Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 57

Thread: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

  1. #21
    Join Date
    Feb 2008
    Beans
    12

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Thanks to some help from the Openswan developers I got this working now (it still has other problems, but this one is clearly solved).

    There were a few settings that needed correcting compared to what's represented in this thread. The most important one, and the only one I'm sure enough to post about yet, is the IP address specification in /etc/ppp/chap-secrets.

    Note how the original config has a "*" (star) in the fourth column for "IP Address." I was originally under the impression this column represented an ACL to prevent certain remote networks from connecting to your endpoint, however, I now understand it to be the IP address the PPP daemon is going to serve to the connecting client. I kept things simple and put a single static IP that's available on my local NAT'ed LAN in there for both lines (my file only has two lines). After restarting things worked.

    *Note of course I made a few other changes, like I disabled SAref, but I'm not sure if those mattered.

    I now have a different problem that after one connection from my iPhone the IPSEC daemon needs a restart before I can connect again, but that's a topic I've seen elsewhere on the Internet so I'll research it separately from this thread.
    Last edited by dsuchter; March 1st, 2011 at 12:15 AM. Reason: spelling corrections

  2. #22
    Join Date
    May 2008
    Location
    Atlantic City, NJ
    Beans
    25
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    I'm still having problems since the update, any further help dsuchter?

    Maybe a post of your config files matching those files listed in my first post and any additional?

    Did you ever get the daemon reboot issue solved?

    Thanks in advance.

  3. #23
    Join Date
    Jan 2009
    Beans
    8

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    i get:

    Code:
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path                                 [OK]
    Linux Openswan U2.6.26/K2.6.35-28-generic-pae (netkey)
    Checking for IPsec support in kernel                            [OK]
    NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]
    
      Please disable /proc/sys/net/ipv4/conf/*/send_redirects
      or NETKEY will cause the sending of bogus ICMP redirects!
    
    NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]
    
      Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
      or NETKEY will accept bogus ICMP redirects!
    
    Checking for RSA private key (/etc/ipsec.secrets)               [OK]
    Checking that pluto is running                                  [OK]
    Pluto listening for IKE on udp 500                              [OK]
    Pluto listening for NAT-T on udp 4500                           [OK]
    Two or more interfaces found, checking IP forwarding            [OK]
    Checking NAT and MASQUERADEing                                  [N/A]
    Checking for 'ip' command                                       [OK]
    Checking for 'iptables' command                                 [OK]
    Opportunistic Encryption Support                                [DISABLED]

    And it does looks like it does not work yet :/

  4. #24
    Join Date
    Feb 2008
    Beans
    12

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    So for the record no, I never got my daemon reboot issue solved. Unfortunately I also don't currently have that host configured the same way as before (a fresh no OS is on it), so I can't easily reproduce my config files. If I ever figure out how I got things going again I'll post back, but at the rate things are going my guess is Ubuntu and/or some of the other packages relevant here will have updated to the point where my help is obsolete. Sorry about that!

  5. #25
    Join Date
    Apr 2011
    Beans
    1

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    So I think I've got this working now for everyone trying to do this, you need to do what dsuchter said and explicitly specify an ip address for the user connecting in /etc/ppp/chaps-secrets, I only have 1 line in my file:

    Code:
    test l2tpd testpass 192.168.1.250
    This will allow you to connect (and gives the iPhone the .250 ip address). Now you're left with the problem that you can only connect once. In syslog it looked like the iPhone isn't disconnecting correctly, potentially tying up that .250 ip address so that you can't reconnect. Enabling dead peer detection allows you to reconnect. I added the following to /etc/ipsec.conf under the L2TP-PSK-noNAT connection:
    Code:
    dpddelay=30  
    dpdtimeout=120  
    dpdaction=clear
    I just tested and could reconnect successfully, I'll use it more tomorrow and if there are any problems I'll post them here.

  6. #26
    Join Date
    Dec 2008
    Location
    USA
    Beans
    528
    Distro
    Ubuntu 18.10 Cosmic Cuttlefish

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    following the guide got me to

    Code:
    server@hyrule:/etc$ sudo ipsec verify
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path                                 [OK]
    Linux Openswan U2.6.23/K2.6.32-28-server (netkey)
    Checking for IPsec support in kernel                            [OK]
    NETKEY detected, testing for disabled ICMP send_redirects       [OK]
    NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
    Checking for RSA private key (/etc/ipsec.secrets)               [OK]
    Checking that pluto is running                                  [OK]
    Pluto listening for IKE on udp 500                              [OK]
    Pluto listening for NAT-T on udp 4500                           [OK]
    Checking for 'ip' command                                       [OK]
    Checking for 'iptables' command                                 [OK]
    Opportunistic Encryption Support                                [DISABLED]
    my phone says server did not respond...

    The only place i have a question is the * vs setip earlier in the thread. I have set an ip.
    However, im not sure if that matter.

    not sure what kind of errors I should look for in the log.


    edit--
    my MacBook got the error "The server did not respond..."
    Last edited by wlraider70; May 12th, 2011 at 12:10 AM.
    I don' really like coffee. I guess I'll give my Ubuntu beans to my wife.

    Luke

  7. #27
    Join Date
    May 2008
    Location
    Atlantic City, NJ
    Beans
    25
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Ok, got this working again. Here are the details that need to be worked out.

    In the /etc/xl2tpd/xl2tpd.conf file, you define an "ip range". In this case 231 to 239. The "local ip" value in the same file MUST be outside this range. In this case, 230.

    A value in the "ip range" must be used in the /etc/ppp/chap-secrets file. In this case, I used 233. You can add additional users until you fill up the range you specified. You can always expand the range to accommodate more users. Originally I had a * in this file instead of an IP address, I believe this was deprecated in the latest version.

    I have edited the first post to reflect these changes.

    I'm also running this on upgraded server edition to Natty 11.04.

    Hopefully this clears up the last of the problems. Post back to let me know if I missed anything.

    I was also wondering how to check that this is truly encrypting the data as we believe. I would like some sort of external double check that the settings ensure proper encryption. Anyone have any ideas? Anyone have any experience with FireSheep they could try to put these settings under the gun?

    Also, thanks again to all those users that helped me get this far. You know who you are
    Last edited by ndoggac; June 7th, 2011 at 07:26 AM.

  8. #28
    Join Date
    Sep 2006
    Beans
    2

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    I'm still having the server didn't respond problem on both my iPhone and MacBook after confirming my config files are the same as those in the original post.

    Code:
    $ uname -a; cat /proc/version /etc/lsb-release 
    Linux grabber 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50 UTC 2011 i686 i686 i386 GNU/Linux
    Linux version 2.6.38-8-generic (buildd@vernadsky) (gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu3) ) #42-Ubuntu SMP Mon Apr 11 03:31:50 UTC 2011
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=11.04
    DISTRIB_CODENAME=natty
    DISTRIB_DESCRIPTION="Ubuntu 11.04"
    Code:
    $ dpkg -l openswan ipsec-tools ppp
    Desired=Unknown/Install/Remove/Purge/Hold
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name                      Version                   Description
    +++-=========================-=========================-==================================================================
    ii  ipsec-tools               1:0.7.3-12ubuntu1         IPsec tools for Linux
    ii  openswan                  1:2.6.28+dfsg-5           Internet Key Exchange daemon
    ii  ppp                       2.4.5-5ubuntu1            Point-to-Point Protocol (PPP) - daemon
    Can anyone suggest anything else which may help me get this working again?

  9. #29
    Join Date
    May 2008
    Location
    Atlantic City, NJ
    Beans
    25
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Code:
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name                                          Version                                       Description
    +++-=============================================-=============================================-==========================================================================================================
    ii  openswan                                      1:2.6.28+dfsg-5                               Internet Key Exchange daemon
    ii  ppp                                           2.4.5-5ubuntu1                                Point-to-Point Protocol (PPP) - daemon
    ii  xl2tpd                                        1.2.7+dfsg-1                                  a layer 2 tunneling protocol implementation
    Code:
    Linux MediaServer 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
    Linux version 2.6.38-8-server (buildd@allspice) (gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu3) ) #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=11.04
    DISTRIB_CODENAME=natty
    DISTRIB_DESCRIPTION="Ubuntu 11.04"
    Not sure what's wrong with your setup? You have the same setup as I do, although you didn't include xl2tp in your listing? I also don't have ipsec-tools installed.

    Are you sure you have ports successfully forwarded in your router? dynamic dns works or ip address is publicly accessible?

    All I can recommend is double checking all the config files, but I'm sure that's not the help you're looking for.

    Did this not work for anyone else running Natty?
    Last edited by ndoggac; June 17th, 2011 at 03:34 AM.

  10. #30
    Join Date
    Jun 2011
    Beans
    1

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Looks like some of the issues listed here are fixed in the latest releases of Openswan and xl2tpd.

    http://lists.openswan.org/pipermail/...il/020411.html

Page 3 of 6 FirstFirst 12345 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •