You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I setup the ipsec-vpn docker container successfully on AWS EC2 server, port 500, 4500 open. My Macbook and windows can connect to the L2TP/IPsec vpn service normally.
However, my Ubuntu 14.04 failed to connect. I'll be appreciated if you can offer me some guidance.
Here's the logging and related configuration files:
Feb 9 16:32:05 roy-ubuntu kernel: [98039.507144] audit: type=1400 audit(1486629125.047:89): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/home/rao/strongswan/log/strongswan.log" pid=16963 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 9 16:32:05 roy-ubuntu xl2tpd[16746]: death_handler: Fatal signal 15 received
Feb 9 16:32:06 roy-ubuntu xl2tpd[16987]: setsockopt recvref[30]: Protocol not available
Feb 9 16:32:06 roy-ubuntu xl2tpd[16987]: This binary does not support kernel L2TP.
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: xl2tpd version xl2tpd-1.3.6 started on roy-ubuntu PID:16988
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Inherited by Jeff McAdams, (C) 2002
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Listening on IP address 0.0.0.0, port 1701
Feb 9 16:33:56 roy-ubuntu xl2tpd[16988]: Connecting to host xxx.xxx.xxx.xxx, port 1701
Feb 9 16:34:01 roy-ubuntu xl2tpd[16988]: Maximum retries exceeded for tunnel 25419. Closing.
Feb 9 16:34:01 roy-ubuntu xl2tpd[16988]: Connection 0 closed to xxx.xxx.xxx.xxx, port 1701 (Timeout)
Feb 9 16:34:06 roy-ubuntu xl2tpd[16988]: Unable to deliver closing message for tunnel 25419. Destroying anyway.
@furaoing Hello! Your configuration looks fine. Please try the following:
Check the server side logs for errors:
grep pluto /var/log/auth.log
Reboot your VPN client computer, then reboot the VPN server. Instead of using your script, follow all steps in [1] carefully one-by-one by hand on your VPN client. Note that every time you connect, you must repeat all the steps after this line in [1]:
The VPN client setup is now complete. Follow the steps below to connect.
For further questions you may try the Libreswan mailing list [2]. Good luck!
Closing because it is not an issue with the VPN scripts.
I setup the ipsec-vpn docker container successfully on AWS EC2 server, port 500, 4500 open. My Macbook and windows can connect to the L2TP/IPsec vpn service normally.
However, my Ubuntu 14.04 failed to connect. I'll be appreciated if you can offer me some guidance.
Here's the logging and related configuration files:
IPSec SA:
Security Associations (1 up, 0 connecting):
myvpn[6]: ESTABLISHED 2 minutes ago, 10.104.2.143[10.104.2.143]...xxx.xxx.xxx[xxx.xxx.xxx]
L2TP:
Feb 9 16:32:05 roy-ubuntu kernel: [98039.507144] audit: type=1400 audit(1486629125.047:89): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/home/rao/strongswan/log/strongswan.log" pid=16963 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 9 16:32:05 roy-ubuntu xl2tpd[16746]: death_handler: Fatal signal 15 received
Feb 9 16:32:06 roy-ubuntu xl2tpd[16987]: setsockopt recvref[30]: Protocol not available
Feb 9 16:32:06 roy-ubuntu xl2tpd[16987]: This binary does not support kernel L2TP.
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: xl2tpd version xl2tpd-1.3.6 started on roy-ubuntu PID:16988
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Inherited by Jeff McAdams, (C) 2002
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Listening on IP address 0.0.0.0, port 1701
Feb 9 16:33:56 roy-ubuntu xl2tpd[16988]: Connecting to host xxx.xxx.xxx.xxx, port 1701
Feb 9 16:34:01 roy-ubuntu xl2tpd[16988]: Maximum retries exceeded for tunnel 25419. Closing.
Feb 9 16:34:01 roy-ubuntu xl2tpd[16988]: Connection 0 closed to xxx.xxx.xxx.xxx, port 1701 (Timeout)
Feb 9 16:34:06 roy-ubuntu xl2tpd[16988]: Unable to deliver closing message for tunnel 25419. Destroying anyway.
Bash Script for the Configuration:
VPN_SERVER_IP=xxx.xxx.xxx.xxx
VPN_IPSEC_PSK=xxxxx
VPN_USER=xxxx
VPN_PASSWORD=xxx
cat > /etc/ipsec.conf <<EOF
(escape number sign in markup) # ipsec.conf - strongSwan IPsec configuration file
(escape number sign in markup) # basic configuration
config setup
(escape number sign in markup) # strictcrlpolicy=yes
(escape number sign in markup) # uniqueids = no
(escape number sign in markup) # Add connections here.
(escape number sign in markup) # Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=$VPN_SERVER_IP
EOF
cat > /etc/ipsec.secrets <<EOF
: PSK "$VPN_IPSEC_PSK"
EOF
chmod 600 /etc/ipsec.secrets
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF
cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name $VPN_USER
password $VPN_PASSWORD
EOF
chmod 600 /etc/ppp/options.l2tpd.client
mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
service strongswan restart
service xl2tpd restart
The text was updated successfully, but these errors were encountered: