L2TP Remote Access cannot connect with windows 10 to XG

Question

Hello, would anyone help me with windows 10 connecting to XG85 17.0.6

To create connection in Windows, I used following powershell command:

Add-VpnConnection -Name bar -ServerAddress fw85.myfirewall.co -TunnelType L2TP -EncryptionLevel Required -AuthenticationMethod MSChapv2 -L2tpPsk pskey -RememberCredential -PassThru

I also tried to create it by clicking through Settings app / modify via ncpa.cpl but it didnt help (require mschapv2, chap) and testing from two computers using my local isp and also via cell network.

XG85 is behind dsl modem, I forwarded udp ports 500,4500,1701

on the XG85 firewall, I am using defaultL2TP policy pictured below:

I am also attaching log from charon daemon

Fullscreen 3731.sophos-charon.txt Download

2018-03-17 17:33:53 10[NET] <11> received packet: from 37.48.19.19[45169] to 10.0.0.32[500] (408 bytes)
2018-03-17 17:33:53 10[ENC] <11> parsed ID_PROT request 0 [ SA V V V V V V V V ]
2018-03-17 17:33:53 10[ENC] <11> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
2018-03-17 17:33:53 10[IKE] <11> received MS NT5 ISAKMPOAKLEY vendor ID
2018-03-17 17:33:53 10[IKE] <11> received NAT-T (RFC 3947) vendor ID
2018-03-17 17:33:53 10[IKE] <11> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2018-03-17 17:33:53 10[IKE] <11> received FRAGMENTATION vendor ID
2018-03-17 17:33:53 10[ENC] <11> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
2018-03-17 17:33:53 10[ENC] <11> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
2018-03-17 17:33:53 10[ENC] <11> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
2018-03-17 17:33:53 10[IKE] <11> 37.48.19.19 is initiating a Main Mode IKE_SA
2018-03-17 17:33:53 10[ENC] <11> generating ID_PROT response 0 [ SA V V V V V ]
2018-03-17 17:33:53 10[NET] <11> sending packet: from 10.0.0.32[500] to 37.48.19.19[45169] (176 bytes)
2018-03-17 17:33:53 15[NET] <11> received packet: from 37.48.19.19[45169] to 10.0.0.32[500] (388 bytes)
2018-03-17 17:33:53 15[ENC] <11> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2018-03-17 17:33:53 15[IKE] <11> local host is behind NAT, sending keep alives
2018-03-17 17:33:53 15[IKE] <11> remote host is behind NAT
2018-03-17 17:33:53 15[ENC] <11> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2018-03-17 17:33:53 15[NET] <11> sending packet: from 10.0.0.32[500] to 37.48.19.19[45169] (372 bytes)
2018-03-17 17:33:53 03[NET] <11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (68 bytes)
2018-03-17 17:33:53 03[ENC] <11> parsed ID_PROT request 0 [ ID HASH ]
2018-03-17 17:33:53 03[CFG] <11> looking for pre-shared key peer configs matching 10.0.0.32...37.48.19.19[172.20.10.2]
2018-03-17 17:33:53 03[CFG] <11> selected peer config "l2tp_ordinace-1"
2018-03-17 17:33:53 03[IKE] <l2tp_ordinace-1|11> IKE_SA l2tp_ordinace-1[11] established between 10.0.0.32[10.0.0.32]...37.48.19.19[172.20.10.2]
2018-03-17 17:33:53 03[IKE] <l2tp_ordinace-1|11> DPD not supported by peer, disabled
2018-03-17 17:33:53 03[ENC] <l2tp_ordinace-1|11> generating ID_PROT response 0 [ ID HASH ]
2018-03-17 17:33:53 03[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (68 bytes)
2018-03-17 17:33:53 14[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:33:53 14[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:33:53 14[IKE] <l2tp_ordinace-1|11> expected IPComp proposal but peer did not send one, IPComp disabled
2018-03-17 17:33:53 14[IKE] <l2tp_ordinace-1|11> received 3600s lifetime, configured 0s
2018-03-17 17:33:53 14[IKE] <l2tp_ordinace-1|11> received 250000000 lifebytes, configured 0
2018-03-17 17:33:53 14[ENC] <l2tp_ordinace-1|11> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:33:53 14[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (204 bytes)
2018-03-17 17:33:53 28[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (60 bytes)
2018-03-17 17:33:53 28[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 1 [ HASH ]
2018-03-17 17:33:53 28[IKE] <l2tp_ordinace-1|11> CHILD_SA l2tp_ordinace-1{55} established with SPIs ccac01e6_i 9893d154_o and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) ---- exec updown ++ up ++
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][NET] (get_src_ip) source address for 10.0.0.32 is IP: 10.0.0.32
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11>
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route add 37.48.19.19/32 dev ipsec0 src 10.0.0.32 table 220': success 0
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (add_routes) no routes to add for l2tp_ordinace on interface ipsec0
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:33:53 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:33:54 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"10.0.0.32","peer":"37.48.19.19","mynet":"10.0.0.32/32","peernet":"37.48.19.19/32","connop":"1","iface":"Port2","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': success 0
2018-03-17 17:33:54 28[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"+","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:33:54 31[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:33:54 31[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:33:54 31[IKE] <l2tp_ordinace-1|11> expected IPComp proposal but peer did not send one, IPComp disabled
2018-03-17 17:33:54 31[IKE] <l2tp_ordinace-1|11> received 3600s lifetime, configured 0s
2018-03-17 17:33:54 31[IKE] <l2tp_ordinace-1|11> received 250000000 lifebytes, configured 0
2018-03-17 17:33:54 31[IKE] <l2tp_ordinace-1|11> detected rekeying of CHILD_SA l2tp_ordinace-1{55}
2018-03-17 17:33:54 31[ENC] <l2tp_ordinace-1|11> generating QUICK_MODE response 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:33:54 31[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (204 bytes)
2018-03-17 17:33:54 21[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (76 bytes)
2018-03-17 17:33:54 21[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 2178733598 [ HASH D ]
2018-03-17 17:33:54 21[IKE] <l2tp_ordinace-1|11> received DELETE for ESP CHILD_SA with SPI 9893d154
2018-03-17 17:33:54 21[IKE] <l2tp_ordinace-1|11> closing CHILD_SA l2tp_ordinace-1{55} with SPIs ccac01e6_i (0 bytes) 9893d154_o (0 bytes) and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) ---- exec updown -- down --
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][NET] (get_src_ip) source address for 10.0.0.32 is IP: 10.0.0.32
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11>
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route del 37.48.19.19/32 dev ipsec0 src 10.0.0.32 table 220': success 0
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (add_routes) no routes to del for l2tp_ordinace on interface ipsec0
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:33:54 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:33:55 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"10.0.0.32","peer":"37.48.19.19","mynet":"10.0.0.32/32","peernet":"37.48.19.19/32","connop":"0","iface":"unknown","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': success 0
2018-03-17 17:33:55 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"-","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:33:56 21[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode dgd_peer_disconnect -s nosync -t json -b '{"connection":"l2tp_ordinace"}'': success 0
2018-03-17 17:33:56 27[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:33:56 27[ENC] <l2tp_ordinace-1|11> invalid HASH_V1 payload length, decryption failed?
2018-03-17 17:33:56 27[ENC] <l2tp_ordinace-1|11> could not decrypt payloads
2018-03-17 17:33:56 27[IKE] <l2tp_ordinace-1|11> message parsing failed
2018-03-17 17:33:56 27[ENC] <l2tp_ordinace-1|11> generating INFORMATIONAL_V1 request 1159540146 [ HASH N(PLD_MAL) ]
2018-03-17 17:33:56 27[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (68 bytes)
2018-03-17 17:33:56 27[IKE] <l2tp_ordinace-1|11> QUICK_MODE request with message ID 2 processing failed
2018-03-17 17:33:56 27[DMN] <l2tp_ordinace-1|11> [GARNER-LOGGING] (child_alert) ALERT: parsing IKE message from 37.48.19.19[44990] failed
2018-03-17 17:33:56 20[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (60 bytes)
2018-03-17 17:33:56 20[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 2 [ HASH ]
2018-03-17 17:33:56 20[IKE] <l2tp_ordinace-1|11> CHILD_SA l2tp_ordinace-1{56} established with SPIs c259dc86_i 39dd8852_o and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) ---- exec updown ++ up ++
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][NET] (get_src_ip) source address for 10.0.0.32 is IP: 10.0.0.32
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11>
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route add 37.48.19.19/32 dev ipsec0 src 10.0.0.32 table 220': success 0
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (add_routes) no routes to add for l2tp_ordinace on interface ipsec0
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:33:56 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"10.0.0.32","peer":"37.48.19.19","mynet":"10.0.0.32/32","peernet":"37.48.19.19/32","connop":"1","iface":"Port2","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': success 0
2018-03-17 17:33:57 20[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"+","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:33:57 23[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:33:57 23[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 3 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:33:57 23[IKE] <l2tp_ordinace-1|11> expected IPComp proposal but peer did not send one, IPComp disabled
2018-03-17 17:33:57 23[IKE] <l2tp_ordinace-1|11> received 3600s lifetime, configured 0s
2018-03-17 17:33:57 23[IKE] <l2tp_ordinace-1|11> received 250000000 lifebytes, configured 0
2018-03-17 17:33:57 23[IKE] <l2tp_ordinace-1|11> detected rekeying of CHILD_SA l2tp_ordinace-1{56}
2018-03-17 17:33:57 23[ENC] <l2tp_ordinace-1|11> generating QUICK_MODE response 3 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:33:57 23[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (204 bytes)
2018-03-17 17:33:57 27[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (60 bytes)
2018-03-17 17:33:57 27[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 3 [ HASH ]
2018-03-17 17:33:57 27[IKE] <l2tp_ordinace-1|11> CHILD_SA l2tp_ordinace-1{57} established with SPIs c0831a8c_i ea3dfe4e_o and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 1 to 2 ++ up ++ (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:33:57 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"+","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:33:57 17[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (76 bytes)
2018-03-17 17:33:57 17[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 2055379774 [ HASH D ]
2018-03-17 17:33:57 17[IKE] <l2tp_ordinace-1|11> received DELETE for ESP CHILD_SA with SPI 39dd8852
2018-03-17 17:33:57 17[IKE] <l2tp_ordinace-1|11> closing CHILD_SA l2tp_ordinace-1{56} with SPIs c259dc86_i (0 bytes) 39dd8852_o (0 bytes) and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 2 to 1 -- down -- (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:33:57 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:33:58 17[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"-","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:00 29[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:34:00 29[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 4 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:34:00 29[IKE] <l2tp_ordinace-1|11> expected IPComp proposal but peer did not send one, IPComp disabled
2018-03-17 17:34:00 29[IKE] <l2tp_ordinace-1|11> received 3600s lifetime, configured 0s
2018-03-17 17:34:00 29[IKE] <l2tp_ordinace-1|11> received 250000000 lifebytes, configured 0
2018-03-17 17:34:00 29[IKE] <l2tp_ordinace-1|11> detected rekeying of CHILD_SA l2tp_ordinace-1{57}
2018-03-17 17:34:00 29[ENC] <l2tp_ordinace-1|11> generating QUICK_MODE response 4 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:34:00 29[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (204 bytes)
2018-03-17 17:34:00 27[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (60 bytes)
2018-03-17 17:34:00 27[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 4 [ HASH ]
2018-03-17 17:34:00 27[IKE] <l2tp_ordinace-1|11> CHILD_SA l2tp_ordinace-1{58} established with SPIs cdf909b5_i bfdcec70_o and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 1 to 2 ++ up ++ (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:00 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:34:01 27[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"+","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:01 18[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (76 bytes)
2018-03-17 17:34:01 18[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 3539046922 [ HASH D ]
2018-03-17 17:34:01 18[IKE] <l2tp_ordinace-1|11> received DELETE for ESP CHILD_SA with SPI ea3dfe4e
2018-03-17 17:34:01 18[IKE] <l2tp_ordinace-1|11> closing CHILD_SA l2tp_ordinace-1{57} with SPIs c0831a8c_i (0 bytes) ea3dfe4e_o (0 bytes) and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 2 to 1 -- down -- (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:01 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:34:02 18[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"-","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:08 12[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:34:08 12[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 5 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:34:08 12[IKE] <l2tp_ordinace-1|11> expected IPComp proposal but peer did not send one, IPComp disabled
2018-03-17 17:34:08 12[IKE] <l2tp_ordinace-1|11> received 3600s lifetime, configured 0s
2018-03-17 17:34:08 12[IKE] <l2tp_ordinace-1|11> received 250000000 lifebytes, configured 0
2018-03-17 17:34:08 12[IKE] <l2tp_ordinace-1|11> detected rekeying of CHILD_SA l2tp_ordinace-1{58}
2018-03-17 17:34:08 12[ENC] <l2tp_ordinace-1|11> generating QUICK_MODE response 5 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:34:08 12[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (204 bytes)
2018-03-17 17:34:08 22[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (60 bytes)
2018-03-17 17:34:08 22[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 5 [ HASH ]
2018-03-17 17:34:08 22[IKE] <l2tp_ordinace-1|11> CHILD_SA l2tp_ordinace-1{59} established with SPIs cc0fb0b4_i d5157f3c_o and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 1 to 2 ++ up ++ (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:08 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:34:09 22[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"+","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:09 09[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (76 bytes)
2018-03-17 17:34:09 09[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 1106309311 [ HASH D ]
2018-03-17 17:34:09 09[IKE] <l2tp_ordinace-1|11> received DELETE for ESP CHILD_SA with SPI bfdcec70
2018-03-17 17:34:09 09[IKE] <l2tp_ordinace-1|11> closing CHILD_SA l2tp_ordinace-1{58} with SPIs cdf909b5_i (0 bytes) bfdcec70_o (0 bytes) and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 2 to 1 -- down -- (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:34:09 09[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"-","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:18 16[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (436 bytes)
2018-03-17 17:34:18 16[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 6 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:34:18 16[IKE] <l2tp_ordinace-1|11> expected IPComp proposal but peer did not send one, IPComp disabled
2018-03-17 17:34:18 16[IKE] <l2tp_ordinace-1|11> received 3600s lifetime, configured 0s
2018-03-17 17:34:18 16[IKE] <l2tp_ordinace-1|11> received 250000000 lifebytes, configured 0
2018-03-17 17:34:18 16[IKE] <l2tp_ordinace-1|11> detected rekeying of CHILD_SA l2tp_ordinace-1{59}
2018-03-17 17:34:18 16[ENC] <l2tp_ordinace-1|11> generating QUICK_MODE response 6 [ HASH SA No ID ID NAT-OA NAT-OA ]
2018-03-17 17:34:18 16[NET] <l2tp_ordinace-1|11> sending packet: from 10.0.0.32[4500] to 37.48.19.19[44990] (204 bytes)
2018-03-17 17:34:18 19[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (60 bytes)
2018-03-17 17:34:18 19[ENC] <l2tp_ordinace-1|11> parsed QUICK_MODE request 6 [ HASH ]
2018-03-17 17:34:18 19[IKE] <l2tp_ordinace-1|11> CHILD_SA l2tp_ordinace-1{60} established with SPIs c60cb2c4_i a4a5b2fc_o and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 1 to 2 ++ up ++ (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:18 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:34:19 19[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"+","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:19 29[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (76 bytes)
2018-03-17 17:34:19 29[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 699212451 [ HASH D ]
2018-03-17 17:34:19 29[IKE] <l2tp_ordinace-1|11> received DELETE for ESP CHILD_SA with SPI d5157f3c
2018-03-17 17:34:19 29[IKE] <l2tp_ordinace-1|11> closing CHILD_SA l2tp_ordinace-1{59} with SPIs cc0fb0b4_i (0 bytes) d5157f3c_o (0 bytes) and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 2 to 1 -- down -- (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) !!SKIP!! IPsec SA for subnet (10.0.0.32/32 to 37.48.19.19/32) already set up
2018-03-17 17:34:19 29[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"-","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:28 23[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (76 bytes)
2018-03-17 17:34:28 23[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 3571413247 [ HASH D ]
2018-03-17 17:34:28 23[IKE] <l2tp_ordinace-1|11> received DELETE for ESP CHILD_SA with SPI a4a5b2fc
2018-03-17 17:34:28 23[IKE] <l2tp_ordinace-1|11> closing CHILD_SA l2tp_ordinace-1{60} with SPIs c60cb2c4_i (0 bytes) a4a5b2fc_o (0 bytes) and TS 10.0.0.32/32[udp/1701] === 37.48.19.19/32[udp/1701]
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [SSO] (sso_invoke_once) SSO is disabled.
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (10.0.0.32/32#37.48.19.19/32)
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) UID: 11 Net: Local 10.0.0.32 Remote 37.48.19.19 Connection: l2tp_ordinace Fullname: l2tp_ordinace-1
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][DB] (db_conn_info) hostname: 'l2tp_ordinace' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) ---- exec updown -- down --
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][NET] (get_src_ip) source address for 10.0.0.32 is IP: 10.0.0.32
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11>
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route del 37.48.19.19/32 dev ipsec0 src 10.0.0.32 table 220': success 0
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN] (add_routes) no routes to del for l2tp_ordinace on interface ipsec0
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:34:28 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2018-03-17 17:34:29 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"10.0.0.32","peer":"37.48.19.19","mynet":"10.0.0.32/32","peernet":"37.48.19.19/32","connop":"0","iface":"unknown","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': success 0
2018-03-17 17:34:29 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode updown_vpnconn_status -t json -s nosync -b '{"connectionname":"l2tp_ordinace","operation":"-","fullname":"l2tp_ordinace-1"}'': success 0
2018-03-17 17:34:30 23[APP] <l2tp_ordinace-1|11> [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode dgd_peer_disconnect -s nosync -t json -b '{"connection":"l2tp_ordinace"}'': success 0
2018-03-17 17:34:30 12[NET] <l2tp_ordinace-1|11> received packet: from 37.48.19.19[44990] to 10.0.0.32[4500] (84 bytes)
2018-03-17 17:34:30 12[ENC] <l2tp_ordinace-1|11> parsed INFORMATIONAL_V1 request 3482989708 [ HASH D ]
2018-03-17 17:34:30 12[IKE] <l2tp_ordinace-1|11> received DELETE for IKE_SA l2tp_ordinace-1[11]
2018-03-17 17:34:30 12[IKE] <l2tp_ordinace-1|11> deleting IKE_SA l2tp_ordinace-1[11] between 10.0.0.32[10.0.0.32]...37.48.19.19[172.20.10.2]

