Dear Friends,
IPSEC+L2TP fails with the following messages on IPSEC router:
isakmpd[76756]: message_recv: cleartext phase 2
isakmpd[76756]: dropped message from
192.168.1.1 port 500 due to notification type INVALID_FLAGS Aug 17
isakmpd[76756]: transport_send_messages: giving up on
exchange peer-default, no response from peer 192.168.1.1:500 Aug 17
isakmpd[76756]: message_recv: cleartext phase 2 message
My setup is as follows:
Road-warrior client L2TP + IPSEC (Linux ou Mac)
+
Internet provider router (192.168.1.1 and a public IP)
Redirected ports UPD 500 + 4500 to 192.168.1.2
+
OpenBSD 6.3 Ipsec router (192.168.1.2)
ipsec.conf configuration on 192.168.1.2 is :
ike passive esp tunnel from 192.168.1.2 to any \
main group "modp2048" \
quick group "modp2048" \
psk "xxxxxxxxxxxxxxxxxxxxxx"
L2TP connections from the local network 192.168.1.0 work very well using
Linux or Mac OS X so my configuration with PPP authentication is OKay.
It is only when I connect from a remote location that it does not work.
Pf rules are working and allow incoming connections as I see no
rejected packets from the logs.
At some point during IPSEC phase 2 negociation, IPSEC queries
192.168.1.1:500 but this does not work as 192.168.1.1 is the private
address from my Internet provider router and port 500 is not
redirected on 192.168.1.1 only on public IP.
Do you know how to fix this and make it work?
Kind regards,
--
Jean-Michel Pouré <j...@poure.com>
