LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Setting up a L2TP VPN server (http://www.linuxquestions.org/questions/linux-networking-3/setting-up-a-l2tp-vpn-server-764715/)

ratcateme 10-27-2009 01:48 AM

Setting up a L2TP VPN server
 
im currently just testing and trying to setup a VPN on my home network using Centos 5.3 as the VPN server.
so far i have installed xl2tpd and openswan both will start with no errors and everything looks fine.
i have configured a windows XP desktop to connect to the linux server using CHAP authentication and L2TP/PPP and setup the IPsec PSK pass phrase.
but it fails to connect.
i have used wireshark to confirm that it is sending to the right IP and it is trying to connect to UDP port 500.
i then checked on my linux box with netstat -ln | grep :500
Code:

udp        0      0 127.0.0.1:500              0.0.0.0:*
udp        0      0 10.1.2.1:500                0.0.0.0:*
udp        0      0 10.1.1.2:500                0.0.0.0:*

so the service is started and listening i have turned the firewall off for this testing so i really can't see what the problem is and its really bugging me.
so if anyone could help that would be great

Thanks Scott.

jefro 10-28-2009 05:09 PM

Wonder if 1701 needs to be open?

ratcateme 10-28-2009 11:31 PM

yep that was a problem i have resloved most of the problems so far.
i have got a bit stuck with PPP and CHAP
i have setup windows right (i think) and i removed authentication and it worked and the VPN established but when i put it on and run xl2tpd in debug mode xl2tpd -D
Code:

xl2tpd[9766]: Enabling IPsec SAref processing for L2TP transport mode SAs
xl2tpd[9766]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
xl2tpd[9766]: setsockopt recvref[22]: Protocol not available
xl2tpd[9766]: This binary does not support kernel L2TP.
xl2tpd[9766]: xl2tpd version xl2tpd-1.2.4 started on ratcat.homelinux.com PID:9766
xl2tpd[9766]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[9766]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[9766]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[9766]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[9766]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[9766]: get_call: allocating new tunnel for host 10.1.2.3, port 1701.
xl2tpd[9766]: get_call: allocating new tunnel for host 10.1.2.3, port 1701.
xl2tpd[9766]: control_finish: Peer requested tunnel 26 twice, ignoring second one.
xl2tpd[9766]: build_fdset: closing down tunnel 27350
xl2tpd[9766]: Connection established to 10.1.2.3, 1701.  Local: 57205, Remote: 26 (ref=0/0).  LNS session is 'default'
xl2tpd[9766]: start_pppd: I'm running:
xl2tpd[9766]: "/usr/sbin/pppd"
xl2tpd[9766]: "passive"
xl2tpd[9766]: "nodetach"
xl2tpd[9766]: "10.1.1.2:10.1.1.128"
xl2tpd[9766]: "refuse-pap"
xl2tpd[9766]: "auth"
xl2tpd[9766]: "require-chap"
xl2tpd[9766]: "name"
xl2tpd[9766]: "RatCatVPN"
xl2tpd[9766]: "debug"
xl2tpd[9766]: "file"
xl2tpd[9766]: "/etc/ppp/options.xl2tpd"
xl2tpd[9766]: "/dev/pts/0"
/usr/sbin/pppd: The remote system is required to authenticate itself
/usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so.
/usr/sbin/pppd: (None of the available passwords would let it use an IP address.)
xl2tpd[9766]: Call established with 10.1.2.3, Local: 21289, Remote: 1, Serial: 0
xl2tpd[9766]: control_finish: Connection closed to 10.1.2.3, serial 0 ()
xl2tpd[9766]: Terminating pppd: sending TERM signal to pid 9775
xl2tpd[9766]: pppd 9775 successfully terminated
xl2tpd[9766]: control_finish: Connection closed to 10.1.2.3, port 1701 (), Local: 57205, Remote: 26
xl2tpd[9766]: build_fdset: closing down tunnel 57205

im connecting from 10.1.2.3 to and the server is at 10.1.2.1
/etc/ppp/chap-secrets contains:
Code:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
####### redhat-config-network will overwrite this part!!! (begin) ##########
####### redhat-config-network will overwrite this part!!! (end) ############
"scott"                        *      "test"          10.1.0.0/16
*                              "scott" "test"          10.1.0.0/16

and /etc/xl2tpd/xl2tpd.conf
Code:

[global]

debug tunnel = yes

[lns default]
ip range = 10.1.1.128-10.1.1.254
local ip = 10.1.1.2
require chap = yes
refuse pap = yes
require authentication = yes
name = RatCatVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

and /etc/ppp/options.xl2tpd
Code:

ipcp-accept-local
ipcp-accept-remote
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
proxyarp

so if you could tell me whats going on that would be great.
Thanks Scott.

Randeep 06-18-2011 07:44 AM

Here is a good link for setting xl2tpd

http://helpinlinux.blogspot.com/2011...-l2tp-vpn.html

reverie 05-03-2012 12:51 AM

help!
 
i`m facing the same question with you on the problem about xl2tp ...have you get it through? would you give me some advises about it and send it an email (6414344322@qq.com),if u are convenient ....thank u very much...

amirn 06-26-2013 07:29 AM

Another Example for xL2TP + VPN
 
Here is another good example of how to get xl2tp to work with OpenSwan
L2TP OpenSwan Example


All times are GMT -5. The time now is 02:37 PM.