Hello Experts.
I am facing some issues with the L2TP Over Ipsec connections using Ubuntu as a client.
Server--Meraki
Client--Ubuntu 12.04LTS
I followed the Meraki guide for the set-up--https://kb.meraki.com/knowledge_base/linux---ubuntu-client-vpn
I installed the required packages-l2tp-ipsec-vpn. Did the set-up using the GUI--Entered the server ip, pre-shared key, PPP protocol as PAP, but somehow now able to connect. It comes up with an error message
Aug 23 16:18:30.181 ipsec_setup: Stopping Openswan IPsec...
Aug 23 16:18:31.679 xl2tpd[8284]: death_handler: Fatal signal 15 received
Aug 23 16:18:31.680 Stopping xl2tpd: xl2tpd.
Aug 23 16:18:31.702 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.0.0-32-generic...
Aug 23 16:18:31.997 ipsec__plutorun: Starting Pluto subsystem...
Aug 23 16:18:32.004 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Aug 23 16:18:32.009 recvref[30]: Protocol not available
Aug 23 16:18:32.010 xl2tpd[8588]: This binary does not support kernel L2TP.
Aug 23 16:18:32.010 xl2tpd[8590]: xl2tpd version xl2tpd-1.3.1 started on w2w-illuminati PID:8590
Aug 23 16:18:32.012 xl2tpd[8590]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug 23 16:18:32.012 xl2tpd[8590]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 23 16:18:32.013 xl2tpd[8590]: Inherited by Jeff McAdams, (C) 2002
Aug 23 16:18:32.013 xl2tpd[8590]: Forked again by Xelerance (
www.xelerance.com) (C) 2006
Aug 23 16:18:32.013 xl2tpd[8590]: Listening on IP address 0.0.0.0, port 1701
Aug 23 16:18:32.013 Starting xl2tpd: xl2tpd.
Aug 23 16:18:32.050 ipsec__plutorun: 002 added connection description "US-L2TP-IPsec."
Aug 23 16:19:42.917 104 "US-L2TP-IPsec." #1: STATE_MAIN_I1: initiate
Aug 23 16:19:42.917 003 "US-L2TP-IPsec." #1: received Vendor ID payload [RFC 3947] method set to=109
Aug 23 16:19:42.917 003 "US-L2TP-IPsec." #1: received Vendor ID payload [Dead Peer Detection]
Aug 23 16:19:42.918 106 "US-L2TP-IPsec." #1: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 23 16:19:42.918 003 "US-L2TP-IPsec." #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
Aug 23 16:19:42.918 108 "US-L2TP-IPsec." #1: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 23 16:19:42.919 004 "US-L2TP-IPsec." #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Aug 23 16:19:42.919 117 "US-L2TP-IPsec." #2: STATE_QUICK_I1: initiate
Aug 23 16:19:42.919 003 "US-L2TP-IPsec." #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Aug 23 16:19:42.919 003 "US-L2TP-IPsec." #2: malformed payload in packet
Aug 23 16:19:42.920 010 "US-L2TP-IPsec." #2: STATE_QUICK_I1: retransmission; will wait 20s for response
Aug 23 16:19:42.920 003 "US-L2TP-IPsec." #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Aug 23 16:19:42.920 003 "US-L2TP-IPsec." #2: malformed payload in packet
Aug 23 16:19:42.920 003 "US-L2TP-IPsec." #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Aug 23 16:19:42.921 003 "US-L2TP-IPsec." #2: malformed payload in packet
Aug 23 16:19:42.921 003 "US-L2TP-IPsec." #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Aug 23 16:19:42.921 003 "US-L2TP-IPsec." #2: malformed payload in packet
Aug 23 16:19:42.921 010 "US-L2TP-IPsec." #2: STATE_QUICK_I1: retransmission; will wait 40s for response
Aug 23 16:19:42.921 003 "US-L2TP-IPsec." #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Aug 23 16:19:42.922 003 "US-L2TP-IPsec." #2: malformed payload in packet
Aug 23 16:19:42.922 031 "US-L2TP-IPsec." #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Aug 23 16:19:42.922 000 "US-L2TP-IPsec." #2: starting keying attempt 2 of at most 3, but releasing whack
A
ug 23 16:19:42.923 [ERROR 300] 'IPsec' failed to negotiate or establish security associations
sudo ipsec verify output:-
ati:~$ sudo ipsec verify
[sudo] password for srijiv:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.0.0-32-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
[FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
My /etc/ipsec.conf file looks like
# Manual: ipsec.conf(5)
# Created: Fri Aug 23 16:15:39 2013
# by: The L2TP IPsec VPN Manager application version 1.0.9
#
# WARNING! All changes made in this file will be lost!
version 2.0 # conforms to second version of ipsec.conf specification
config setup
# plutodebug="parsing emitting control private"
plutodebug=none
strictcrlpolicy=no
nat_traversal=yes
interfaces=%defaultroute
oe=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey
conn %default
keyingtries=3
pfs=no
rekey=yes
type=transport
left=%defaultroute
leftprotoport=17/1701
rightprotoport=17/1701
# Add connections here.
conn US-L2TP-IPsec.
authby=secret
right=1.2.3.4
rightid=""
auto=add
Your expert advice will be highly appreciated.
Thanks in advance.