[Openswan Users] l2tp vpn server in ubuntu 10.4 cannot be connected

Willie Gillespie wgillespie at es2eng.com
Tue Apr 10 13:28:29 EDT 2012


Based on the versions you are using, it looks like you are experiencing the bug talked about here:
http://ubuntuforums.org/showthread.php?t=1526578

See if disabling MS-CHAPv2 and just using MS-CHAP works for you.  If so, consider upgrading Samba.

-----Original Message-----
From: chenkaiye at ccpower.com.cn
Sent: Tuesday, April 10, 2012 10:12am
To: users at lists.openswan.org
Subject: [Openswan Users] l2tp vpn server in ubuntu 10.4 cannot be connected

_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
Hi all


   I am a freshman for l2tp vpn server. Now i want to setup a l2tp vpn server in ubuntu 10.4. After i finished the server configuration. I try to connect to the vpn server in my pc. but i meet this problem(i had disable the firewall both in the pc and server): 
 error 809 
           The network connection between your computer and the VPN server could not be established because the remote server is not responding.     This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem. 

1 Server information:
 1) OS: ubuntu 10.04.4
 2) openswan version: openswan_2.6.28+dfsg-5_amd64.deb (downloaded from pkgs.org )
 3) xl2tp: 1.2.5+dfsg-1
 4) ppp: 2.4.5


2 Client(pc) information:

 1) OS: Windows 7 Ultimate
 2) Lenovo G430



3 ipsec.conf:

  config setup
     nat_traversal=yes
     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
     oe=off
     protostack=auto


  conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv,%no,%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
    also=L2TP-PSK-noNAT


  conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=203.*.*.*  //(server ip)
    leftnexthop=203.*.*.1  //(gateway ip)
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any


4 xl2tp.conf:
  [global]
     ipsec saref = yes
  [lns default]
     ip range = 192.168.0.2-192.168.0.100
     local ip = 192.168.0.1
     refuse chap = yes
     refuse pap = yes
     require authentication = yes
     ppp debug = yes
     pppoptfile = /etc/ppp/options.xl2tpd
     length bit = yes


5  options.xl2tp:
   require-mschap-v2
   ms-dns 202.181.230.228
   ms-dns 202.181.230.229
   asyncmap 0
   auth
   crtscts
   lock
   hide-password
   modem
   debug
   name l2tpd
   proxyarp
   lcp-echo-interval 30
   lcp-echo-failure 4


6 ipsec.secrets:
  203.*.*.* %any: "mysecrests"


7 auth.log:
  Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: received Vendor ID payload [RFC 3947] method set to=109
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: responding to Main Mode from unknown peer 183.11.28.236
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: Main mode peer ID is ID_IPV4_ADDR: '183.11.28.236'
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: the peer proposed: 203.131.228.232/32:17/1701 -> 183.11.28.236/32:17/0
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: responding to Quick Mode proposal {msgid:01000000}
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2:     us: 203.131.228.232<203.131.228.232>[+S=C]:17/1701
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2:   them: 183.11.28.236[+S=C]:17/1701
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xc4f166c4 <0xdf13269b xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: received Delete SA(0xc4f166c4) payload: deleting IPSEC State #2
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: received and ignored informational message
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: received Delete SA payload: deleting ISAKMP State #1
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236: deleting connection "L2TP-PSK-NAT" instance with peer 183.11.28.236 {isakmp=#0/ipsec=#0}
Apr 10 22:59:31 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: received and ignored informational message



Kevin
----------

																			





More information about the Users mailing list