Setup a L2TP VPN server
Hello,i've been banging my heads against this issue for several days and i cannot get my L2TP VPN server working on a CENTOS VPS. i tried various tutorials but the problem remains the same. i can establish a l2tp connection (without ipsec encryption) with the VPN server from my Android phone and win8 desktop. but if i try to access the internet via the vpn server, the connection is terminated. also, i can not establish a l2tp connection using ipsec shared secrets.tcpdump -i eth0 -p 500 output the followings details:
c
, length 272)
xxxxxxxxxxxxxxxxxx.isakmp > 112.97.33.111.30462: [bad udp cksum 81fc!] isakmp 1.0 msgid 00000000 cookie 9f3842f5d727b94d->bf362731f6c9c0e0: phase 1 R ident:
(ke: key len=128 fdedaa8324c784ac37c36fb80d57c2851fdb7ae6fa719bd13d2e00816fea087707c0d894ccc73a7bd386cd52d6a5fc2041b0 158214d17bd8f759c47e2a0a1d1440f3992edb83dbd72b00edfaadff139b895e39f1641e29af5625cf0d9f62245a084f358b b4c97dfdeb2e7035ebbc5ab85816293359a6ecf6d02a8cc342631d3b)
(nonce: n len=32 f80e361e86be4089c138362404d321ec46167e90d9acf796e379ae9837bf7568)
(pay20)
(pay20)
i use the combination of strongswan and xl2tp.here is my config
/etc/strongswan/ipsec.conf
config setup
strictcrlpolicy=no
conn %default
ikelifetime=24h
keylife=24h
rekeymargin=9m
keyingtries=10
keyexchange=ikev2
dpdaction=clear
dpdtimeout=3600s
dpddelay=3600s
compress=yes
conn joyvpn
keyexchange=ikev1
rekey=no
type=tunnel
keyingtries=10
authby=secret
leftid=x.x.x.x
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
auto=add
/etc/xl2tpd/xl2tpd.conf
;
; This is a minimal sample xl2tpd configuration file for use
; with L2TP over IPsec.
;
; The idea is to provide an L2TP daemon to which remote Windows L2TP/IPsec
; clients connect. In this example, the internal (protected) network
; is 192.168.1.0/24. A special IP range within this network is reserved
; for the remote clients: 192.168.1.128/25
; (i.e. 192.168.1.128 ... 192.168.1.254)
;
; The listen-addr parameter can be used if you want to bind the L2TP daemon
; to a specific IP address instead of to all interfaces. For instance,
; you could bind it to the interface of the internal LAN (e.g. 192.168.1.98
; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99)
; will be used by xl2tpd as its address on pppX interfaces.
; IMPORTANT: always set listen-addr to a specific address, to work around a
; udpfromto bug!!!
[global]
listen-addr = x.x.x.x
;
; requires openswan-2.5.18 or higher - Also does not yet work in combination
; with kernel mode l2tp as present in linux 2.6.23+
; ipsec saref = yes
; Use refinfo of 22 if using an SAref kernel patch based on openswan 2.6.35 or
; when using any of the SAref kernel patches for kernels up to 2.6.35.
; ipsec refinfo = 30
;
force userspace = yes
;
debug tunnel = yes
[lns default]
ip range = 192.168.122.128-192.168.122.254
local ip = 192.168.122.99
; leave chap unspecified for maximum compatibility with windows, iOS, etc
; require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
Last edited by freefall12; 04-20-2013 at 02:39 AM.
|