安裝了最新版 Cisco Ipsec連接不上去

[zoonderkins]

我使用Android 6, Mac Os 10.11，已經設定好cisco ipsec的設定了，還是連接不上去。。
在Mac 的錯誤訊息是 user authentication failed.
我用一般l2tp卻可以使用

[hwdsl2]

@ookangzheng 你好！请再次尝试连接，然后提供 VPN 服务器日志，可通过运行以下命令得到。可隐去 IP 等信息。

sudo grep pluto /var/log/auth.log | tail -n 100

[zoonderkins]

我的server centos 6.8 裡面執行了
no such file

[hwdsl2]

@ookangzheng 以上是针对 Ubuntu/Debian 系统。对于CentOS 系统请使用以下命令：

sudo grep pluto /var/log/secure | tail -n 100

[zoonderkins]

Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: 1DES is not encryption
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: no acceptable Oakley Transform
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: deleting state (STATE_MAIN_R0)
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: 1DES is not encryption
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: 1DES is not encryption
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: no acceptable Oakley Transform
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: deleting state (STATE_MAIN_R0)
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: no acceptable Oakley Transform
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: deleting state (STATE_MAIN_R0)
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: switched from "l2tp-psk"[7] X.X.X.X to "l2tp-psk"
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: new NAT mapping for #34, was X.X.X.X:500, now X.X.X.X:4500
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP1024}
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Aug 27 04:17:21 svr1 pluto[5085]: | ISAKMP Notification Payload
Aug 27 04:17:21 svr1 pluto[5085]: |   00 00 00 1c  00 00 00 01  01 10 60 02
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: received and ignored informational message
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: the peer proposed: Y.Y.Y.Y/32:17/1701 -> 192.168.1.104/32:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: responding to Quick Mode proposal {msgid:6101fffa}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35:     us: Y.Y.Y.Y/32===Y.Y.Y.Y<Y.Y.Y.Y>:17/1701
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35:   them: X.X.X.X[192.168.1.104]:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.106'
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: switched from "l2tp-psk"[9] X.X.X.X to "l2tp-psk"[7] X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP2048}
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: received Delete SA payload: self-deleting ISAKMP State #36
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: deleting state (STATE_MAIN_R3)
Aug 27 04:19:40 svr1 pluto[5085]: packet from X.X.X.X:1030: received and ignored empty informational notification payload
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: DPD: No response from peer - declaring peer dead
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: IKEv1 DPD action: Clearing Connection l2tp-psk[9] CK_INSTANCE
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: deleting state (STATE_QUICK_R2)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: ESP traffic information: in=0B out=0B
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #34: deleting state (STATE_MAIN_R3)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X: deleting connection "l2tp-psk"[9] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: deleting state (STATE_QUICK_R2)
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: ESP traffic information: in=0B out=0B
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X: deleting connection "l2tp-psk"[7] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: responding to Main Mode from unknown peer Z.Z.Z.Z
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP1024] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP2048] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Pluto does not support OAKLEY_ECDSA_P384 authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: policy does not allow OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: ERROR: asynchronous network error report on eth0 (sport=500) for message to Z.Z.Z.Z port 500, complainant Z.Z.Z.Z: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Aug 27 13:08:30 svr1 pluto[5085]: packet from Z.Z.Z.Z:33205: initial Aggressive Mode message from Z.Z.Z.Z but no (wildcard) connection has been configured with policy XAUTH+AGGRESSIVE+IKEV1_ALLOW
[root@svr1 ~]# grep pluto /var/log/secure | tail -n 100
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder).  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: no acceptable Oakley Transform
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: deleting state (STATE_MAIN_R0)
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: switched from "l2tp-psk"[7] X.X.X.X to "l2tp-psk"
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: new NAT mapping for #34, was X.X.X.X:500, now X.X.X.X:4500
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP1024}
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Aug 27 04:17:21 svr1 pluto[5085]: | ISAKMP Notification Payload
Aug 27 04:17:21 svr1 pluto[5085]: |   00 00 00 1c  00 00 00 01  01 10 60 02
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: received and ignored informational message
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: the peer proposed: Y.Y.Y.Y/32:17/1701 -> 192.168.1.104/32:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: responding to Quick Mode proposal {msgid:6101fffa}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35:     us: Y.Y.Y.Y/32===Y.Y.Y.Y<Y.Y.Y.Y>:17/1701
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35:   them: X.X.X.X[192.168.1.104]:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.106'
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: switched from "l2tp-psk"[9] X.X.X.X to "l2tp-psk"[7] X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP2048}
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: received Delete SA payload: self-deleting ISAKMP State #36
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: deleting state (STATE_MAIN_R3)
Aug 27 04:19:40 svr1 pluto[5085]: packet from X.X.X.X:1030: received and ignored empty informational notification payload
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: DPD: No response from peer - declaring peer dead
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: IKEv1 DPD action: Clearing Connection l2tp-psk[9] CK_INSTANCE
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: deleting state (STATE_QUICK_R2)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: ESP traffic information: in=0B out=0B
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #34: deleting state (STATE_MAIN_R3)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X: deleting connection "l2tp-psk"[9] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: deleting state (STATE_QUICK_R2)
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: ESP traffic information: in=0B out=0B
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X: deleting connection "l2tp-psk"[7] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: responding to Main Mode from unknown peer Z.Z.Z.Z
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP1024] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP2048] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Pluto does not support OAKLEY_ECDSA_P384 authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: policy does not allow OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: ERROR: asynchronous network error report on eth0 (sport=500) for message to Z.Z.Z.Z port 500, complainant Z.Z.Z.Z: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Aug 27 13:08:30 svr1 pluto[5085]: packet from Z.Z.Z.Z:33205: initial Aggressive Mode message from Z.Z.Z.Z but no (wildcard) connection has been configured with policy XAUTH+AGGRESSIVE+IKEV1_ALLOW
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: responding to Main Mode from unknown peer N.N.N.N
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Aug 27 14:36:56 svr1 pluto[5085]: | ISAKMP Notification Payload
Aug 27 14:36:56 svr1 pluto[5085]: |   00 00 00 1c  00 00 00 01  01 10 60 02
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.106'
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: switched from "xauth-psk"[13] N.N.N.N to "xauth-psk"
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: deleting connection "xauth-psk"[13] N.N.N.N instance with peer N.N.N.N {isakmp=#0/ipsec=#0}
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: new NAT mapping for #38, was N.N.N.N:500, now N.N.N.N:4500
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP2048}
Aug 27 14:36:56 svr1 pluto[5085]: | event EVENT_v1_SEND_XAUTH #38 STATE_MAIN_R3
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: XAUTH: Sending Username/Password request (XAUTH_R0)
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: User vpn: Attempting to login
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: passwd file authentication being called to authenticate user vpn
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: password file (/etc/ipsec.d/passwd) open.
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: checking user(vpn:xauth-psk)
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: nope
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: User vpn: Authentication Failed: Incorrect Username or Password
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: Unsupported XAUTH basic attribute XAUTH-STATUS received.
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: Expected MODE_CFG_REPLY is missing username and password attribute
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: XAUTH: Sending Username/Password request (XAUTH_R0)
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: XAUTH: User <unknown>: Authentication Failed (retry 1)
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: received Delete SA payload: self-deleting ISAKMP State #38
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: deleting state (STATE_XAUTH_R0)
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N: deleting connection "xauth-psk"[14] N.N.N.N instance with peer N.N.N.N {isakmp=#0/ipsec=#0}
Aug 27 14:36:57 svr1 pluto[5085]: packet from N.N.N.N:4500: received and ignored empty informational notification payload

[hwdsl2]

@ookangzheng Logs received, thanks. Please check the following:

1. Run these commands on the server to clear existing connections.

   service ipsec restart
   service xl2tpd restart
   

2. In your Mac OS VPN settings, double check and re-enter your VPN username and password. According to the logs, your credentials were entered incorrectly. Do you have special characters in your password?

3. Due to a limitation of the IPsec protocol, multiple devices behind the same NAT (e.g. a home router) cannot simultaneously connect to the same IPsec VPN server. In addition, do not use IPsec/L2TP and IPsec/XAuth modes simultaneously from behind the same NAT. If unable to connect, first try the commands above to clear existing connections.

4. For Android 6, please try the workarounds here [1].

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#android

[zoonderkins]

I have tried restart the IPSec services, and I double checked my Username & Password & PSK. It was the same with L2tpd .
I tried to use Mobile Data to connect with Cisco-IPSec, failed again. (iOS9)
Server Centos 6.8
Script Version: Latest , I tried to reinstall the latest version
Still face same problem.

[hwdsl2]

@ookangzheng Do you have special characters in your password? The following characters can cause problems: \ " '

[hwdsl2]

@ookangzheng Can you please remove any special character from your VPN password, then regenerate the XAuth password file with these commands. If needed, also modify "/etc/ppp/chap-secrets" for IPsec/L2TP.

VPN_USER='<YOUR VPN USERNAME>'
VPN_PASSWORD='<YOUR VPN PASSWORD>'
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
echo "$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk" > /etc/ipsec.d/passwd
service ipsec restart

[zoonderkins]

Thanks, It works ~~
My PSK contain " \ " and few symbols
May I know why the Cisco IPSec and L2Tp encryption is it the same level ?

[hwdsl2]

@ookangzheng Happy to hear it is now working.

There is no fundamental difference between the encryption of Cisco IPsec and IPsec/L2TP. But Cisco IPsec is more efficient in transferring data, because it does not have the additional overhead of L2TP/PPP.