LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-21-2015, 03:33 AM   #1
Regnad Kcin
Member
 
Registered: Jan 2014
Location: Beijing
Distribution: Slackware 64 -current .
Posts: 662

Rep: Reputation: 458Reputation: 458Reputation: 458Reputation: 458Reputation: 458
Question How to set up a IPsec L2TP VPN client in Slackware


I live behind a firewall and use a VPN to tunnel through it to get to some web sites I need for work and non-work activities.

I subscribe to a VPN service that has servers in LA and elsewhere around the world. They provide software for Windows and Android that works quite well. Linux users who want to access the VPN are a small part of their market. They have provided me with a Ubuntu script by WernerJaeger that can be forced to install on Slackware. It doesnt work and it is a bear to get rid of. I decided at one point to completely reconfigure my system which was an opportunity to dump WernerJaeger's mess at the same time.

I have tried OpenSwan, LibreSwan, StrongSwan, FreeSwan, xl2pd, raccoon, pluto, a NetworkManager plugin and read and followed the notes provided by Jacco, and Arch, and Gentoo, and Elastichosts and Xlerance and a number of other sources. I have at one point been successful in establishing a partial connection but the xl2pd part is quite obtuse and opaque. Also it is quite unclear how to setup the iptables. The wernerjaeger script seemed to make some attempt at this but does not work.

The windows tool works quite well and the android tool works beautifully to establish the connection but i havent been able to find a way to make this work in Slackware. It's a real pain having to close slackware and reboot win7 to get to some web sites.

Is anyone out there using a VPN client and could provide some tips?
 
Old 11-21-2015, 05:54 AM   #2
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Rep: Reputation: 13
Hi,
I did it some time ago
http://www.linuxquestions.org/questi...9/#post5233188

-----
Maybe these could be useful

/etc/ipsec.conf
Code:
config setup
	charondebug="ike 3, knl 3, cfg 2"

conn my_vpn_conn
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	dpddelay=30
	dpdtimeout=120
	dpdaction=clear
	keyexchange=ikev1
	rekey=yes
	ikelifetime=8h
	keylife=1h
	type=transport
	left=%defaultroute
	leftprotoport=17/1701
	right=remote_ip_address
	rightprotoport=17/1701

/etc/ipsec.secrets
Code:
%any remote_ip_address : PSK "my_preshared_key"

/etc/xl2tpd/xl2tpd.conf
Code:
[global]
debug state = yes
debug tunnel = yes

[lac my_vpn]
lns = remote_ip_address
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
require chap = yes
refuse pap = yes
require authentication = yes

/etc/ppp/options.l2tpd.client
Code:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
nodefaultroute
usepeerdns
debug
lock
connect-delay 5000
name my_vpn_username
password my_vpn_password

script to start the vpn
Code:
#!/bin/bash

/usr/bin/echo "********** starting ipsec ..."
/usr/sbin/ipsec start
sleep 3
/usr/bin/echo "********** starting xl2tpd ..."
/usr/sbin/xl2tpd
/usr/bin/echo "********** Opening the IPsec connection ..."
/usr/sbin/ipsec up my_vpn_conn
sleep 3
/usr/bin/echo "********** Opening the L2TP tunnel ..."
echo "c my_vpn" > /var/run/xl2tpd/l2tp-control
sleep 3
REMADDR=`/usr/sbin/ip a | /usr/bin/grep ppp | /usr/bin/grep inet | /usr/bin/cut -d ' ' -f 6`
/usr/bin/echo "********** Setting $REMADDR as the gateway on the remote network"
/sbin/route add -net ip_of_the_remote_LAN netmask 255.255.255.0 gw $REMADDR

script to stop the vpn
Code:
#!/bin/bash

echo "********** Closing the L2TP tunnel ..."
echo "d my_vpn" > /var/run/xl2tpd/l2tp-control
sleep 1
killall xl2tpd
sleep 1
echo "********** Closing the IPsec connection ..."
/usr/sbin/ipsec down my_vpn_conn
sleep 1
/usr/sbin/ipsec stop

Last edited by VicFer; 11-21-2015 at 06:26 AM. Reason: Added more info
 
Old 11-21-2015, 07:34 AM   #3
Regnad Kcin
Member
 
Registered: Jan 2014
Location: Beijing
Distribution: Slackware 64 -current .
Posts: 662

Original Poster
Rep: Reputation: 458Reputation: 458Reputation: 458Reputation: 458Reputation: 458
So you are using StrongSwan and xl2tp...?

Is there any special setup or compiling issues for StrongSwan?
StrongSwan gives a very complex and lengthy list of compile options
and I could not figure out which ones I needed from their documentation.


The startup script is especially useful!

