How to set up a IPsec L2TP VPN client in Slackware
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to set up a IPsec L2TP VPN client in Slackware
I live behind a firewall and use a VPN to tunnel through it to get to some web sites I need for work and non-work activities.
I subscribe to a VPN service that has servers in LA and elsewhere around the world. They provide software for Windows and Android that works quite well. Linux users who want to access the VPN are a small part of their market. They have provided me with a Ubuntu script by WernerJaeger that can be forced to install on Slackware. It doesnt work and it is a bear to get rid of. I decided at one point to completely reconfigure my system which was an opportunity to dump WernerJaeger's mess at the same time.
I have tried OpenSwan, LibreSwan, StrongSwan, FreeSwan, xl2pd, raccoon, pluto, a NetworkManager plugin and read and followed the notes provided by Jacco, and Arch, and Gentoo, and Elastichosts and Xlerance and a number of other sources. I have at one point been successful in establishing a partial connection but the xl2pd part is quite obtuse and opaque. Also it is quite unclear how to setup the iptables. The wernerjaeger script seemed to make some attempt at this but does not work.
The windows tool works quite well and the android tool works beautifully to establish the connection but i havent been able to find a way to make this work in Slackware. It's a real pain having to close slackware and reboot win7 to get to some web sites.
Is anyone out there using a VPN client and could provide some tips?
Is there any special setup or compiling issues for StrongSwan?
StrongSwan gives a very complex and lengthy list of compile options
and I could not figure out which ones I needed from their documentation.
The startup script is especially useful!
I knew that what Arch was calling for was not going to work exactly in Slackware
*
but was not able to make it give any indication that
I was connected. I had read your comments about route before but
was not able to figure out what to do about it.
these lines are extremely helpful
Quote:
REMADDR=`/usr/sbin/ip a | /usr/bin/grep ppp | /usr/bin/grep inet | /usr/bin/cut -d ' ' -f 6`
/usr/bin/echo "********** Setting $REMADDR as the gateway on the remote network"
/sbin/route add -net ip_of_the_remote_LAN netmask 255.255.255.0 gw $REMADDR
Thank you very much!
Last edited by Regnad Kcin; 11-21-2015 at 07:35 AM.
I'm sorry for not having a IPsec L2TP anymore.
When I managed to make it working, I had 3 terminal open: one with
Code:
# tail -f /var/log/syslog
another with
Code:
# tail -f /var/log/messages
and the third where I was writing the various commands.
This helped me very much (I do not remember of a specific log file where to look for debug messages), maybe you can try the same and post your logs.
Nov 22 18:54:30 slackbook kernel: [ 2705.121247] NET: Registered protocol family 15
Nov 22 18:54:30 slackbook charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 3.18.11, x86_64)
Nov 22 18:54:30 slackbook charon: 00[KNL] received netlink error: Address family not supported by protocol (97)
Nov 22 18:54:30 slackbook charon: 00[KNL] unable to create IPv6 routing table rule
Nov 22 18:54:30 slackbook charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 22 18:54:30 slackbook charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 22 18:54:30 slackbook charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 22 18:54:30 slackbook charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 22 18:54:30 slackbook charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 22 18:54:30 slackbook charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 22 18:54:30 slackbook charon: 00[CFG] loaded IKE secret for any remote_ip_address
Nov 22 18:54:30 slackbook charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
Nov 22 18:54:30 slackbook charon: 00[LIB] unable to load 6 plugin features (6 due to unmet dependencies)
Nov 22 18:54:30 slackbook charon: 00[JOB] spawning 16 worker threads
Nov 22 18:54:31 slackbook charon: 02[CFG] received stroke: add connection 'my_vpn_conn'
Nov 22 18:54:31 slackbook charon: 02[CFG] left nor right host is our side, assuming left=local
Nov 22 18:54:31 slackbook charon: 02[CFG] added configuration 'my_vpn_conn'
Nov 22 18:55:15 slackbook kernel: [ 2749.526961] PPP generic driver version 2.4.2
Nov 22 18:55:15 slackbook kernel: [ 2749.528700] NET: Registered protocol family 24
Nov 22 18:55:15 slackbook kernel: [ 2749.536342] l2tp_core: L2TP core driver, V2.0
Nov 22 18:55:15 slackbook kernel: [ 2749.537154] l2tp_netlink: L2TP netlink interface
Nov 22 18:55:15 slackbook xl2tpd[2390]: Using l2tp kernel support.
Nov 22 18:55:15 slackbook kernel: [ 2749.537989] l2tp_ppp: PPPoL2TP kernel driver, V2.0
Nov 22 18:55:15 slackbook xl2tpd[2396]: xl2tpd version xl2tpd-1.3.6 started on slackbook PID:2396
Nov 22 18:55:15 slackbook xl2tpd[2396]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 22 18:55:15 slackbook xl2tpd[2396]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 22 18:55:15 slackbook xl2tpd[2396]: Inherited by Jeff McAdams, (C) 2002
Nov 22 18:55:15 slackbook xl2tpd[2396]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Nov 22 18:55:15 slackbook xl2tpd[2396]: Listening on IP address 0.0.0.0, port 1701
Nov 22 18:56:13 slackbook charon: 08[CFG] received stroke: initiate 'my_vpn_conn'
Nov 22 18:56:13 slackbook charon: 09[IKE] initiating Main Mode IKE_SA my_vpn_conn[1] to remote_ip_address
Nov 22 18:56:13 slackbook charon: 09[ENC] generating ID_PROT request 0 [ SA V V V V ]
As I previously mentioned I do not have the remote VPN peer available anymore, so the connection fails, but what about your logs?
It seems that my problem is that the ppp daemon isnt started, and xl2tpd doesnt start it.
Did you ever manage to fix this? I have been trying to get a vpn/ipsec connection to a public server (found at the vpngate-site) for about a week now, and I'm experiencing the same problem, my ipsec tunnel is up (checked by ipsec status myvpn), however I can't seem to use it, as the ppp0 interface never gets created.
best regards and sorry for reviving this old thread
I wonder if we can try a different approach. Maybe using networkmanager to use certificates.
I don't understand the ones that needs to be listed for L2TP with certificates only. No IPsec. https://developer.gnome.org/NetworkM...-settings.html
Someone give me a layout of what its suppose to look like, I'll go on a testing binge. TIA
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.