec-psk=sssssss,user=xxxxxx,ipsec-enabled=yes,password-flags=0 (s)
secrets : password=xxxxxxx (s)
ipv6
method : "auto" (s)
dhcp-hostname : NULL (sd)
dns : (s)
dns-search : (sd)
addresses : (s)
routes : (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
ip6-privacy : -1 (sd)
ipv4
method : "auto" (s)
dns : (s)
dns-search : (sd)
addresses : (s)
routes : (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-client-id : NULL (sd)
dhcp-send-hostname : TRUE (sd)
dhcp-hostname : NULL (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
** Message: Use '109.165.xxx.xxx' as a gateway
** Message: Check port 1701
** Message: ipsec enable flag: yes
** Message: starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.3.5 IPsec [starter]...
Loading config setup
Loading conn 'nm-ipsec-l2tp-4932'
found netkey IPsec stack
initiating Main Mode IKE_SA nm-ipsec-l2tp-4932[1] to 109.165.xxx.xxx
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.43.195[500] to 109.165.xxx.xxx[500] (212 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.43.195[500] to 109.165.xxx.xxx[500] (212 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 192.168.43.195[500] to 109.165.xxx.xxx[500] (212 bytes)
And it goes on and on like this forever. Can anyone help?