How to connect VPN Client Openswan

Question

I have VPN server using Openswan with address 103.19.208.247

Then, i want connect my laptop (CENTOS) with IP 103.19.208.243 to VPN server. Here my configuration:

/etc/ipsec.conf

config setup
protostack=netkey
dumpdir=/var/run/pluto
nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:
25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
ikelifetime=8h
rekey=no
type=transport
left=103.19.208.243
leftprotoport=17/1701
right=103.19.208.247
rightprotoport=17/1701
dpddelay=10
dpdtimeout=90
dpdaction=clear

/etc/ipsec.secrets

103.19.208.243   103.19.208.247:    PSK "vpnku"

/etc/xl2tpd/xl2tpd.conf

[lac vpn-connection]
lns=103.19.208.247
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd

ipcp-accept-local 
ipcp-accept-remote 
require-mschap-v2
refuse-pap 
ms-dns 8.8.8.8
noccp
auth 
crtscts 
idle 1800 
mtu 1410 
mru 1410 
nodefaultroute 
debug 
lock 
proxyarp 
connect-delay 5000 
name lele (myvpn username) 
password nana1234 (my vpn password)

and when i type:ipsec auto --up L2TP-PSK

002 "L2TP-PSK" #10: initiating Quick Mode PSK+ENCRYPT+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:ed53b5a6 proposal=defaults pfsgroup=no-pfs}
117 "L2TP-PSK" #10: STATE_QUICK_I1: initiate
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 500ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 1000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 2000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 4000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 8000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 16000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 32000ms for response
031 "L2TP-PSK" #10: max number of retransmissions (8) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
000 "L2TP-PSK" #10: starting keying attempt 2 of at most 3, but releasing whack

What should i do to solve this problem to connect my VPNServer?

Thank you

Answer 1

A year old question but I point out some things, maybe it's still useful.

No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

This error message seems to be pretty straightforward for me: the initiator (client) and the responder (server) could not agree on the encryption mechanism during key exchange phase. I don't see any proposal settings so I believe you're going with the defaults. However we don't know what Strongswan version you're using so what are the default proposal is not known. Plus we don't see the server side config neither so we cannot tell what the server is proposing. So check out what the server offers and config the proposal settings on your laptop.

Also it would be nice to know that is there any LAN subnets behind that server that you want to access (laptop-to-site setup) or it's just that single server (a typical host-to-host setup).

Maybe you should reconsider using a much simpler setup since both end have fix public IP addresses. No l2tp settings and such just IKEv2 in tunnel mode.