japan:~# TESTNAME=mast-l2tp-04 japan:~# source /testing/pluto/bin/japanlocal.sh japan:~# if [ -f /var/run/l2tpd.pid ]; then kill `cat /var/run/l2tpd.pid`; fi japan:~# iptables -F INPUT japan:~# iptables -F OUTPUT japan:~# ipsec setup stop ipsec_setup: Stopping Libreswan IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... japan:~# iptables -A INPUT -i eth1 -s 192.1.2.23 -p udp --sport 1701 -j REJECT japan:~# iptables -A OUTPUT -o eth1 -d 192.1.2.23 -p udp --dport 1701 -j REJECT japan:~# ipsec setup restart ipsec_setup: Stopping Libreswan IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Libreswan IPsec VERSION japan:~# ipsec auto --add japan--east-l2tp japan:~# /testing/pluto/bin/wait-until-pluto-started japan:~# ipsec whack --debug-control --debug-controlmore --debug-natt japan:~# if [ ! -f /etc/ppp/chap-secrets ]; then mount --bind /testing/pluto/l2tp-01 /etc/ppp; fi japan:~# (cd /tmp && l2tpd -c /testing/pluto/l2tp-03/japan.l2tpd.conf -D 2>/tmp/l2tpd.log ) & [1] 9999 japan:~# ipsec auto --route japan--east-l2tp japan:~# echo done done japan:~# ipsec auto --up japan--east-l2tp 104 "japan--east-l2tp" #1: STATE_MAIN_I1: initiate 003 "japan--east-l2tp" #1: received Vendor ID payload [Libreswan 003 "japan--east-l2tp" #1: received Vendor ID payload [Dead Peer Detection] 003 "japan--east-l2tp" #1: received Vendor ID payload [RFC 3947] method set to=109 106 "japan--east-l2tp" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "japan--east-l2tp" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed 108 "japan--east-l2tp" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "japan--east-l2tp" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} 117 "japan--east-l2tp" #2: STATE_QUICK_I1: initiate 004 "japan--east-l2tp" #2: STATE_QUICK_I2: sent QI2, IPsec SA established japan:~# echo "c server" >/var/run/l2tp-control japan:~# ipsec look japan NOW 192.1.3.209/32:1701 -> 192.1.2.23/32:1701 => tun0xIPIP@192.1.2.23:17 ipsec0->eth0 mtu=16260(9999)->1500 esp0xKLIPSPIK@192.1.3.209 ESP_3DES_HMAC_MD5: dir=in src=192.1.2.23 iv_bits=64bits iv=0xIVISFORRANDOM000 ooowin=64 alen=128 aklen=128 eklen=192 natencap=nonesp natsport=4500 natdport=4500 tun0xTUN#@192.1.3.209 IPIP: dir=in src=192.1.2.23 policy=192.1.2.23/32->192.1.3.209/32 flags=0x8<> natencap=none natsport=0 natdport=0 ROUTING TABLE 192.1.2.23 dev ipsec0 scope link 192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209 192.1.3.0/24 dev ipsec0 proto kernel scope link src 192.1.3.209 default via 192.1.3.254 dev eth0 japan:~# sleep 5 japan:~# telnet 192.0.2.254 2 | wc -l Connection closed by foreign host. 834 japan:~# ifconfig ppp0 | grep 'inet addr' inet addr:192.0.2.129 P-t-P:192.0.2.254 Mask:255.255.255.255 japan:~# echo done done japan:~# japan:~# japan:~# grep 'Result using RFC 3947' /tmp/pluto.log "japan--east-l2tp" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed japan:~#