LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 09-15-2009, 04:03 PM   #1
fantasygoat
Member
 
Registered: Sep 2009
Posts: 119

Rep: Reputation: 17
Setting up L2TP over IPSec VPN server under CentOS 5.3


I've been banging my head against this problem for almost a week now without much success.

What I want is a VPN server running L2TP over IPSec using a PSK to allow Windows XP and Mac OSX clients to connect and allow access to our local network.

I've put a box with two interfaces, one inside the private LAN and one with live IP. I'm using OpenSWAN and xl2tp.

I got it working using all internal IPs, but once I moved the config to the live IPs it stopped working.

From my OSX box at home I seem to be able to establish IPSec:

Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x0dca8d83 <0x8c0b136e xfrm=AES_128-HMAC_SHA1 NATOA=<invalid> NATD=<invalid>:4500 DPD=enabled}

But it disconnects and I get the following error:

Sep 15 15:47:41 gateway xl2tpd[6157]: Maximum retries exceeded for tunnel 16877. Closing.
Sep 15 15:47:48 gateway xl2tpd[6157]: Connection 10 closed to [home IP address], port 51077 (Timeout)

Here's my config files:

/etc/ipsec.conf

Quote:
version 2.0

config setup
protostack=netkey
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
authby=secret

conn L2TP-PSK
authby=secret
rekey=no
keyingtries=3
left=[the external IP]
leftnexthop=192.168.1.1
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%no,%priv
forceencaps=yes
pfs=no
auto=add
/etc/xl2tpd/xl2tpd.conf

Quote:
[lns default]
ip range = 192.168.10.200-192.168.10.254
local ip = 192.168.10.199
refuse pap = yes
require authentication = yes
name = gateway
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/options.xl2tpd

Quote:
name *
debug
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
ms-dns [our internal DNS]
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
auth
nodefaultroute
plugin winbind.so
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
Any pointers on how to get this thing running would be much appreciated.
 
Old 09-23-2009, 07:57 PM   #2
OdinnBurkni
Member
 
Registered: Feb 2007
Location: Iceland
Distribution: Fedora 14, CentOS, FreeNAS
Posts: 126

Rep: Reputation: 20
IPsec

Not sure but I think LeftNextHop should be your internet gateway. Like... your IP is 22.22.22.22 and your external gateway is 22.22.22.254 then that should be your leftnexthop, I think...
 
Old 09-25-2009, 07:33 AM   #3
fantasygoat
Member
 
Registered: Sep 2009
Posts: 119

Original Poster
Rep: Reputation: 17
Actually, it turned out to be a problem with Openswan. The current version is 2.6.x, which is what was installed by default from RPMForge. However, there is a bug in 2.6.x that causes L2TP to fail.

Downgrading Openswan to 2.4.15 fixed the problem.
 
Old 09-25-2009, 08:03 AM   #4
OdinnBurkni
Member
 
Registered: Feb 2007
Location: Iceland
Distribution: Fedora 14, CentOS, FreeNAS
Posts: 126

Rep: Reputation: 20
OpenSwan problem

Thank you for sharing this with us. I'm sure many others have had similiar problems without figuring out why the he.. it doesn't work.
 
Old 06-18-2011, 08:45 AM   #5
Randeep
LQ Newbie
 
Registered: Apr 2010
Location: Bangalore
Distribution: Redhat, Centos
Posts: 25

Rep: Reputation: 0
Here is a nice link on how to set xl2tpd vps
It worked for me.

http://helpinlinux.blogspot.com/2011...-l2tp-vpn.html
 
Old 10-04-2012, 05:08 PM   #6
linuxexplore
LQ Newbie
 
Registered: Oct 2012
Location: India
Distribution: CentOS, Ubuntu
Posts: 6
Blog Entries: 1

Rep: Reputation: Disabled
Thumbs up

L2TP VPN server configuration on Linux, specially CentOS, check the following links.
Using xl2tpd application: http://linuxexplore.com/how-tos/l2tp-vpn-using-xl2tpd/
Using rpl2tpd application: http://linuxexplore.com/how-tos/l2tp...sing-rp-l2tpd/
Really useful, i wrote them for implementation, may be helpful for you too.

Thanks,
Linux Explore | Exploring the Linux World :-)
 
  


Reply

Tags
ipsec, l2tp, openswan, vpn, xl2tpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec L2TP VPN server on Ubuntu for iPhone Apollo77 Linux - Networking 27 12-03-2010 10:27 AM
Setting up IPSec VPN? miscreant Linux - Networking 2 06-14-2010 10:49 PM
IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6 petwalrus Linux - Networking 3 04-21-2005 11:55 AM
IPsec/L2TP VPN question IPsecLearner Linux - Networking 3 04-19-2005 12:32 PM
L2TP VPN connections to an ISA Server kendoucet Linux - Networking 0 03-24-2004 09:07 AM


All times are GMT -5. The time now is 02:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration