This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP problems with MacOS and iOS

Hi, for awhile I've been unable to connect to my UTM9 (currently on 9.510-5) from iOS and MacOS clients.

At the moment, I'm trying from a MacOS Sierra Mac... the client shows "The L2TP VPN server did not respond" when trying to connect, and the UTM9 log shows:

2018:11:26-14:45:07 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[24] 1.2.3.4 #1455: responding to Main Mode from unknown peer 1.2.3.4
2018:11:26-14:45:07 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[24] 1.2.3.4 #1455: NAT-Traversal: Result using RFC 3947: peer is NATed
2018:11:26-14:45:08 fw pluto[16530]: | NAT-T: new mapping 1.2.3.4:500/35344)
2018:11:26-14:45:08 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[24] 1.2.3.4:35344 #1455: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2018:11:26-14:45:08 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[24] 1.2.3.4:35344 #1455: Peer ID is ID_IPV4_ADDR: '10.0.1.4'
2018:11:26-14:45:08 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: deleting connection "L_REF_IpsL2tForBarry_1"[24] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
2018:11:26-14:45:08 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: Dead Peer Detection (RFC 3706) enabled
2018:11:26-14:45:08 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: sent MR3, ISAKMP SA established
2018:11:26-14:45:11 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:45:14 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:45:17 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:45:29 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:45:53 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:46:23 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:46:53 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:47:23 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: DPD: No response from peer - declaring peer dead
2018:11:26-14:47:23 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: DPD: Terminating all SAs using this connection
2018:11:26-14:47:23 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[25] 1.2.3.4:35344 #1455: deleting connection "L_REF_IpsL2tForBarry_1"[25] instance with peer 1.2.3.4 {isakmp=#1455/ipsec=#0}
2018:11:26-14:47:23 fw pluto[16530]: "L_REF_IpsL2tForBarry_1" #1455: deleting state (STATE_MAIN_R3)
2018:11:26-14:47:23 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [RFC 3947]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2018:11:26-14:47:28 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[26] 1.2.3.4 #1456: responding to Main Mode from unknown peer 1.2.3.4
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[26] 1.2.3.4 #1456: NAT-Traversal: Result using RFC 3947: peer is NATed
2018:11:26-14:47:28 fw pluto[16530]: | NAT-T: new mapping 1.2.3.4:500/35344)
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[26] 1.2.3.4:35344 #1456: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[26] 1.2.3.4:35344 #1456: Peer ID is ID_IPV4_ADDR: '10.0.1.4'
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: deleting connection "L_REF_IpsL2tForBarry_1"[26] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: Dead Peer Detection (RFC 3706) enabled
2018:11:26-14:47:28 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: sent MR3, ISAKMP SA established
2018:11:26-14:47:31 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:47:34 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:47:38 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:47:50 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:48:21 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [RFC 3947]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2018:11:26-14:48:26 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]
2018:11:26-14:48:26 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4 #1457: responding to Main Mode from unknown peer 1.2.3.4
2018:11:26-14:48:26 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4 #1457: NAT-Traversal: Result using RFC 3947: peer is NATed
2018:11:26-14:48:29 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4 #1457: discarding duplicate packet; already STATE_MAIN_R2
2018:11:26-14:48:32 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4 #1457: discarding duplicate packet; already STATE_MAIN_R2
2018:11:26-14:48:35 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4 #1457: discarding duplicate packet; already STATE_MAIN_R2
2018:11:26-14:48:36 fw pluto[16530]: | NAT-T: new mapping 1.2.3.4:500/35344)
2018:11:26-14:48:36 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4:35344 #1457: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2018:11:26-14:48:36 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[28] 1.2.3.4:35344 #1457: Peer ID is ID_IPV4_ADDR: '10.0.1.4'
2018:11:26-14:48:36 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: deleting connection "L_REF_IpsL2tForBarry_1"[28] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
2018:11:26-14:48:36 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: Dead Peer Detection (RFC 3706) enabled
2018:11:26-14:48:36 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: sent MR3, ISAKMP SA established
2018:11:26-14:48:39 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:48:42 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:48:46 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:49:20 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:49:25 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:49:50 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1456: DPD: Phase1 state #1456 has been superseded by #1457 - timeout ignored
2018:11:26-14:49:55 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:50:25 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:50:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: DPD: No response from peer - declaring peer dead
2018:11:26-14:50:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: DPD: Terminating all SAs using this connection
2018:11:26-14:50:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[27] 1.2.3.4:35344 #1457: deleting connection "L_REF_IpsL2tForBarry_1"[27] instance with peer 1.2.3.4 {isakmp=#1457/ipsec=#0}
2018:11:26-14:50:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1" #1457: deleting state (STATE_MAIN_R3)
2018:11:26-14:50:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1" #1456: deleting state (STATE_MAIN_R3)
2018:11:26-14:50:55 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:50:55 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 35344, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [RFC 3947]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2018:11:26-14:58:10 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[29] 1.2.3.4 #1458: responding to Main Mode from unknown peer 1.2.3.4
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[29] 1.2.3.4 #1458: NAT-Traversal: Result using RFC 3947: peer is NATed
2018:11:26-14:58:10 fw pluto[16530]: | NAT-T: new mapping 1.2.3.4:500/37938)
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[29] 1.2.3.4:37938 #1458: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[29] 1.2.3.4:37938 #1458: Peer ID is ID_IPV4_ADDR: '10.0.1.4'
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: deleting connection "L_REF_IpsL2tForBarry_1"[29] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: Dead Peer Detection (RFC 3706) enabled
2018:11:26-14:58:10 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: sent MR3, ISAKMP SA established
2018:11:26-14:58:13 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:58:16 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-14:58:20 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:58:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-14:58:49 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 37938, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:59:19 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 37938, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-14:59:49 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 37938, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:00:19 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 37938, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:00:49 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: DPD: No response from peer - declaring peer dead
2018:11:26-15:00:49 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: DPD: Terminating all SAs using this connection
2018:11:26-15:00:49 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[30] 1.2.3.4:37938 #1458: deleting connection "L_REF_IpsL2tForBarry_1"[30] instance with peer 1.2.3.4 {isakmp=#1458/ipsec=#0}
2018:11:26-15:00:49 fw pluto[16530]: "L_REF_IpsL2tForBarry_1" #1458: deleting state (STATE_MAIN_R3)
2018:11:26-15:00:49 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 37938, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:04:21 fw pluto[16530]: forgetting secrets
2018:11:26-15:04:21 fw pluto[16530]: loading secrets from "/etc/ipsec.secrets"
2018:11:26-15:04:21 fw pluto[16530]:   loaded PSK secret for fw.barry.net %any
2018:11:26-15:04:21 fw pluto[16530]: listening for IKE messages
2018:11:26-15:04:21 fw pluto[16530]: forgetting secrets
2018:11:26-15:04:21 fw pluto[16530]: loading secrets from "/etc/ipsec.secrets"
2018:11:26-15:04:21 fw pluto[16530]:   loaded PSK secret for fw.barry.net %any
2018:11:26-15:04:21 fw pluto[16530]: loading ca certificates from '/etc/ipsec.d/cacerts'
2018:11:26-15:04:21 fw pluto[16530]:   loaded ca certificate from '/etc/ipsec.d/cacerts/REF_CaSigVpnSigniCa.pem'
2018:11:26-15:04:21 fw pluto[16530]: loading aa certificates from '/etc/ipsec.d/aacerts'
2018:11:26-15:04:21 fw pluto[16530]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2018:11:26-15:04:21 fw pluto[16530]: loading attribute certificates from '/etc/ipsec.d/acerts'
2018:11:26-15:04:21 fw pluto[16530]: Changing to directory '/etc/ipsec.d/crls'
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [RFC 3947]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2018:11:26-15:04:48 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[31] 1.2.3.4 #1459: responding to Main Mode from unknown peer 1.2.3.4
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[31] 1.2.3.4 #1459: NAT-Traversal: Result using RFC 3947: peer is NATed
2018:11:26-15:04:48 fw pluto[16530]: | NAT-T: new mapping 1.2.3.4:500/33896)
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[31] 1.2.3.4:33896 #1459: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[31] 1.2.3.4:33896 #1459: Peer ID is ID_IPV4_ADDR: '10.0.1.4'
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: deleting connection "L_REF_IpsL2tForBarry_1"[31] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: Dead Peer Detection (RFC 3706) enabled
2018:11:26-15:04:48 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: sent MR3, ISAKMP SA established
2018:11:26-15:04:51 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-15:04:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-15:04:58 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-15:05:11 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [RFC 3947]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2018:11:26-15:05:33 fw pluto[16530]: packet from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[33] 1.2.3.4 #1460: responding to Main Mode from unknown peer 1.2.3.4
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[33] 1.2.3.4 #1460: NAT-Traversal: Result using RFC 3947: peer is NATed
2018:11:26-15:05:33 fw pluto[16530]: | NAT-T: new mapping 1.2.3.4:500/33896)
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[33] 1.2.3.4:33896 #1460: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[33] 1.2.3.4:33896 #1460: Peer ID is ID_IPV4_ADDR: '10.0.1.4'
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: deleting connection "L_REF_IpsL2tForBarry_1"[33] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: Dead Peer Detection (RFC 3706) enabled
2018:11:26-15:05:33 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: sent MR3, ISAKMP SA established
2018:11:26-15:05:36 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-15:05:39 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2018:11:26-15:05:42 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-15:05:55 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
2018:11:26-15:06:07 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:06:30 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:06:37 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:07:00 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:07:07 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1459: DPD: Phase1 state #1459 has been superseded by #1460 - timeout ignored
2018:11:26-15:07:30 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:08:00 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: DPD: No response from peer - declaring peer dead
2018:11:26-15:08:00 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: DPD: Terminating all SAs using this connection
2018:11:26-15:08:00 fw pluto[16530]: "L_REF_IpsL2tForBarry_1"[32] 1.2.3.4:33896 #1460: deleting connection "L_REF_IpsL2tForBarry_1"[32] instance with peer 1.2.3.4 {isakmp=#1460/ipsec=#0}
2018:11:26-15:08:00 fw pluto[16530]: "L_REF_IpsL2tForBarry_1" #1460: deleting state (STATE_MAIN_R3)
2018:11:26-15:08:00 fw pluto[16530]: "L_REF_IpsL2tForBarry_1" #1459: deleting state (STATE_MAIN_R3)
2018:11:26-15:08:00 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2018:11:26-15:08:00 fw pluto[16530]: ERROR: asynchronous network error report on eth0 for message to 1.2.3.4 port 33896, complainant 1.2.3.4: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]



This thread was automatically locked due to age.
  • Hey Barry - long time no see!

    DPD: No response from peer - declaring peer dead

    Are you sure your MAC's firewall isn't blocking the ICMP request?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have the exact same issue with L2TP on my iOS.  L2TP works fine on my Windows 10 laptop.

  • Hey Bob, how are you doing?

    This is actually my friend's Macbook, he's trying to connect to me. He doesn't think he's using any firewall.

    Would we be better off using an SSL VPN client on the Mac? Is Tunnelblick still best?

     

    Thanks!

  • Hey Barry - glad you're spending some time here again!

    Yeah, based on the fact that I at least scan every thread here, I think Tunnelblick is still the one with the best reports here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA