Robert,
On Mon, 5 Dec 2016, Robert Szasz wrote:
I'm testing with the following setup
Win10 ->obsd5.9(firewall doing nat)->{}->obsd5.9(IPSEC)
Do you mean?
Win10 ->obsd5.9(firewall doing nat)->{INTERNET}->obsd5.9(IPSEC)
The connection process fails at stage 2 with the error message below
where X is the public IP of the box being connected to, and Y is the ip
of the firewall the win10 machine is behind 10...58 is the private ip of
the win10 machine.
I can try to help but as you probably read a week or so ago, am a bit of a
learner with L2TP myself.
error in the isakmpd log
010420.423317 Default responder_recv_HASH_SA_NONCE: peer proposed invalid
phase 2 IDs: initiator id 10.1.1.58, responder id x.x.x.x
010420.423325 Default dropped message from y.y.y.y port 58544 due to
notification type INVALID_ID_INFORMATION
ipsec.conf
ike passive esp transport \
proto udp from x.x.x.x to any port 1701 \
main auth hmac-sha1 enc "aes" group modp2048\
quick auth hmac-sha1 enc "aes" group modp2048\
psk ""
Why no pre-shared key?
Come versions of Windows 10 L2TP client, i.e. certain the one on my
Windows 10 HOME box, only use 3DES, i.e. replace "aes" by "3des" above.
Also, some only use modp1024 or maybe I am getting confused by those
Apples.
I wouled also need to look at a copy of 'pf.conf' because that can be
where the problem lies. That was where I made a mistake.
What about 'npppdf.conf'. Make sure that the sandbox network that it uses,
or what some documentation called the VPN network, is different from the
IPs of the 2 networks at each end of your link.
Regards - Damian
Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer
