[Openswan Users] l2tp vpn server in ubuntu 10.4 cannot be connected
Willie Gillespie
wgillespie at es2eng.com
Tue Apr 10 13:28:29 EDT 2012
Based on the versions you are using, it looks like you are experiencing the bug talked about here:
http://ubuntuforums.org/showthread.php?t=1526578
See if disabling MS-CHAPv2 and just using MS-CHAP works for you. If so, consider upgrading Samba.
-----Original Message-----
From: chenkaiye at ccpower.com.cn
Sent: Tuesday, April 10, 2012 10:12am
To: users at lists.openswan.org
Subject: [Openswan Users] l2tp vpn server in ubuntu 10.4 cannot be connected
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
Hi all
I am a freshman for l2tp vpn server. Now i want to setup a l2tp vpn server in ubuntu 10.4. After i finished the server configuration. I try to connect to the vpn server in my pc. but i meet this problem(i had disable the firewall both in the pc and server):
error 809
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
1 Server information:
1) OS: ubuntu 10.04.4
2) openswan version: openswan_2.6.28+dfsg-5_amd64.deb (downloaded from pkgs.org )
3) xl2tp: 1.2.5+dfsg-1
4) ppp: 2.4.5
2 Client(pc) information:
1) OS: Windows 7 Ultimate
2) Lenovo G430
3 ipsec.conf:
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=auto
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv,%no,%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=203.*.*.* //(server ip)
leftnexthop=203.*.*.1 //(gateway ip)
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
4 xl2tp.conf:
[global]
ipsec saref = yes
[lns default]
ip range = 192.168.0.2-192.168.0.100
local ip = 192.168.0.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
5 options.xl2tp:
require-mschap-v2
ms-dns 202.181.230.228
ms-dns 202.181.230.229
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
6 ipsec.secrets:
203.*.*.* %any: "mysecrests"
7 auth.log:
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: received Vendor ID payload [RFC 3947] method set to=109
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: responding to Main Mode from unknown peer 183.11.28.236
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: Main mode peer ID is ID_IPV4_ADDR: '183.11.28.236'
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 10 22:58:55 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: the peer proposed: 203.131.228.232/32:17/1701 -> 183.11.28.236/32:17/0
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: responding to Quick Mode proposal {msgid:01000000}
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: us: 203.131.228.232<203.131.228.232>[+S=C]:17/1701
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: them: 183.11.28.236[+S=C]:17/1701
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 10 22:58:56 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xc4f166c4 <0xdf13269b xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: received Delete SA(0xc4f166c4) payload: deleting IPSEC State #2
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: received and ignored informational message
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236 #1: received Delete SA payload: deleting ISAKMP State #1
Apr 10 22:59:31 ubuntuVPN pluto[27940]: "L2TP-PSK-NAT"[1] 183.11.28.236: deleting connection "L2TP-PSK-NAT" instance with peer 183.11.28.236 {isakmp=#0/ipsec=#0}
Apr 10 22:59:31 ubuntuVPN pluto[27940]: packet from 183.11.28.236:500: received and ignored informational message
Kevin
----------
More information about the Users
mailing list