Hi my friends,
My first round was with IPHONES using cisco vpn, so far I could connect only 1 iphone, I haven't luck with the rest of them.
Now, I´m trying to connect a Galaxy ACE with android 2.3.4. . I've been checking each parameter according to threads from astaro.org but I´m getting an error message " can´t connect with network ". I´m using L2TP over IPSEC with PSK.
Here is what I did:
On ASG:
Remote Access->L2TP over IPSec
Interface: External (WAN)
Authentication: Preshared key
Preshared key: any PSK of your choice
Repeat: repeat PSK
Assign IP address: IP address pool
Pool Network: VPN Pool (L2TP)
Authentication via: Local
User and Groups
<whatever user you have created>
Network Security->NAT->Masquerading
Network: VPN Pool (L2TP)
Interface: External (WAN)
Use address: <<Primary address>>
Enable the masquerading rule.
Network Security->Packet Filter
Source: VPN Pool (L2TP)
Service: Any
Destination: Internal (Network)
Action: Allow
Time Event: <<Always>>
Enable the packet filter rules.
On the phone:
VPN Name: Any name you choose
Set VPN server: hostname.astaro.com
Set IPSec pre-shared key: whatever key you chose on ASG
Enable L2TP Secret: leave unchecked
DNS search domains: not set
IPSEC logs are showing this:
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [RFC 3947]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012:07:05-08:35:31 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[3] x.x.x.x #20588: responding to Main Mode from unknown peer x.x.x.x
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[3] x.x.x.x #20588: Peer ID is ID_IPV4_ADDR: 'y.y.y.y'
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: deleting connection "S_REF_IpsL2t1_1"[3] instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: sent MR3, ISAKMP SA established
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:07:05-08:35:33 hostastaro pluto[35226]: "S_REF_IpsL2t1_0"[2] x.x.x.x #20588: responding to Quick Mode
2012:07:05-08:35:34 hostastaro pluto[35226]: "S_REF_IpsL2t1_0"[2] x.x.x.x #20588: IPsec SA established {ESP=>0x0ac7236h <0x0hc88324}
I also checked the line "require-mschap-v2" under file /var/chroot-ipsec/etc/ppp/options, it´s there by default.
Thanks in advance...
My first round was with IPHONES using cisco vpn, so far I could connect only 1 iphone, I haven't luck with the rest of them.
Now, I´m trying to connect a Galaxy ACE with android 2.3.4. . I've been checking each parameter according to threads from astaro.org but I´m getting an error message " can´t connect with network ". I´m using L2TP over IPSEC with PSK.
Here is what I did:
On ASG:
Remote Access->L2TP over IPSec
Interface: External (WAN)
Authentication: Preshared key
Preshared key: any PSK of your choice
Repeat: repeat PSK
Assign IP address: IP address pool
Pool Network: VPN Pool (L2TP)
Authentication via: Local
User and Groups
<whatever user you have created>
Network Security->NAT->Masquerading
Network: VPN Pool (L2TP)
Interface: External (WAN)
Use address: <<Primary address>>
Enable the masquerading rule.
Network Security->Packet Filter
Source: VPN Pool (L2TP)
Service: Any
Destination: Internal (Network)
Action: Allow
Time Event: <<Always>>
Enable the packet filter rules.
On the phone:
VPN Name: Any name you choose
Set VPN server: hostname.astaro.com
Set IPSec pre-shared key: whatever key you chose on ASG
Enable L2TP Secret: leave unchecked
DNS search domains: not set
IPSEC logs are showing this:
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [RFC 3947]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012:07:05-08:35:31 hostastaro pluto[35226]: packet from x.x.x.x:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012:07:05-08:35:31 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[3] x.x.x.x #20588: responding to Main Mode from unknown peer x.x.x.x
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[3] x.x.x.x #20588: Peer ID is ID_IPV4_ADDR: 'y.y.y.y'
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: deleting connection "S_REF_IpsL2t1_1"[3] instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: sent MR3, ISAKMP SA established
2012:07:05-08:35:32 hostastaro pluto[35226]: "S_REF_IpsL2t1_1"[4] x.x.x.x #20588: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:07:05-08:35:33 hostastaro pluto[35226]: "S_REF_IpsL2t1_0"[2] x.x.x.x #20588: responding to Quick Mode
2012:07:05-08:35:34 hostastaro pluto[35226]: "S_REF_IpsL2t1_0"[2] x.x.x.x #20588: IPsec SA established {ESP=>0x0ac7236h <0x0hc88324}
I also checked the line "require-mschap-v2" under file /var/chroot-ipsec/etc/ppp/options, it´s there by default.
Thanks in advance...