bettmenn
18.06.10, 11:28
Hallo,
ich möchte auf meinem Rootserver ein VPN aufsetzen mit L2TP/IpSEC. Der Rootserver soll als VPN-Gateway dienen um meinem Netzwerktraffic zu verschlüsseln, z.B. beim Surfen in unverschlüsselten Wlan-Hotspots.
In meiner auth.log erhalte ich folgende Fehlermeldung:
Jun 18 11:44:45 bett02 pluto[22357]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 178.203.x.y port 4500, complainant 217.172.x.y: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
178.203.x.y ist die dynamische IP-Adresse des Clients.
217.172.x.y ist die statische IP-Adresse des Rootservers.
Vista gibt nach ca. 30 Sekunden die Meldung aus:
Fehler 809
Die Netzwerkverbindung zwischen Ihrem Computer und dem VPN-Server konnte nicht hergestellt werden, weil der Remoteserver nicht antwortet.
Der Einfachheit halber möchte ich zunächst auf Zertifikate/X.509 verzichten und mit Private Shared Keys arbeiten.
Als Server dient Debian mit 2.6er Kernel
Openswan: Linux Openswan U2.4.12/K2.6.26-2-amd64 (netkey)
Xl2tpd: xl2tpd-1.2.0
Hier meine Config-Dateien und weitere Logs. Für eure Hilfe bin ich euch sehr dankbar. Falls Ihr noch weitere Informationen braucht, fragt einfach nach.
Vielen Grüße,
Flo
/etc/ipsec.conf
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=secret
conn L2TP-PSK
rekey=no
authby=secret
pfs=no
keyingtries=0
left=%defaultroute
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
/etc/ipsec.secrets:
: PSK "thepsk"
217.172.a.b und 217.172.c.d sind die lokalen Nameserver meines Rootservers, als internes Subnet möchte ich 10.66.66.* vergeben.
/etc/xl2tpd/xl2tpd.conf
[global]
auth file = /etc/xl2tpd/l2tp-secrets
listen-addr = 217.172.x.y
port = 1701
[lns default]
ip range = 10.66.66.2-10.66.66.254
local ip = 217.172.x.y
refuse pap = yes
require authentication = yes
name = bett
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.lns
length bit = yes
/etc/ppp/options.l2tpd.lns
ipcp-accept-local
ipcp-accept-remote
ms-dns 217.172.a.b
ms-dns 217.172.c.d
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000
Detaillierter Auszug aus der auth.log
Jun 18 12:20:30 bett02 pluto[23629]: Starting Pluto (Openswan Version 2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE`lPH|Vbpuu)
Jun 18 12:20:30 bett02 pluto[23629]: Setting NAT-Traversal port-4500 floating to on
Jun 18 12:20:30 bett02 pluto[23629]: port floating activation criteria nat_t=1/port_fload=1
Jun 18 12:20:30 bett02 pluto[23629]: including NAT-Traversal patch (Version 0.6c)
Jun 18 12:20:30 bett02 pluto[23629]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 18 12:20:30 bett02 pluto[23629]: starting up 3 cryptographic helpers
Jun 18 12:20:30 bett02 pluto[23629]: started helper pid=23644 (fd:6)
Jun 18 12:20:30 bett02 pluto[23629]: started helper pid=23648 (fd:7)
Jun 18 12:20:30 bett02 pluto[23629]: started helper pid=23649 (fd:8)
Jun 18 12:20:30 bett02 pluto[23629]: Using NETKEY IPsec interface code on 2.6.26-2-amd64
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/cacerts'
Jun 18 12:20:30 bett02 pluto[23629]: loaded CA cert file 'cacert.pem' (4877 bytes)
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/aacerts'
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/ocspcerts'
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/crls'
Jun 18 12:20:30 bett02 pluto[23629]: loaded crl file 'crl.pem' (707 bytes)
Jun 18 12:20:30 bett02 pluto[23629]: loading secrets from "/etc/ipsec.secrets"
Jun 18 12:20:30 bett02 pluto[23629]: added connection description "L2TP-PSK"
Jun 18 12:20:30 bett02 pluto[23629]: listening for IKE messages
Jun 18 12:20:30 bett02 pluto[23629]: adding interface tun0/tun0 10.66.66.1:500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface tun0/tun0 10.66.66.1:4500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface eth0/eth0 217.172.x.y:500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface eth0/eth0 217.172.x.y:4500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface lo/lo 127.0.0.1:500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface lo/lo 127.0.0.1:4500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface lo/lo ::1:500
Jun 18 12:20:30 bett02 pluto[23629]: forgetting secrets
Jun 18 12:20:30 bett02 pluto[23629]: loading secrets from "/etc/ipsec.secrets"
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: received Vendor ID payload [RFC 3947] method set to=109
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [FRAGMENTATION]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [IKE CGA version 1]
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: responding to Main Mode from unknown peer 178.203.x.y
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: Diffie-Hellman group 20 is not a supported modp group. Attribute OAKLEY_GROUP_DESCRIPTION
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: Diffie-Hellman group 19 is not a supported modp group. Attribute OAKLEY_GROUP_DESCRIPTION
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.101'
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: switched from "L2TP-PSK" to "L2TP-PSK"
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: deleting connection "L2TP-PSK" instance with peer 178.203.x.y {isakmp=#0/ipsec=#0}
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: I did not send a certificate because I do not have one.
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: responding to Quick Mode {msgid:01000000}
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xd41ffc87 <0x94e92b85 xfrm=AES_128-HMAC_SHA1 NATD=178.203.x.y:4500 DPD=none}
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: received Delete SA(0xd41ffc87) payload: deleting IPSEC State #2
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: received and ignored informational message
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: received Delete SA payload: deleting ISAKMP State #1
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y: deleting connection "L2TP-PSK" instance with peer 178.203.x.y {isakmp=#0/ipsec=#0}
Jun 18 12:21:24 bett02 pluto[23629]: packet from 178.203.x.y:4500: received and ignored informational message
Jun 18 12:21:27 bett02 pluto[23629]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 178.203.x.y port 4500, complainant 217.172.x.y: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
ich möchte auf meinem Rootserver ein VPN aufsetzen mit L2TP/IpSEC. Der Rootserver soll als VPN-Gateway dienen um meinem Netzwerktraffic zu verschlüsseln, z.B. beim Surfen in unverschlüsselten Wlan-Hotspots.
In meiner auth.log erhalte ich folgende Fehlermeldung:
Jun 18 11:44:45 bett02 pluto[22357]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 178.203.x.y port 4500, complainant 217.172.x.y: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
178.203.x.y ist die dynamische IP-Adresse des Clients.
217.172.x.y ist die statische IP-Adresse des Rootservers.
Vista gibt nach ca. 30 Sekunden die Meldung aus:
Fehler 809
Die Netzwerkverbindung zwischen Ihrem Computer und dem VPN-Server konnte nicht hergestellt werden, weil der Remoteserver nicht antwortet.
Der Einfachheit halber möchte ich zunächst auf Zertifikate/X.509 verzichten und mit Private Shared Keys arbeiten.
Als Server dient Debian mit 2.6er Kernel
Openswan: Linux Openswan U2.4.12/K2.6.26-2-amd64 (netkey)
Xl2tpd: xl2tpd-1.2.0
Hier meine Config-Dateien und weitere Logs. Für eure Hilfe bin ich euch sehr dankbar. Falls Ihr noch weitere Informationen braucht, fragt einfach nach.
Vielen Grüße,
Flo
/etc/ipsec.conf
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=secret
conn L2TP-PSK
rekey=no
authby=secret
pfs=no
keyingtries=0
left=%defaultroute
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
/etc/ipsec.secrets:
: PSK "thepsk"
217.172.a.b und 217.172.c.d sind die lokalen Nameserver meines Rootservers, als internes Subnet möchte ich 10.66.66.* vergeben.
/etc/xl2tpd/xl2tpd.conf
[global]
auth file = /etc/xl2tpd/l2tp-secrets
listen-addr = 217.172.x.y
port = 1701
[lns default]
ip range = 10.66.66.2-10.66.66.254
local ip = 217.172.x.y
refuse pap = yes
require authentication = yes
name = bett
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.lns
length bit = yes
/etc/ppp/options.l2tpd.lns
ipcp-accept-local
ipcp-accept-remote
ms-dns 217.172.a.b
ms-dns 217.172.c.d
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000
Detaillierter Auszug aus der auth.log
Jun 18 12:20:30 bett02 pluto[23629]: Starting Pluto (Openswan Version 2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE`lPH|Vbpuu)
Jun 18 12:20:30 bett02 pluto[23629]: Setting NAT-Traversal port-4500 floating to on
Jun 18 12:20:30 bett02 pluto[23629]: port floating activation criteria nat_t=1/port_fload=1
Jun 18 12:20:30 bett02 pluto[23629]: including NAT-Traversal patch (Version 0.6c)
Jun 18 12:20:30 bett02 pluto[23629]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 18 12:20:30 bett02 pluto[23629]: starting up 3 cryptographic helpers
Jun 18 12:20:30 bett02 pluto[23629]: started helper pid=23644 (fd:6)
Jun 18 12:20:30 bett02 pluto[23629]: started helper pid=23648 (fd:7)
Jun 18 12:20:30 bett02 pluto[23629]: started helper pid=23649 (fd:8)
Jun 18 12:20:30 bett02 pluto[23629]: Using NETKEY IPsec interface code on 2.6.26-2-amd64
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/cacerts'
Jun 18 12:20:30 bett02 pluto[23629]: loaded CA cert file 'cacert.pem' (4877 bytes)
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/aacerts'
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/ocspcerts'
Jun 18 12:20:30 bett02 pluto[23629]: Changing to directory '/etc/ipsec.d/crls'
Jun 18 12:20:30 bett02 pluto[23629]: loaded crl file 'crl.pem' (707 bytes)
Jun 18 12:20:30 bett02 pluto[23629]: loading secrets from "/etc/ipsec.secrets"
Jun 18 12:20:30 bett02 pluto[23629]: added connection description "L2TP-PSK"
Jun 18 12:20:30 bett02 pluto[23629]: listening for IKE messages
Jun 18 12:20:30 bett02 pluto[23629]: adding interface tun0/tun0 10.66.66.1:500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface tun0/tun0 10.66.66.1:4500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface eth0/eth0 217.172.x.y:500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface eth0/eth0 217.172.x.y:4500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface lo/lo 127.0.0.1:500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface lo/lo 127.0.0.1:4500
Jun 18 12:20:30 bett02 pluto[23629]: adding interface lo/lo ::1:500
Jun 18 12:20:30 bett02 pluto[23629]: forgetting secrets
Jun 18 12:20:30 bett02 pluto[23629]: loading secrets from "/etc/ipsec.secrets"
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: received Vendor ID payload [RFC 3947] method set to=109
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [FRAGMENTATION]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jun 18 12:20:49 bett02 pluto[23629]: packet from 178.203.x.y:500: ignoring Vendor ID payload [IKE CGA version 1]
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: responding to Main Mode from unknown peer 178.203.x.y
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: Diffie-Hellman group 20 is not a supported modp group. Attribute OAKLEY_GROUP_DESCRIPTION
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: Diffie-Hellman group 19 is not a supported modp group. Attribute OAKLEY_GROUP_DESCRIPTION
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.101'
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[1] 178.203.x.y #1: switched from "L2TP-PSK" to "L2TP-PSK"
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: deleting connection "L2TP-PSK" instance with peer 178.203.x.y {isakmp=#0/ipsec=#0}
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: I did not send a certificate because I do not have one.
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: responding to Quick Mode {msgid:01000000}
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 18 12:20:49 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xd41ffc87 <0x94e92b85 xfrm=AES_128-HMAC_SHA1 NATD=178.203.x.y:4500 DPD=none}
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: received Delete SA(0xd41ffc87) payload: deleting IPSEC State #2
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: received and ignored informational message
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y #1: received Delete SA payload: deleting ISAKMP State #1
Jun 18 12:21:24 bett02 pluto[23629]: "L2TP-PSK"[2] 178.203.x.y: deleting connection "L2TP-PSK" instance with peer 178.203.x.y {isakmp=#0/ipsec=#0}
Jun 18 12:21:24 bett02 pluto[23629]: packet from 178.203.x.y:4500: received and ignored informational message
Jun 18 12:21:27 bett02 pluto[23629]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 178.203.x.y port 4500, complainant 217.172.x.y: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]