hello, ssl/vpn barracuda networks technician here. A couple of things would help troubleshooting if you’re still having the issue:
here are some commands that will help out:
netstat -tulpan: should see 500 and 4500 udp and 1701 tcp all on 0.0.0.0/0
if you’re using arch-arm:
sudo systemctl status -l xl2ptd
sudo systemctl status -l openswan.service (assuming you’re using it)
these will give you tail’d log output from the services (make sure they’re up)
or if you’re on rasbian look at the init script to see where you’re logging to.
IPsec goes through 2 phases, this one looks like the initial connection is failing. (phase1 = IKE, setting up a diffie-hellman for your key exchange)
basically, we can’t even exchange keys because you’re not getting to the point where we even have an established connection
if you’re NAT’ing over a firewall, take a look at what type of NAT you have set up. If we’re changing the IP of the incoming packets to an internal address, can the pi find it’s way back out?
tcpdump -ni any -w dump -s 65535 udp port 500 or udp port 4500 or udp port 1701 or tcp port 1812 or tcp port 1813
this tcpdump command will help with IPsec, you can use -w /path/to/file.pcap and take the output and look at it in wireshark
also it looks like this ipsec.conf is for passthrough, you might want to set up a no-NAT configuration. (especially if you’re using a NAT firewall and it’s fucking things up)
edit: this gentleman has another tutorial that might be more suited to what you’re looking for.
this is assuming that you want to use l2tp in conjunction with SWAN (which you should be doing. neither protocol is perfect hence why they are implemented together)