Page 6 of 6 FirstFirst ... 456
Results 51 to 57 of 57

Thread: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

  1. #51
    Join Date
    Nov 2008
    Beans
    7

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Hi there !!!

    I can confirm that it also work for me in ubuntu 12.04 x64

    Just ONE thing.....it must be started manually through the command Sudo /etc/init.d/ipsec restart. I have tried many ways of getting the command launched during bootup but no success. The rc.local script file doesnt work for me. Iḿ using gnome 3

    Anyone that has the same problem???
    Last edited by h3nk3; July 11th, 2012 at 12:41 AM.

  2. #52
    Join Date
    Nov 2008
    Beans
    7

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Hi folks. As I Said in erlier post i had this running in ubuntu 12.04 x64 with gnome 3. But suddently ipsec had problems with startup on boot even though the command /etc/init.d ipsec restart was typed in my /etc/rc.local. After googling a while i found out one WORKING solution. I had to put a delay to ipsec restart command.
    I putted this row into /etc/rc.local file :

    bash -c "sleep 5; /etc/init.d/ipsec restart"

    Now my l2tp/ipsec tunnel starts again on every Re/boot

  3. #53
    Join Date
    May 2008
    Beans
    51

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    I've tried this on two servers and no matter what I get to the same point and timeout. Servers are a 10.04 server and a 12.04 server running openswan 2.6.38, I've disabled my ufw and cleared out all rules in iptables, although this still may be an iptables problem.

    Code:
    happy pluto[15326]: packet from 1.2.3.4:500: received Vendor ID payload [RFC 3947] method set to=109
    happy pluto[15326]: packet from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
    happy pluto[15326]: packet from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
    happy pluto[15326]: packet from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    happy pluto[15326]: packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    happy pluto[15326]: packet from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: responding to Main Mode from unknown peer 1.2.3.4
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: STATE_MAIN_R1: sent MR1, expecting MI2
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: STATE_MAIN_R2: sent MR2, expecting MI3
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.128'
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: new NAT mapping for #3, was 1.2.3.4:500, now 1.2.3.4:4500
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oak                               ley_sha group=modp1024}
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: received and ignored informational message
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #3: the peer proposed: XXX.XXX.131.54/32:17/1701 -> 192.168.0.128/32:17/0
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4: responding to Quick Mode proposal {msgid:3a02acf5}
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4:     us: XXX.XXX.131.54<XXX.XXX.131.54>[+S=C]:17/1701
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4:   them: 1.2.3.4[192.168.0.128,+S=C]:17/0===192.168.0.128/32
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4: keeping refhim=4294901761 during rekey
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    happy pluto[15326]: "L2TP-PSK-NAT"[2] 1.2.3.4 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0a36ebd1 <0x945700aa xfrm=AES_256-HM                               AC_SHA1 NATOA=none NATD=1.2.3.4:4500 DPD=none}
    This is from my auth.log and it stops there everytime and then the client times out. Tried android 4.1, 2.3 and a windows client. I have a feeling I'm missing something obvious and any insight on where to look would be great help.
    Nick
    My Blog

  4. #54
    Join Date
    May 2008
    Beans
    51

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    I also got my logging in the xl2tpd. Looks like it keeps trying over and over for some reason:

    Code:
    xl2tpd[15694]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
    xl2tpd[15694]: setsockopt recvref[22]: Protocol not available
    xl2tpd[15694]: This binary does not support kernel L2TP.
    xl2tpd[15694]: xl2tpd version xl2tpd-1.2.5 started on anger PID:15694
    xl2tpd[15694]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    xl2tpd[15694]: Forked by Scott Balmos and David Stipp, (C) 2001
    xl2tpd[15694]: Inherited by Jeff McAdams, (C) 2002
    xl2tpd[15694]: Forked again by Xelerance (www.xelerance.com) (C) 2006
    xl2tpd[15694]: Listening on IP address 0.0.0.0, port 1701
    xl2tpd[15694]: get_call: allocating new tunnel for host XXX.XXX.30.50, port 36421.
    xl2tpd[15694]: handle_avps: handling avp's for tunnel 61924, call 0
    xl2tpd[15694]: message_type_avp: message type 1 (Start-Control-Connection-Request)
    xl2tpd[15694]: protocol_version_avp: peer is using version 1, revision 0.
    xl2tpd[15694]: hostname_avp: peer reports hostname 'anonymous'
    xl2tpd[15694]: framing_caps_avp: supported peer frames: async sync
    xl2tpd[15694]: assigned_tunnel_avp: using peer's tunnel 10712
    xl2tpd[15694]: receive_window_size_avp: peer wants RWS of 1.  Will use flow control.
    xl2tpd[15694]: challenge_avp: challenge avp found
    xl2tpd[15694]: get_call: allocating new tunnel for host XXX.XXX.30.50, port 36421.
    xl2tpd[15694]: handle_avps: handling avp's for tunnel 10553, call 0
    xl2tpd[15694]: message_type_avp: message type 1 (Start-Control-Connection-Request)
    xl2tpd[15694]: protocol_version_avp: peer is using version 1, revision 0.
    xl2tpd[15694]: hostname_avp: peer reports hostname 'anonymous'
    xl2tpd[15694]: framing_caps_avp: supported peer frames: async sync
    xl2tpd[15694]: assigned_tunnel_avp: using peer's tunnel 10712
    xl2tpd[15694]: receive_window_size_avp: peer wants RWS of 1.  Will use flow control.
    xl2tpd[15694]: challenge_avp: challenge avp found
    xl2tpd[15694]: control_finish: Peer requested tunnel 10712 twice, ignoring second one.
    xl2tpd[15694]: build_fdset: closing down tunnel 10553
    xl2tpd[15694]: get_call: allocating new tunnel for host XXX.XXX.30.50, port 36421.
    xl2tpd[15694]: handle_avps: handling avp's for tunnel 37720, call 19256
    xl2tpd[15694]: message_type_avp: message type 1 (Start-Control-Connection-Request)
    xl2tpd[15694]: protocol_version_avp: peer is using version 1, revision 0.
    xl2tpd[15694]: hostname_avp: peer reports hostname 'anonymous'
    xl2tpd[15694]: framing_caps_avp: supported peer frames: async sync
    xl2tpd[15694]: assigned_tunnel_avp: using peer's tunnel 10712
    xl2tpd[15694]: receive_window_size_avp: peer wants RWS of 1.  Will use flow control.
    xl2tpd[15694]: challenge_avp: challenge avp found
    xl2tpd[15694]: control_finish: Peer requested tunnel 10712 twice, ignoring second one.
    xl2tpd[15694]: build_fdset: closing down tunnel 37720
    xl2tpd[15694]: get_call: allocating new tunnel for host XXX.XXX.30.50, port 36421.
    xl2tpd[15694]: handle_avps: handling avp's for tunnel 32441, call 7051
    xl2tpd[15694]: message_type_avp: message type 1 (Start-Control-Connection-Request)
    xl2tpd[15694]: protocol_version_avp: peer is using version 1, revision 0.
    xl2tpd[15694]: hostname_avp: peer reports hostname 'anonymous'
    xl2tpd[15694]: framing_caps_avp: supported peer frames: async sync
    xl2tpd[15694]: assigned_tunnel_avp: using peer's tunnel 10712
    xl2tpd[15694]: receive_window_size_avp: peer wants RWS of 1.  Will use flow control.
    xl2tpd[15694]: challenge_avp: challenge avp found
    xl2tpd[15694]: control_finish: Peer requested tunnel 10712 twice, ignoring second one.
    xl2tpd[15694]: build_fdset: closing down tunnel 32441
    xl2tpd[15694]: Maximum retries exceeded for tunnel 61924.  Closing.
    Nick
    My Blog

  5. #55
    Join Date
    Nov 2012
    Beans
    2

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    I have a tutorial on xl2tpd, I hope it will be useful for others.
    L2TP VPN using xl2tpd

    http://linuxexplore.com/how-tos/l2tp-vpn-using-xl2tpd/

    Cheers,
    Linux Explore | Exploring Linux

  6. #56
    Join Date
    Jan 2013
    Beans
    1

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Good day all,

    Seems i'm running into the same issues most people are having here.
    can't get L2TP up and running.

    I've tried many different version of these configs and am stumped at the moment.

    Would someone mind looking over my configs. I've listed all versions, configs, and auth.log

    Just wondering if it's me a or another bug.

    thanks

    Code:
    lsb_release -a
    No LSB modules are available.
    Distributor ID:Ubuntu
    Description:Ubuntu 12.04.1 LTS
    Release:12.04
    Codename:precise
    
    ipsec --version
    Linux Openswan U2.6.37/K3.2.0-35-generic (netkey)
    See `ipsec --copyright' for copyright information.
    
    xl2tpd --version
    xl2tpd version: xl2tpd-1.3.1
     
    /etc/ipsec.conf file. 
    
