[Swan] Could not establish IPsec tunnel

Paul Smith phhs80 at gmail.com
Wed Nov 13 02:21:38 UTC 2019 

Dear All,

I am trying to establish a L2TP VPN connection using libreswan on
Fedora 31 to connect to a MS Windows server, but getting the problem
below.

With ipscan, I got:

-------------------------
Starting ike-scan 1.9.4 with 1 hosts
(http://www.nta-monitor.com/tools/ike-scan/)
193.136.25.122    Main Mode Handshake returned
HDR=(CKY-R=3223cb62087f3582) SA=(Enc=3DES Hash=SHA1 Auth=PSK
Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
VID=4048b7d56ebce88525e7de7f00d6c2d3 (IKE Fragmentation)
VID=f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d5dcb58be0000000018390000
(Firewall-1 NGX)

Ending ike-scan 1.9.4: 1 hosts scanned in 0.043 seconds (23.49
hosts/sec).  1 returned handshake; 0 returned notify
-------------------------

Any ideas?

Thanks in advance,

Paul

-------------------------
seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" modecfgdns=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" modecfgdomains=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" modecfgbanner=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" mark=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" mark-in=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" mark-out=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" vti_iface=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" redirect-to=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" accept-redirect-to=<unset>
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" esp=3des-sha1
conn: "ec9a3d05-1842-403a-84b5-371af56faa30" ike=3des-sha1-modp1024
002 added connection description "ec9a3d05-1842-403a-84b5-371af56faa30"
nm-l2tp[25120] <info>  Spawned ipsec auto --up script with PID 25521.
002 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: initiating Main Mode
104 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: STATE_MAIN_I1: initiate
106 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: STATE_MAIN_I2: sent
MI2, expecting MR2
108 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: STATE_MAIN_I3: sent
MI3, expecting MR3
002 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: Peer ID is
ID_IPV4_ADDR: '193.136.25.122'
004 "ec9a3d05-1842-403a-84b5-371af56faa30" #1: STATE_MAIN_I4: ISAKMP
SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1
group=MODP1024}
002 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: initiating Quick Mode
PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:b951826e proposal=3DES_CBC-HMAC_SHA1_96
pfsgroup=MODP1024}
117 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1: initiate
010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1:
retransmission; will wait 0.5 seconds for response
010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1:
retransmission; will wait 4 seconds for response
010 "ec9a3d05-1842-403a-84b5-371af56faa30" #2: STATE_QUICK_I1:
retransmission; will wait 8 seconds for response
nm-l2tp[25120] <warn>  Timeout trying to establish IPsec connection
nm-l2tp[25120] <info>  Terminating ipsec script with PID 25521.
nm-l2tp[25120] <warn>  Could not establish IPsec tunnel.

More information about the Swan mailing list