<div dir="ltr">Hello Experts ,<div><br></div><div>I have configured IPSEC and L2TP in ubuntu system . I want to configure road worries setup . In this my VPN is working fine . Windows system is connected with ubuntu VPN server and I can connect with vpn server from windows VPN client but I cannot connect mean cannot ping to windows VPN client from ubuntu VPN server. This is my configuration of ubuntu VPN server.</div>
<div><div><br></div></div><div><font class="Apple-style-span" color="#000066">vim /etc/ipsec.d/l2tp-psk.conf</font></div><div><font class="Apple-style-span" color="#000066"> conn L2TP-PSK-NAT</font><div><font class="Apple-style-span" color="#000066"> rightsubnet=vhost:%priv</font></div>
<div><font class="Apple-style-span" color="#000066"> also=L2TP-PSK-noNAT</font></div><div><font class="Apple-style-span" color="#000066"><br></font></div><div><font class="Apple-style-span" color="#000066">conn L2TP-PSK-noNAT</font></div>
<div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> # Configuration for one user with any type of IPsec/L2TP client</font></div>
<div><font class="Apple-style-span" color="#000066"> # including the updated Windows 2000/XP (MS KB Q818043), but</font></div><div><font class="Apple-style-span" color="#000066"> # excluding the non-updated Windows 2000/XP.</font></div>
<div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> # Use a Preshared Key. Disable Perfect Forward Secrecy.</font></div>
<div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> # PreSharedSecret needs to be specified in /etc/ipsec.secrets as</font></div><div><font class="Apple-style-span" color="#000066"> # YourIPAddress %any: "sharedsecret"</font></div>
<div><font class="Apple-style-span" color="#000066"> authby=secret</font></div><div><font class="Apple-style-span" color="#000066"> pfs=no</font></div>
<div><font class="Apple-style-span" color="#000066"> auto=add</font></div><div><font class="Apple-style-span" color="#000066"> keyingtries=3</font></div><div><font class="Apple-style-span" color="#000066"> # we cannot rekey for %any, let client rekey</font></div>
<div><font class="Apple-style-span" color="#000066"> rekey=no</font></div><div><font class="Apple-style-span" color="#000066"> # Apple iOS doesn't send delete notify so we need dead peer detection</font></div>
<div><font class="Apple-style-span" color="#000066"> # to detect vanishing clients</font></div><div><div><font class="Apple-style-span" color="#000066"> dpddelay=10</font></div><div><font class="Apple-style-span" color="#000066"> dpdtimeout=90</font></div>
<div><font class="Apple-style-span" color="#000066"> dpdaction=clear</font></div><div><font class="Apple-style-span" color="#000066"> # Set ikelifetime and keylife to same defaults windows has</font></div>
<div><font class="Apple-style-span" color="#000066"> ikelifetime=8h</font></div><div><font class="Apple-style-span" color="#000066"> keylife=1h</font></div><div><font class="Apple-style-span" color="#000066"> # l2tp-over-ipsec is transport mode</font></div>
<div><font class="Apple-style-span" color="#000066"> type=transport</font></div><div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> left=192.168.1.121</font></div>
<div><font class="Apple-style-span" color="#000066"> leftnexthop=192.168.1.254</font></div>
<div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> # For updated Windows 2000/XP clients,</font></div><div><font class="Apple-style-span" color="#000066"> # to support old clients as well, use leftprotoport=17/%any</font></div>
<div><font class="Apple-style-span" color="#000066"> leftprotoport=17/%any</font></div><div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> # The remote user.</font></div>
</div><div><font class="Apple-style-span" color="#000066"> #</font></div><div><font class="Apple-style-span" color="#000066"> right=%any</font></div><div><font class="Apple-style-span" color="#000066"> # Using the magic port of "%any" means "any one single port". This is</font></div>
<div><font class="Apple-style-span" color="#000066"> # a work around required for Apple OSX clients that use a randomly</font></div>
<div><font class="Apple-style-span" color="#000066"> # high port.</font></div><div><font class="Apple-style-span" color="#000066"> rightprotoport=17/%any</font></div><div><font class="Apple-style-span" color="#000066"><br>
</font></div><div><font class="Apple-style-span" color="#000066"># Normally, KLIPS drops all plaintext traffic from IP's it has a crypted</font></div><div><font class="Apple-style-span" color="#000066"># connection with. With L2TP clients behind NAT, that's not really what</font></div>
<div><font class="Apple-style-span" color="#000066"># you want. The connection below allows both l2tp/ipsec and plaintext</font></div><div><font class="Apple-style-span" color="#000066"># connections from behind the same NAT router.</font></div>
<div><font class="Apple-style-span" color="#000066"># The l2tpd use a leftprotoport, so they are more specific and will be used</font></div>
<div><font class="Apple-style-span" color="#000066"># first. Then, packets for the host on different ports and protocols (eg ssh)</font></div><div><font class="Apple-style-span" color="#000066"># will match this passthrough conn.</font></div>
<div><font class="Apple-style-span" color="#000066">conn passthrough-for-non-l2tp</font></div><div><font class="Apple-style-span" color="#000066"> type=passthrough</font></div><div><font class="Apple-style-span" color="#000066"> left=192.168.1.121</font></div>
<div><font class="Apple-style-span" color="#000066"> leftnexthop=192.168.1.254</font></div><div><font class="Apple-style-span" color="#000066"> right=0.0.0.0</font></div><div><font class="Apple-style-span" color="#000066"> rightsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></font></div>
<div><font class="Apple-style-span" color="#000066"> auto=route</font></div><div><font class="Apple-style-span" color="#000066"> </font></div><div><font class="Apple-style-span" color="#000066"><br></font></div><div>
<font class="Apple-style-span" color="#000066">vim /etc/xl2tpd/xl2tpd.conf</font></div>
<div><div><font class="Apple-style-span" color="#000066">[global]</font></div><div><font class="Apple-style-span" color="#000066">listen-addr = 192.168.1.121</font></div><div><font class="Apple-style-span" color="#000066"><br>
</font></div><div><font class="Apple-style-span" color="#000066">[lns default]</font></div><div><font class="Apple-style-span" color="#000066">ip range = 192.168.5.10-192.168.5.20</font></div><div><font class="Apple-style-span" color="#000066">local ip = 192.168.5.60</font></div>
<div><font class="Apple-style-span" color="#000066">;require chap = yes</font></div><div><font class="Apple-style-span" color="#000066">refuse chap = yes</font></div>
<div><font class="Apple-style-span" color="#000066">refuse pap = yes</font></div><div><font class="Apple-style-span" color="#000066">require authentication = yes</font></div><div><font class="Apple-style-span" color="#000066">ppp debug = yes</font></div>
<div><font class="Apple-style-span" color="#000066">pppoptfile = /etc/ppp/options.xl2tpd</font></div><div><font class="Apple-style-span" color="#000066">length bit = yes</font></div></div><div><font class="Apple-style-span" color="#000066"><br>
</font></div><div><font class="Apple-style-span" color="#000066"><br></font></div><div><font class="Apple-style-span" color="#000066">vim /etc/ppp/chap-secrets</font></div><div><div><font class="Apple-style-span" color="#000066"># Secrets for authentication using CHAP</font></div>
<div><font class="Apple-style-span" color="#000066"># client server secret IP addresses</font></div><div><font class="Apple-style-span" color="#000066">username * "password" *</font></div>
<div><font class="Apple-style-span" color="#000066">* username "password" *</font></div></div><div><br></div>
<div><br></div><div>Please check this configuration This is my testing system for checking ipsec L2TP configuration. Please check it is giving one way communication. If any error Please tell me.</div><div><br></div><div>
<br></div>-- <br>Thanks and Regards.<br><br>Heta Shah<br><br><br><br><br>
</div></div>