Maximun Retries Exceeded #113
Comments
|
@furaoing Hello! Your configuration looks fine. Please try the following:
Closing because it is not an issue with the VPN scripts. [1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#linux |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I setup the ipsec-vpn docker container successfully on AWS EC2 server, port 500, 4500 open. My Macbook and windows can connect to the L2TP/IPsec vpn service normally.
However, my Ubuntu 14.04 failed to connect. I'll be appreciated if you can offer me some guidance.
Here's the logging and related configuration files:
IPSec SA:
Security Associations (1 up, 0 connecting):
myvpn[6]: ESTABLISHED 2 minutes ago, 10.104.2.143[10.104.2.143]...xxx.xxx.xxx[xxx.xxx.xxx]
L2TP:
Feb 9 16:32:05 roy-ubuntu kernel: [98039.507144] audit: type=1400 audit(1486629125.047:89): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/home/rao/strongswan/log/strongswan.log" pid=16963 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Feb 9 16:32:05 roy-ubuntu xl2tpd[16746]: death_handler: Fatal signal 15 received
Feb 9 16:32:06 roy-ubuntu xl2tpd[16987]: setsockopt recvref[30]: Protocol not available
Feb 9 16:32:06 roy-ubuntu xl2tpd[16987]: This binary does not support kernel L2TP.
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: xl2tpd version xl2tpd-1.3.6 started on roy-ubuntu PID:16988
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Inherited by Jeff McAdams, (C) 2002
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 9 16:32:06 roy-ubuntu xl2tpd[16988]: Listening on IP address 0.0.0.0, port 1701
Feb 9 16:33:56 roy-ubuntu xl2tpd[16988]: Connecting to host xxx.xxx.xxx.xxx, port 1701
Feb 9 16:34:01 roy-ubuntu xl2tpd[16988]: Maximum retries exceeded for tunnel 25419. Closing.
Feb 9 16:34:01 roy-ubuntu xl2tpd[16988]: Connection 0 closed to xxx.xxx.xxx.xxx, port 1701 (Timeout)
Feb 9 16:34:06 roy-ubuntu xl2tpd[16988]: Unable to deliver closing message for tunnel 25419. Destroying anyway.
Bash Script for the Configuration:
VPN_SERVER_IP=xxx.xxx.xxx.xxx
VPN_IPSEC_PSK=xxxxx
VPN_USER=xxxx
VPN_PASSWORD=xxx
cat > /etc/ipsec.conf <<EOF
(escape number sign in markup) # ipsec.conf - strongSwan IPsec configuration file
(escape number sign in markup) # basic configuration
config setup
(escape number sign in markup) # strictcrlpolicy=yes
(escape number sign in markup) # uniqueids = no
(escape number sign in markup) # Add connections here.
(escape number sign in markup) # Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=$VPN_SERVER_IP
EOF
cat > /etc/ipsec.secrets <<EOF
: PSK "$VPN_IPSEC_PSK"
EOF
chmod 600 /etc/ipsec.secrets
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF
cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name $VPN_USER
password $VPN_PASSWORD
EOF
chmod 600 /etc/ppp/options.l2tpd.client
mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
service strongswan restart
service xl2tpd restart
The text was updated successfully, but these errors were encountered: