This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting a Raspi to UTM

Hello everyone,
I am having trouble connecting my Raspberry Pi as a remote client to my UTM.
I want the Pi to be configured to "call home" once it gets a web connection.

But I can't get the tunnel up.

UTM-IPSec Log

2013:10:08-15:39:50  pluto[6033]: packet from :500: received Vendor ID payload [RFC 3947]

2013:10:08-15:39:50  pluto[6033]: packet from :500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

2013:10:08-15:39:50  pluto[6033]: packet from :500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2013:10:08-15:39:50  pluto[6033]: packet from :500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2013:10:08-15:39:50  pluto[6033]: packet from :500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

2013:10:08-15:39:50  pluto[6033]: "L_REF_IpsL2t1"[28]  #587: responding to Main Mode from unknown peer 

2013:10:08-15:39:50  pluto[6033]: packet from :500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

2013:10:08-15:40:00  pluto[6033]: packet from :500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

2013:10:08-15:41:00  pluto[6033]: "L_REF_IpsL2t1"[28]  #587: max number of retransmissions (2) reached STATE_MAIN_R1

2013:10:08-15:41:00  pluto[6033]: "L_REF_IpsL2t1"[28] : deleting connection "L_REF_IpsL2t1"[28] instance with peer  {isakmp=#0/ipsec=#0}

This is what my Pi's console says:

104 "L2TP-PSK" #4: STATE_MAIN_I1: initiate

010 "L2TP-PSK" #4: STATE_MAIN_I1: retransmission; will wait 20s for response

010 "L2TP-PSK" #4: STATE_MAIN_I1: retransmission; will wait 40s for response

031 "L2TP-PSK" #4: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message

000 "L2TP-PSK" #4: starting keying attempt 2 of at most 3, but releasing whack

Configuration will follow in another post in a second

This thread was automatically locked due to age.

Parents

0 IngoPohlschneider over 11 years ago

/etc/ipsec.conf


config setup

        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

        nat_traversal=yes

        protostack=netkey

        oe=off

        plutoopts="--interface=wlan0"



conn L2TP-PSK

        authby=secret

        pfs=no

# set to start to launch upon boot

        auto=add

        keyingtries=3

        dpddelay=30

        dpdtimeout=120

        dpdaction=clear

        rekey=yes

        ikelifetime=8h

        keylife=1h

        type=transport



# Local network IPs

        left=

        leftnexthop=%defaultroute

        leftprotoport=17/1701



# Remote network IPs

        right=

        rightprotoport=17/1701

/etc/ipsec.secrets

192.168.2.126  : PSK ""

/etc/ppp/options.xl2tpd.client

ipcp-accept-local

ipcp-accept-remote

refuse-eap

require-mschap-v2

noccp

noauth

idle 1800

mtu 1410

mru 1410

defaultroute

usepeerdns

debug

lock

connect-delay 5000

name 

password

/etc/xl2tpd/xl2tpd.conf

  [lac vpn-connection]

  lns = 

  ppp debug = yes

  pppoptfile = /etc/ppp/options.l2tpd.client

  length bit = yes

Any ideas what might be wrong? I am pretty new to linux based systems so I am not quite sure I did all the proper configurations.

Best regards

Reply