LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-25-2012, 02:41 AM   #1
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Rep: Reputation: 13
How to connect to a L2TP VPN from my Slackware box


Hello everybody
this is my first post on LQ.
I'm a Slackware user since version 10 and I'm very happy with it.
For my job I need to connect from home to a Win 2003 domain through a firewall performing an L2TP IPSEC VPN server.
In the past I tried StrongSwan and OpenSwan, read many howto's but without any success.
Is there someone who had similar tasks and had success with it? It is so boring to have to switch to Win only for that need

Thanks

Last edited by VicFer; 10-25-2012 at 02:47 AM.
 
Old 10-27-2012, 03:52 PM   #2
angryfirelord
Member
 
Registered: Dec 2005
Distribution: Fedora, CentOS
Posts: 515

Rep: Reputation: 66
I've never had to use L2TP, but it looks like there's a Slackbuild for part of it.

http://slackbuilds.org/repository/14.0/network/xl2tpd/
 
Old 10-28-2012, 02:04 AM   #3
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Original Poster
Rep: Reputation: 13
@ angryfirelord
I had some tests in the past with StrongSwan + xl2tpd, I also looked at https://wiki.archlinux.org/index.php...N_client_setup but I was not able to set the VPN tunnel.

Thank you
 
Old 11-01-2012, 01:15 PM   #4
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Original Poster
Rep: Reputation: 13
Hi all
maybe I made some steps ahead
I installed xl2tpd-1.3.1-9 and openswan-2.6.36
I continued reading the https://wiki.archlinux.org/index.php...N_client_setup
Now I'm able to set the tunnel, at least that's what I think looking at the logs
Code:
ipsec_setup: Starting Openswan IPsec U2.6.36/K2.6.33.4-smp...
Starting xl2tpd : xl2tpd[13129]: setsockopt recvref[30]: Protocol not available
xl2tpd[13129]: This binary does not support kernel L2TP.
xl2tpd[13129]: xl2tpd version xl2tpd-1.3.1 started on MySlack PID:13129
xl2tpd[13129]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[13129]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[13129]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[13129]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[13129]: Listening on IP address 0.0.0.0, port 1701

104 "L2TP-PSK" #1: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #1: ignoring unknown Vendor ID payload [8f9cc94e01248ecdf147594c284b213b]
003 "L2TP-PSK" #1: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
003 "L2TP-PSK" #1: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] method set to=107 
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 107
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 
003 "L2TP-PSK" #1: received Vendor ID payload [RFC 3947] method set to=109 
003 "L2TP-PSK" #1: received Vendor ID payload [Dead Peer Detection]
106 "L2TP-PSK" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "L2TP-PSK" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
108 "L2TP-PSK" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "L2TP-PSK" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
117 "L2TP-PSK" #2: STATE_QUICK_I1: initiate
003 "L2TP-PSK" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=a70d2966
003 "L2TP-PSK" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
004 "L2TP-PSK" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x3b2c4b46 <0x1da26a31 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
xl2tpd[13129]: Connecting to host <remoteserverip>, port 1701
xl2tpd[13129]: Connection established to <remoteserverip>, 1701.  Local: 37299, Remote: 3726 (ref=0/0).
xl2tpd[13129]: Calling on tunnel 37299
xl2tpd[13129]: Call established with <remoteserverip>, Local: 30217, Remote: 1, Serial: 1 (ref=0/0)
xl2tpd[13129]: start_pppd: I'm running: 
xl2tpd[13129]: "/usr/sbin/pppd" 
xl2tpd[13129]: "passive" 
xl2tpd[13129]: "nodetach" 
xl2tpd[13129]: ":" 
xl2tpd[13129]: "debug" 
xl2tpd[13129]: "file" 
xl2tpd[13129]: "/etc/ppp/options.l2tpd.client" 
xl2tpd[13129]: "ipparam" 
xl2tpd[13129]: "<remoteserverip>" 
xl2tpd[13129]: "/dev/pts/1"
ppp0 seems to be my tunnel, as per
Code:
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 90:e6:ba:80:4a:00 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:25:d3:d1:42:bf brd ff:ff:ff:ff:ff:ff
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1376 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp

# ifconfig
eth0      Link encap:Ethernet  HWaddr 90:e6:ba:80:4a:00  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:29 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:400 (400.0 B)  TX bytes:400 (400.0 B)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:<my_rem_lanip>  P-t-P:<rem_serverlanip>  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1376  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:94 (94.0 B)  TX bytes:92 (92.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:25:d3:d1:42:bf  
          inet addr:<mylocalip>  Bcast:xxx.xxx.xxx.xxx  Mask:255.255.255.0
          inet6 addr: fe80::225:d3ff:fed1:42bf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2364 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2476 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1531054 (1.4 MiB)  TX bytes:322098 (314.5 KiB)
Now it's time to set some routing rules.
This is the routing table just before changing anything
Code:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
<myrouterip>    *               255.255.255.255 UH    0      0        0 ppp0
<mylan.0>       *               255.255.255.0   U     0      0        0 wlan0
loopback        *               255.0.0.0       U     0      0        0 lo
default         <myrouterip>    0.0.0.0         UG    0      0        0 wlan0
Then
Code:
# route add <rem_serverlanip>/32 wlan0
# route add <rem_box_lanip> gw <rem_serverlanip> wlan0
I made the first assertion because without it I always obtained
Code:
SIOCADDRT: No such process
Now the routing table looks like that
Code:
# route
Kernel IP routing table
Destination       Gateway           Genmask         Flags Metric Ref    Use Iface
<rem_box_lanip>   <rem_serverlanip> 255.255.255.255 UGH   0      0        0 wlan0
<rem_serverlanip> *                 255.255.255.255 UH    0      0        0 wlan0
<rem_serverlanip> *                 255.255.255.255 UH    0      0        0 ppp0
192.168.1.0       *                 255.255.255.0   U     0      0        0 wlan0
loopback          *                 255.0.0.0       U     0      0        0 lo
default           <myrouterip>      0.0.0.0         UG    0      0        0 wlan0
but I'm not able to ping the remote machine.
My knowledge don't let me complete this task: anybody could help me understanding what is wrong?

Thanks

Last edited by VicFer; 11-01-2012 at 01:16 PM.
 
Old 09-06-2014, 01:37 AM   #5
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Original Poster
Rep: Reputation: 13
Hi all,
sorry for bumping this old thread, but I want to share with you that now, after a 2 years pause, I found where the problem were.
It was only a matter of routing syntax; the right command is:
Code:
route add -net <remotenetwork> netmask <remotenetmask> gw <ipaddressassignedtopppxinterface>
I've also tried strongSwan and it works fine, I only had to force ikev1 as the keyexchange protocol.
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] L2TP VPN on Centos devilboy09 Linux - Server 2 10-04-2012 04:05 PM
vpn l2tp aminbaik Linux - Networking 4 04-17-2012 09:21 AM
How do I connect a single windows machine to an Ubuntu 10.04 box via vpn or similar? 2legit2quit Linux - Newbie 2 01-29-2012 09:41 PM
how connect to a Windows server using VPN l2TP/IPSEC PSK? YourPadre Slackware 0 05-15-2011 11:07 PM
Connecting to VPN using l2tp Artik Linux - Networking 0 05-22-2006 05:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration