Description of problem:
connection to a L2TP/IPsec VPN results in:
Dec 26 02:48:35 lnx-1 pluto: "nm-ipsec-l2tp-21697" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.2.31'
Dec 26 02:48:35 lnx-1 pluto: "nm-ipsec-l2tp-21697" #1: we require IKEv1 peer to have ID '22.214.171.124', but peer declares '192.168.2.31'
Dec 26 02:48:35 lnx-1 NetworkManager: 002 "nm-ipsec-l2tp-21697" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.2.31'
Dec 26 02:48:35 lnx-1 NetworkManager: 003 "nm-ipsec-l2tp-21697" #1: we require IKEv1 peer to have ID '126.96.36.199', but peer declares '192.168.2.31'
the reported IP addresses are all correct. 188.8.131.52 is the public IP and 192.168.2.31 the internal (configured as "exposed host" on the 184.108.40.206 router).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. create a point-to-point tunneling protocol (l2tp) from nm-applet.
2. enter correct settings of a NATed l2tp/ipsec vpn server
3. connect to that VPN.
journal as above, no VPN connection
a VPN connection, as like with VPN servers that use public IPs
* android and ios bring up the vpn connection to the NATed host like charm.
* the same connection settings to the same VPN hardware, but not NATed, works fine.
we require IKEv1 peer to have ID '220.127.116.11', but peer declares '192.168.2.31'
this is a misconfiguration. You can either configure both sides to use an actual ID, or you can use the public ip as ID. Eg if left is your server behind NAT,
left=%defaultroute #better then hardcoded private IP
it seems networkmanager comes up with this config:
# cat /var/run/nm-ipsec-l2tp.7848/ipsec.conf
should this work or not, if the server is behind a NAT?
[there is no hardcoded private ip].
you can work around it on the client by adding rightid=192.168.2.31 but the real fix is on the server to add leftid=18.104.22.168
thank you for the additional details!