road:~# TESTNAME=l2tp-04 road:~# source /testing/pluto/bin/roadlocal.sh road:~# if [ -f /var/run/l2tpd.pid ]; then kill `cat /var/run/l2tpd.pid`; fi road:~# iptables -F INPUT road:~# iptables -F OUTPUT road:~# ipsec setup stop ipsec_setup: Stopping Libreswan IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... road:~# iptables -A INPUT -i eth1 -s 192.1.2.23 -p udp --sport 1701 -j REJECT road:~# iptables -A OUTPUT -o eth1 -d 192.1.2.23 -p udp --dport 1701 -j REJECT road:~# ipsec setup restart ipsec_setup: Stopping Libreswan IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Libreswan IPsec VERSION road:~# ipsec auto --add road--east-l2tp road:~# /testing/pluto/bin/wait-until-pluto-started road:~# ipsec whack --debug-control --debug-controlmore --debug-natt road:~# if [ ! -f /etc/ppp/chap-secrets ]; then mount --bind /testing/pluto/l2tp-01 /etc/ppp; fi road:~# (cd /tmp && l2tpd -c /testing/pluto/l2tp-03/road.l2tpd.conf -D 2>/tmp/l2tpd.log ) & [1] 9999 road:~# ipsec auto --route road--east-l2tp road:~# echo done done road:~# ipsec auto --up road--east-l2tp 104 "road--east-l2tp" #1: STATE_MAIN_I1: initiate 003 "road--east-l2tp" #1: received Vendor ID payload [Libreswan 003 "road--east-l2tp" #1: received Vendor ID payload [Dead Peer Detection] 003 "road--east-l2tp" #1: received Vendor ID payload [RFC 3947] method set to=109 106 "road--east-l2tp" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "road--east-l2tp" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed 108 "road--east-l2tp" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "road--east-l2tp" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} 117 "road--east-l2tp" #2: STATE_QUICK_I1: initiate 004 "road--east-l2tp" #2: STATE_QUICK_I2: sent QI2, IPsec SA established road:~# echo "c server" >/var/run/l2tp-control road:~# ipsec look road NOW 192.1.3.209/32:1701 -> 192.1.2.23/32:1701 => tun0xIPIP@192.1.2.23:17 ipsec0->eth0 mtu=16260(9999)->1500 esp0xKLIPSPIK@192.1.3.209 ESP_3DES_HMAC_MD5: dir=in src=192.1.2.23 iv_bits=64bits iv=0xIVISFORRANDOM000 ooowin=64 alen=128 aklen=128 eklen=192 natencap=nonesp natsport=4500 natdport=4500 tun0xTUN#@192.1.3.209 IPIP: dir=in src=192.1.2.23 policy=192.1.2.23/32->192.1.3.209/32 flags=0x8<> natencap=none natsport=0 natdport=0 ROUTING TABLE 192.1.2.23 dev ipsec0 scope link 192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209 192.1.3.0/24 dev ipsec0 proto kernel scope link src 192.1.3.209 default via 192.1.3.254 dev eth0 road:~# sleep 5 road:~# telnet 192.0.2.254 2 | wc -l Connection closed by foreign host. 834 road:~# ifconfig ppp0 | grep 'inet addr' inet addr:192.0.2.129 P-t-P:192.0.2.254 Mask:255.255.255.255 road:~# echo done done road:~# road:~# road:~# grep 'Result using RFC 3947' /tmp/pluto.log "road--east-l2tp" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed road:~#