Got a problem with L2TP VPN on BuyVM OpenVZ VPS

I am using the installer script to auto-install the L2TP on centos 6 VPS. It was working last year in BuyVM, but it doesn't work now. During the installation, I don't see other errors except the "ipsec verify". I did google search, not find any luck. When I restart the ipsec service, it shows "multiple ip addresses, using 127.0.0.1 on venet0", is this the problem? Thanks for any advice.

ipsec verify

Checking if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Openswan U2.6.41/K2.6.32-openvz-042stab090.5-amd64 (netkey) See `ipsec --copyright' for copyright information. Checking for IPsec support in kernel [OK] NETKEY: Testing XFRM related proc values ICMP default/send_redirects [OK] ICMP default/accept_redirects [OK] XFRM larval drop [OK] Hardware random device check [N/A] Two or more interfaces found, checking IP forwarding [OK] Checking rp_filter [ENABLED] /proc/sys/net/ipv4/conf/all/rp_filter [ENABLED] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED] Pluto listening for IKE/NAT-T on udp 4500 [OK] Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED] Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED] Checking NAT and MASQUERADEing [TEST INCOMPLETE] Checking 'ip' command [IP XFRM BROKEN] Checking 'iptables' command [OK]

ipsec verify: encountered errors

the message after restart the ipsec

Jul 14 00:38:46 lv01 ipsec_setup: ...Openswan IPsec stopped Jul 14 00:38:46 lv01 ipsec_setup: Starting Openswan IPsec U2.6.41/K2.6.32-openvz-042stab090.5-amd64... Jul 14 00:38:46 lv01 ipsec_setup: Using NETKEY(XFRM) stack Jul 14 00:38:47 lv01 ipsec_setup: multiple ip addresses, using 127.0.0.1 on venet0 Jul 14 00:38:47 lv01 ipsec_setup: ...Openswan IPsec started Jul 14 00:38:47 lv01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Jul 14 00:38:47 lv01 pluto: adjusting ipsec.d to /etc/ipsec.d Jul 14 00:38:47 lv01 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT" Jul 14 00:38:47 lv01 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT" Jul 14 00:38:53 lv01 kernel: [1665490.842215] netlink: 220 bytes leftover after parsing attributes.

the message when connect the VPN from iphone

Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [RFC 3947] method set to=115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115 Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: ignoring Vendor ID payload [FRAGMENTATION 80000000] Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [Dead Peer Detection] Jul 14 00:38:52 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: responding to Main Mode from unknown peer iphone_ip Jul 14 00:38:52 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Jul 14 00:38:52 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: STATE_MAIN_R1: sent MR1, expecting MI2 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: STATE_MAIN_R2: sent MR2, expecting MI3 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.7' Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT" Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: deleting connection "L2TP-PSK-NAT" instance with peer iphone_ip {isakmp=#0/ipsec=#0} Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: new NAT mapping for #1, was iphone_ip:500, now iphone_ip:4500 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024} Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: the peer proposed: server_ip/32:17/1701 -> 192.168.1.7/32:17/0 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: ERROR: netlink_get_spi for esp.0@server_ip failed with errno 22: Invalid argument Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: responding to Quick Mode proposal {msgid:26bbbd32} Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: us: server_ip:17/1701 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: them: iphone_ip[192.168.1.7]:17/49387===192.168.1.7/32 Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: ERROR: netlink response for Add SA esp.595a1a3@iphone_ip included errno 22: Invalid argument Jul 14 00:38:53 lv01 pluto[7273]: | setup_half_ipsec_sa() hit fail: Jul 14 00:38:53 lv01 pluto[7273]: | failed to install outgoing SA: 0 Jul 14 00:38:57 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: discarding duplicate packet; already STATE_QUICK_R0 Jul 14 00:39:00 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: discarding duplicate packet; already STATE_QUICK_R0 ^C

http://ift.tt/1dvHQ0Z