north:~# TESTNAME=mast-l2tp-05 north:~# source /testing/pluto/bin/northlocal.sh north:~# if [ -f /var/run/l2tpd.pid ]; then kill `cat /var/run/l2tpd.pid`; fi north:~# iptables -F INPUT north:~# iptables -F OUTPUT north:~# ipsec setup stop ipsec_setup: Stopping Libreswan IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... north:~# iptables -A INPUT -i eth1 -s 192.1.2.23 -p udp --sport 1701 -j REJECT north:~# iptables -A OUTPUT -o eth1 -d 192.1.2.23 -p udp --dport 1701 -j REJECT north:~# ipsec setup restart ipsec_setup: Stopping Libreswan IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Libreswan IPsec VERSION north:~# ipsec auto --add north--east-l2tp north:~# ipsec auto --add north--east-pass north:~# /testing/pluto/bin/wait-until-pluto-started north:~# ipsec auto --route north--east-pass north:~# ipsec whack --debug-control --debug-controlmore --debug-natt north:~# if [ ! -f /etc/ppp/chap-secrets ]; then mount --bind /testing/pluto/l2tp-01 /etc/ppp; fi north:~# (cd /tmp && l2tpd -c /testing/pluto/l2tp-01/north.l2tpd.conf -D 2>/tmp/l2tpd.log ) & [1] 9999 north:~# ipsec auto --route north--east-l2tp north:~# echo done done north:~# ipsec auto --replace north--east-l2tp north:~# ipsec auto --up north--east-l2tp 104 "north--east-l2tp" #1: STATE_MAIN_I1: initiate 003 "north--east-l2tp" #1: received Vendor ID payload [Libreswan 003 "north--east-l2tp" #1: received Vendor ID payload [Dead Peer Detection] 003 "north--east-l2tp" #1: received Vendor ID payload [RFC 3947] method set to=109 106 "north--east-l2tp" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "north--east-l2tp" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): I am behind NAT 108 "north--east-l2tp" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "north--east-l2tp" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} 117 "north--east-l2tp" #2: STATE_QUICK_I1: initiate 004 "north--east-l2tp" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xbe055d97 <0x66e4c95e xfrm=3DES_0-HMAC_MD5 ref=2 refhim=1 NATD=:4500 DPD=none} north:~# echo "c server" >/var/run/l2tp-control north:~# sleep 5 north:~# ipsec look north NOW 192.1.3.33/32 -> 192.1.2.23/32 => %pass 192.1.3.33/32:1701 -> 192.1.2.23/32:1701 => esp0xESPSPI@192.1.2.23:17 ipsec0->eth1 mtu=16260(9999)->1500 esp0xKLIPSPIK@192.1.3.33 ESP_3DES_HMAC_MD5: dir=in src=192.1.2.23 iv_bits=64bits iv=0xIVISFORRANDOM000 ooowin=64 alen=128 aklen=128 eklen=192 natencap=nonesp natsport=4500 natdport=4500 refhim=1 ROUTING TABLE 192.1.2.23 dev ipsec0 scope link 192.1.2.0/24 via 192.1.3.254 dev eth1 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.33 192.1.3.0/24 dev ipsec0 proto kernel scope link src 192.1.3.33 192.0.1.0/24 via 192.1.3.254 dev eth1 192.0.2.0/24 via 192.1.3.254 dev eth1 default via 192.1.3.254 dev eth1 north:~# ping -c 4 -n 192.0.2.254 PING 192.0.2.254 (192.0.2.254): 56 data bytes 64 bytes from 192.0.2.254: icmp_seq=2 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=3 ttl=257 time=999 ms --- 192.0.2.254 ping statistics --- 4 packets transmitted, 2 packets received, 50% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms north:~# telnet 192.0.2.254 2 | wc -l Connection closed by foreign host. 834 north:~# ifconfig ppp0 | grep 'inet addr' inet addr:192.0.2.128 P-t-P:192.0.2.254 Mask:255.255.255.255 north:~# ipsec auto --up north--east-l2tp 117 "north--east-l2tp" #4: STATE_QUICK_I1: initiate 004 "north--east-l2tp" #4: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xbe055d99 <0x66e4c960 xfrm=3DES_0-HMAC_MD5 ref=6 refhim=5 NATD=:4500 DPD=none} north:~# telnet 192.0.2.254 2 | wc -l Connection closed by foreign host. 834 north:~# echo done done north:~# north:~# north:~# grep 'Result using RFC 3947' /tmp/pluto.log "north--east-l2tp" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): I am behind NAT north:~#