one particular line got my interest:

[COP-UPDOWN] (cop_updown_invoke_once) no user identification is provided! client mode?

also attaching tcpdump from client gateway

Fullscreen 4544.l2tp-tcpdump.txt Download

17:47:30.794176 clientip.55670 > serverip.500: isakmp v1.0 exchange ID_PROT
        cookie: df4c963bec9d3f08->0000000000000000 msgid: 00000000 len: 408
17:47:30.823657 serverip.500 > clientip.55670: isakmp v1.0 exchange ID_PROT
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000000 len: 176 (DF)
17:47:30.839806 clientip.55670 > serverip.500: isakmp v1.0 exchange ID_PROT
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000000 len: 388
17:47:31.162752 serverip.500 > clientip.55670: isakmp v1.0 exchange ID_PROT
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000000 len: 372 (DF)
17:47:31.181387 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange ID_PROT encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000000 len: 68
17:47:31.208833 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange ID_PROT encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000000 len: 68 (DF)
17:47:31.213546 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000001 len: 436
17:47:31.242586 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000001 len: 204 (DF)
17:47:31.246178 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000001 len: 60
17:47:31.251841 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000002 len: 436
17:47:32.198395 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000002 len: 204 (DF)
17:47:32.202048 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000002 len: 60
17:47:32.202263 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: ec9b17b3 len: 76
17:47:34.264377 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000003 len: 436
17:47:34.489473 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000003 len: 204 (DF)
17:47:34.492991 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000003 len: 60
17:47:34.493195 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 6c4fd75b len: 76
17:47:38.271588 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000004 len: 436
17:47:38.299849 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000004 len: 204 (DF)
17:47:38.303398 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000004 len: 60
17:47:38.303517 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 893ad50d len: 76
17:47:46.274222 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000005 len: 436
17:47:46.310265 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000005 len: 204 (DF)
17:47:46.313739 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000005 len: 60
17:47:46.313910 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 3257774d len: 76
17:47:50.205266 clientip.60265 > serverip.4500:NAT-T Keepalive
17:47:56.289963 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000006 len: 436
17:47:56.317972 serverip.4500 > clientip.60265:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000006 len: 204 (DF)
17:47:56.321799 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange QUICK_MODE encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: 00000006 len: 60
17:47:56.321915 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: c7bb7028 len: 76
17:48:06.294129 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: e686d9d3 len: 76
17:48:06.295387 clientip.60265 > serverip.4500:udpencap: isakmp v1.0 exchange INFO encrypted
        cookie: df4c963bec9d3f08->1ee6a9eea09fa884 msgid: a54f39d9 len: 84

I am not sure what to do now, what am I doing wrong. So trying community before I create ticket for it. Connecting to Unifi firewall using L2tp/ipsec works fine.

This thread was automatically locked due to age.

LuCar Toni · Answer

Hi, 
 
 there was a thread about L2TP over IPsec couple of days ago. 
 https://community.sophos.com/products/xg-firewall/f/network-and-routing/101220/l2tp-over-ipsec-remote-access-vpn 
 Maybe this helps? 
 
 Cheers