I knew that what Arch was calling for was not going to work exactly in Slackware

Quote:
$ systemctl start openswan
$ systemctl start xl2tpd
$ ipsec auto --up L2TP-PSK
$ echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control
And I had gotten past that and got as far as

Quote:
echo "c my_vpn" > /var/run/xl2tpd/l2tp-control
*
but was not able to make it give any indication that
I was connected. I had read your comments about route before but
was not able to figure out what to do about it.

these lines are extremely helpful
Quote:
REMADDR=`/usr/sbin/ip a | /usr/bin/grep ppp | /usr/bin/grep inet | /usr/bin/cut -d ' ' -f 6`
/usr/bin/echo "********** Setting $REMADDR as the gateway on the remote network"
/sbin/route add -net ip_of_the_remote_LAN netmask 255.255.255.0 gw $REMADDR
Thank you very much!

Last edited by Regnad Kcin; 11-21-2015 at 07:35 AM.
 
Old 11-21-2015, 08:01 AM   #4
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Rep: Reputation: 13
Quote:
So you are using StrongSwan and xl2tp...?
I had used it in the past, but last september things changed and I have moved to OpenVPN.

Quote:
Is there any special setup or compiling issues for StrongSwan?
No, I took the slackbuild from slackbuilds.org and had no issues with compilation

Quote:
Thank you very much!
You're welcome
 
1 members found this post helpful.
Old 11-22-2015, 09:33 AM   #5
Regnad Kcin
Member
 
Registered: Jan 2014
Location: Beijing
Distribution: Slackware 64 -current .
Posts: 662

Original Poster
Rep: Reputation: 458Reputation: 458Reputation: 458Reputation: 458Reputation: 458
Well, I am still having trouble.

The IPSEC part works, as before, but the xl2tpd and ppp part doesn't seem to be working

I got an error message at first from this but then created the
directory and the file l2tp-control but it doesnt seem to do anything.

Quote:
/usr/bin/echo "********** Opening the L2TP tunnel ..."
echo "c my_vpn" > /var/run/xl2tpd/l2tp-control
The "ip a | grep ppp" doesn't return anything because there isn't any ppp.
 
Old 11-22-2015, 11:39 AM   #6
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Rep: Reputation: 13
I'm sorry for not having a IPsec L2TP anymore.
When I managed to make it working, I had 3 terminal open: one with
Code:
# tail -f /var/log/syslog
another with
Code:
# tail -f /var/log/messages
and the third where I was writing the various commands.
This helped me very much (I do not remember of a specific log file where to look for debug messages), maybe you can try the same and post your logs.
 
Old 11-22-2015, 11:59 AM   #7
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Rep: Reputation: 13
Sorry
I found some mistakes on the ipsec.conf file:

Code:
# ipsec.conf - strongSwan IPsec configuration file

conn my_vpn_conn
	authby=secret
	auto=add
	keyingtries=3
	dpddelay=30
	dpdtimeout=120
	dpdaction=clear
	keyexchange=ikev1
	rekey=yes
	ikelifetime=8h
	keylife=1h
	type=transport
	left=%defaultroute
	leftprotoport=17/1701
	right=remote_ip_address
	rightprotoport=17/1701
Maybe not so crucial but who knows
 
Old 11-22-2015, 12:12 PM   #8
Regnad Kcin
Member
 
Registered: Jan 2014
Location: Beijing
Distribution: Slackware 64 -current .
Posts: 662

Original Poster
Rep: Reputation: 458Reputation: 458Reputation: 458Reputation: 458Reputation: 458
It seems that my problem is that the ppp daemon isnt started, and xl2tpd doesnt start it.
 
Old 11-22-2015, 12:42 PM   #9
VicFer
Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware
Posts: 52

Rep: Reputation: 13
This is my log on /var/log/messages when I tried
Code:
/usr/sbin/ipsec start
Code:
/usr/sbin/xl2tpd
and
Code:
/usr/sbin/ipsec up my_vpn_conn
Code:
Nov 22 18:54:30 slackbook kernel: [ 2705.121247] NET: Registered protocol family 15
Nov 22 18:54:30 slackbook charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 3.18.11, x86_64) 
Nov 22 18:54:30 slackbook charon: 00[KNL] received netlink error: Address family not supported by protocol (97) 
Nov 22 18:54:30 slackbook charon: 00[KNL] unable to create IPv6 routing table rule 
Nov 22 18:54:30 slackbook charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 
Nov 22 18:54:30 slackbook charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 
Nov 22 18:54:30 slackbook charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 
Nov 22 18:54:30 slackbook charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 
Nov 22 18:54:30 slackbook charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' 
Nov 22 18:54:30 slackbook charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' 
Nov 22 18:54:30 slackbook charon: 00[CFG]   loaded IKE secret for any remote_ip_address 
Nov 22 18:54:30 slackbook charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic 
Nov 22 18:54:30 slackbook charon: 00[LIB] unable to load 6 plugin features (6 due to unmet dependencies) 
Nov 22 18:54:30 slackbook charon: 00[JOB] spawning 16 worker threads 
Nov 22 18:54:31 slackbook charon: 02[CFG] received stroke: add connection 'my_vpn_conn' 
Nov 22 18:54:31 slackbook charon: 02[CFG] left nor right host is our side, assuming left=local 
Nov 22 18:54:31 slackbook charon: 02[CFG] added configuration 'my_vpn_conn' 
Nov 22 18:55:15 slackbook kernel: [ 2749.526961] PPP generic driver version 2.4.2
Nov 22 18:55:15 slackbook kernel: [ 2749.528700] NET: Registered protocol family 24
Nov 22 18:55:15 slackbook kernel: [ 2749.536342] l2tp_core: L2TP core driver, V2.0
Nov 22 18:55:15 slackbook kernel: [ 2749.537154] l2tp_netlink: L2TP netlink interface
Nov 22 18:55:15 slackbook xl2tpd[2390]: Using l2tp kernel support. 
Nov 22 18:55:15 slackbook kernel: [ 2749.537989] l2tp_ppp: PPPoL2TP kernel driver, V2.0
Nov 22 18:55:15 slackbook xl2tpd[2396]: xl2tpd version xl2tpd-1.3.6 started on slackbook PID:2396 
Nov 22 18:55:15 slackbook xl2tpd[2396]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. 
Nov 22 18:55:15 slackbook xl2tpd[2396]: Forked by Scott Balmos and David Stipp, (C) 2001 
Nov 22 18:55:15 slackbook xl2tpd[2396]: Inherited by Jeff McAdams, (C) 2002 
Nov 22 18:55:15 slackbook xl2tpd[2396]: Forked again by Xelerance (www.xelerance.com) (C) 2006 
Nov 22 18:55:15 slackbook xl2tpd[2396]: Listening on IP address 0.0.0.0, port 1701 
Nov 22 18:56:13 slackbook charon: 08[CFG] received stroke: initiate 'my_vpn_conn' 
Nov 22 18:56:13 slackbook charon: 09[IKE] initiating Main Mode IKE_SA my_vpn_conn[1] to remote_ip_address 
Nov 22 18:56:13 slackbook charon: 09[ENC] generating ID_PROT request 0 [ SA V V V V ]
As I previously mentioned I do not have the remote VPN peer available anymore, so the connection fails, but what about your logs?

Last edited by VicFer; 11-22-2015 at 12:44 PM.
 
Old 12-15-2016, 06:30 AM   #10
nmeheus
LQ Newbie
 
Registered: Dec 2016
Posts: 1

Rep: Reputation: Disabled
Same problem

Quote:
Originally Posted by Regnad Kcin View Post
It seems that my problem is that the ppp daemon isnt started, and xl2tpd doesnt start it.
Did you ever manage to fix this? I have been trying to get a vpn/ipsec connection to a public server (found at the vpngate-site) for about a week now, and I'm experiencing the same problem, my ipsec tunnel is up (checked by ipsec status myvpn), however I can't seem to use it, as the ppp0 interface never gets created.

best regards and sorry for reviving this old thread
 
Old 12-15-2016, 05:57 PM   #11
Regnad Kcin
Member
 
Registered: Jan 2014
Location: Beijing
Distribution: Slackware 64 -current .
Posts: 662

Original Poster
Rep: Reputation: 458Reputation: 458Reputation: 458Reputation: 458Reputation: 458
No, sorry , I did not get it working.
 
Old 12-17-2016, 10:33 AM   #12
PROBLEMCHYLD
Senior Member
 
Registered: Apr 2015
Posts: 1,201

Rep: Reputation: Disabled
I wonder if we can try a different approach. Maybe using networkmanager to use certificates.
I don't understand the ones that needs to be listed for L2TP with certificates only. No IPsec.
https://developer.gnome.org/NetworkM...-settings.html
Someone give me a layout of what its suppose to look like, I'll go on a testing binge. TIA
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN with l2tp over ipsec rafspiny Linux - Networking 2 11-15-2015 05:27 AM
Can't Establish Connection L2TP/IPSec VPN nasvi Linux - Security 0 02-21-2014 04:44 PM
LXer: Set up a IPsec/L2TP VPN with Ubuntu 12.04 with OpenSwan, xl2tpd and ppp LXer Syndicated Linux News 0 10-14-2012 12:50 PM
L2TP/IPsec VPN connection with client behind NAT poorlittlelinuxuser Linux - Newbie 2 09-16-2012 09:41 PM
IPsec/L2TP VPN question IPsecLearner Linux - Networking 3 04-19-2005 11:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration