I get errors of this type in the IPSec log when the client sits behind a NAT router.
When I enable NAT-T in Zeroshell beta 16, the IP address in the error message is that of the NAT gateway of the client. When I disable NAT-T in Zeroshell, the IP address in the error message is the private IP address.
“i am trying to connect to zeroshell l2tp VPN from a client behinde a NAT.
When i enable NAT-T option in zeroshell, i’m reciving:
ERROR: such policy does not already exist: “93.175.xxx.xxx/32 91.205.xxx.xxx/32 proto=udp dir=in”
ERROR: such policy does not already exist: “91.205.xxx.xxx/32 93.175.xxx.xxx/32 proto=udp dir=out”
but when im first connect from NAT machine, then from machine behinde NAT all working till i reboot server or restart l2tp daemon”
So this means he had to force this policy thing into existance. This is not practical as the NAT may be managed by your mobile phone network provider. Any chance to create that missing policy thing?