    # /etc/ipsec.conf - Openswan IPsec configuration file
    
    # This file: /usr/share/doc/openswan/ipsec.conf-sample
    #
    # Manual: ipsec.conf.5
    version 2.0
    
    config setup
            nat_traversal=yes
            virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/16,%v4:172.16.0.0/12
            oe=off
            protostack=netkey
            interfaces="%defaultroute"
    
    conn l2tp-psk-NAT
            rightsubnet=vhost:%priv
            also=L2TP-PSK-noNAT
    
    conn l2tp-psk-noNAT
            authby=secret
            pfs=no
            auto=add
            keyingtries=3
            rekey=no
            type=transport
            left=76.218.xx.xxx (outside IP address)
            leftnexthop=192.168.70.1 (inside router/firewall Untangle)
            leftprotoport=17/1701
            right=%any
            rightprotoport=17/%any
            dpddelay=15
            dpdtimeout=30
            dpdaction=clear
            #Uncomment the line below for OSX on MAC? untested!
            #rightprotoport=17/0
    
    
     /etc/xl2tpd/xl2tpd.conf 
    ;
    ; Sample l2tpd configuration file
    ;
    ; This example file should give you some idea of how the options for l2tpd
    ; should work. The best place to look for a list of all options is in
    ; the source code itself, until I have the time to write better documentation :
    ; Specifically, the file "file.c" contains a list of commands at the end.
    ;
    ; You most definitely don't have to spell out everything as it is done here
    ;
    ; [global] ; Globa$
    ; you cannot leave out listen-addr, causes possible wrong src ip on return pack$
    listen-addr = 76.218.xx.xxx (Outside IP address)
    ipsec saref = yes
    ; ipsec saref = yes ; For SAref + MAST only
    ; debug tunnel = yes
    
    [lns default]
    ip range = 192.168.70.250-192.168.70.254
    local ip = 192.168.70.170 (L2PT server IP)
    assign ip = yes
    name = l2tpd
    refuse chap = yes
    refuse pap = yes
    require authentication = yes
    ppp debug = yes
    pppoptfile = /etc/ppp/options.xl2tpd
    length bit = yes
    
    
    /etc/ppp/options.xl2tpd
    
    
    ipcp-accept-local
    ipcp-accept-remote
    noccp
    idle 1800
    mtu 1200
    mru 1200
    nodefaultroute
    connect-delay 5000
    require-mschap-v2
    ms-dns 192.168.70.1
    asyncmap 0
    auth
    crtscts
    lock
    hide-password
    modem
    debug
    name l2tpd
    proxyarp
    lcp-echo-interval 30
    lcp-echo-failure 4
    
    
    /etc/ppp/chap-secrets
    
    
    # Secrets for authentication using CHAP
    # client server secret IP addresses
    username l2tpd "password" 192.168.70.251
    l2tpd username "password" 192.168.70.252
    
    
    /etc/ipsec.secrets
    
    # This file holds shared secrets or RSA private keys for inter-Pluto
    # authentication. See ipsec_pluto(8) manpage, and HTML documentation.
    
    # RSA private key for this host, authenticating it to any other host
    # which knows the public part. Suitable public keys, for ipsec.conf, DNS,
    # or configuration of other implementations, can be extracted conveniently
    # with "ipsec showhostkey".
    
    # this file is managed with debconf and will contain the automatically created $
    include /var/lib/openswan/ipsec.secrets.inc
    
    192.168.70.170 %any: PSK "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX6"
    
    
    ipsec verify
    
    root@L2TP:~# ipsec verify
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path [OK]
    Linux Openswan U2.6.37/K3.2.0-35-generic (netkey)
    Checking for IPsec support in kernel [OK]
     SAref kernel support [N/A]
     NETKEY: Testing XFRM related proc values [OK]
     [OK]
     [OK]
    Checking that pluto is running [OK]
     Pluto listening for IKE on udp 500 [OK]
     Pluto listening for NAT-T on udp 4500 [OK]
    Checking for 'ip' command [OK]
    Checking /bin/sh is not /bin/dash [WARNING]
    Checking for 'iptables' command [OK]
    Opportunistic Encryption Support [DISABLED]
    root@L2TP:~# 
    
    
    /etc/rc.local
    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser run level
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    #
    # In order to enable or disable this script just change the execution
    # bits.
    #
    # By default this script does nothing.
    
    for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0$
    iptables --table nat --append POSTROUTING --jump MASQUERADE
    
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
    
    
    exit 0
    
    
    tail -f /var/log/auth.log
    
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: received Vendor ID payload [RFC 3947] method set to=109 
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: received Vendor ID payload [Dead Peer Detection]
    Jan 2 17:30:29 L2TP pluto[1492]: packet from 166.137.179.34:61424: initial Main Mode message received on 192.168.70.170:500 but no connection has been authorized with policy=PSK

  7. #57
    Join Date
    Nov 2008
    Beans
    4

    Re: Guide: Openswan, XL2TP and PPP on Ubuntu Maverick for iPhone VPN Connection

    Hey thanks for the great posts here.

    I tried to bring my system to live according to this guide.
    Unfortunately (I think) I ran into the same problem as you guys - starting the xl2tpd

    http://ubuntuforums.org/showthread.php?t=2121413

    Can someone look over my logs and confirm this? Or is there another error hidden down there ...
    Is there anything new on this topic?

    I would really love to use VPN.

Page 6 of 6 FirstFirst ... 456

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •