[Openswan Users] VPN (ipsec/l2tp) to windows server

michaelof at rocketmail.com michaelof at rocketmail.com
Fri Jan 22 18:34:26 UTC 2021 

Hi all,



first post after having myself subscribed :)


Not able to connect to a IPsec/L2TP vpn server running on mswin. Described as detailed as possible here: https://forums.opensuse.org/showthread.php/549340-VPN-(ipsec-l2tp)-to-windows-server
Got a hint for this old thread: https://lists.openswan.org/pipermail/users/2013-July/022547.html


Seems that maybe also a 
	"I also make it my habit to make leftprotoport 17/%any instead of 17/1701"
could solve my issue.



But completely unclear to me where (or how) to set this "leftprotoport" param:


- Following strongswan's wiki (https://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf) I've found that /etc/ipsec.conf seems to be the relevant config file.

FYI, only commented lines on my OpenSuse system, never changed manually before:

# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start
#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start


- Tried to add the following to /etc/ipsec.conf

conn %default
   leftprotoport=udp/%any

- didn't change my issue.


As I'm using NetworkManager, KDE/Plasma, for the vpn connection, it's completely unclear to me how the "interaction" between a "conn" in /etc/ipsec.conf and NetworkManagers connections, stored in /etc/NetworkManager/system-connections, is. Seems to be that NetworkManager generates runtime-only configs, I'm not even able to increase debug levels. Drawbacks of user friendlyness - if it works :)



Any hints would be great,
thanks in advance,
Michael



P.S.: Maybe of interest:

zypper se -iv swan
Loading repository data...
Reading installed packages...

S  | Name             | Type    | Version          | Arch   | Repository
---+------------------+---------+------------------+--------+------------------
i+ | strongswan-ipsec | package | 5.8.2-lp152.1.39 | x86_64 | openSUSE-15.2 OSS
i  | strongswan-libs0 | package | 5.8.2-lp152.1.39 | x86_64 | openSUSE-15.2 OSS


zypper se -iv l2tp
Loading repository data...
Reading installed packages...

S  | Name                      | Type    | Version          | Arch   | Repository
---+---------------------------+---------+------------------+--------+------------------
i+ | NetworkManager-l2tp       | package | 1.8.0-lp152.1.41 | x86_64 | openSUSE-15.2 OSS
i+ | NetworkManager-l2tp-gnome | package | 1.8.0-lp152.1.41 | x86_64 | openSUSE-15.2 OSS
i  | NetworkManager-l2tp-lang  | package | 1.8.0-lp152.1.41 | noarch | openSUSE-15.2 OSS
i  | plasma-nm5-l2tp           | package | 5.18.5-lp152.2.1 | x86_64 | openSUSE-15.2 OSS
i  | xl2tpd                    | package | 1.3.10-lp152.3.7 | x86_64 | openSUSE-15.2 OSS
i+ | xl2tpd-doc                | package | 1.3.10-lp152.3.7 | x86_64 | openSUSE-15.2 OSS

More information about the Users mailing list