| Linode Forum https://forum.linode.com/ |
|
| I need some help to setup a l2tp/ipsec VPN. https://forum.linode.com/viewtopic.php?f=19&t=5089 |
Page 1 of 1 |
| Author: | windhunter [ Fri Jan 22, 2010 9:09 am ] |
| Post subject: | I need some help to setup a l2tp/ipsec VPN. |
Dear friends, I need some help to setup a l2tp/ipsec VPN on my linode. I'm from China.A month ago,I setup a pptp vpn. Even my IPHONE can reach twitter/facebook through my pptp vpn. but,these days,my IPHONE cannot reach twitter/facebook with pptp vpn any more. Because,our mobile service provider banned the pptp protocal. Now,i have to setup a l2tp/ipsec VPN for my IPHONE. Can some one give a Tutorial to explan how to setup a l2tp/ipsec vpn on centos 5? There is no clue in the Linode Library. Thx a lot! |
|
| Author: | vonskippy [ Fri Jan 22, 2010 1:25 pm ] |
| Post subject: | |
Why not tunnel over SSH? Very easy to setup (even on the iPhone) and looks like normal SSH traffic. Or use OpenVPN - easier to setup (although I don't know if there is a iPhone App for that) and looks like SSL traffic. IPSEC is just as easy to spot and block as PPTP traffic. |
|
| Author: | windhunter [ Fri Jan 22, 2010 3:46 pm ] |
| Post subject: | |
I'm using the official version IPHONE from China Unicom,the business partner of Apple in China. So,I can not install ssh client or openvpn into my iPhone. i know ipsec is easy to block. at least,it is not be blocked until now. |
|
| Author: | windhunter [ Fri Jan 22, 2010 5:14 pm ] |
| Post subject: | |
Hi all With linode's help,I try to setup a l2tp vpn server guided by this link: http://adamantsys.com/blog/alternate-pa ... -for-linux In this atricle,the author using Openswan-2.4.12 & xl2tpd-1.2.0. In my linode box,i'm useing openswan-2.6.21 & xl2tpd-1.2.4 a.b.c.d-(isp's IP) is my ISP's ip, e.f.g.h-(my linode box) is my linode box , e.f.g.1 is my linode box's gateway, 192.168.1.62 is a l2tp client in my local network. in /etc/ipsec.conf, only changed following line: leftnexthop=e.f.g.1 (my linode box's gateway) the /etc/ipsec.secrets is: #include /etc/ipsec.d/*.secrets e.f.g.h-(my linode box) %any: "password" the other config files almost is copy/paste from the tutorial completely. When my l2tp client program try to connect to my linode box, ipsec result the following info in /var/log/secure ===================CUT START=================== Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: received Vendor ID payload [RFC 3947] method set to=109 Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b] Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110 Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110 Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110 Jan 22 20:31:43 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: received Vendor ID payload [Dead Peer Detection] Jan 22 20:31:43 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: responding to Main Mode from unknown peer a.b.c.d-(isp's IP) Jan 22 20:31:43 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Jan 22 20:31:43 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: STATE_MAIN_R1: sent MR1, expecting MI2 Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed Jan 22 20:31:44 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: pluto_do_crypto: helper (-1) is exiting Jan 22 20:31:44 vpn-server pluto[26692]: packet from a.b.c.d-(isp's IP):32439: pluto_do_crypto: helper (-1) is exiting Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: STATE_MAIN_R2: sent MR2, expecting MI3 Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.62' Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: new NAT mapping for #5, was a.b.c.d-(isp's IP):32439, now a.b.c.d-(isp's IP):32869 Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024} Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000 Jan 22 20:31:44 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: received and ignored informational message Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[3] a.b.c.d-(isp's IP) #5: the peer proposed: e.f.g.h-(my linode box)/32:17/1701 -> 192.168.1.62/32:17/49228 Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP): pluto_do_crypto: helper (-1) is exiting Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: responding to Quick Mode proposal {msgid:33abfafa} Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: us: e.f.g.h-(my linode box)[+S=C]:17/1701---e.f.g.1 Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: them: a.b.c.d-(isp's IP)[192.168.1.62,+S=C]:17/49230===192.168.1.62/32 Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Jan 22 20:31:45 vpn-server pluto[26692]: "L2TP-PSK-NAT"[4] a.b.c.d-(isp's IP) #6: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x019ec134 <0xbde56628 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=a.b.c.d-(isp's IP):32869 DPD=none} ===================CUT END=================== after 3-5 seconds,i got the following info from /var/log/messages ===================CUT START=================== Jan 22 20:31:52 vpn-server xl2tpd[26529]: Maximum retries exceeded for tunnel 13554. Closing. Jan 22 20:32:00 vpn-server xl2tpd[26529]: Connection 79 closed to a.b.c.d-(isp's IP), port 49230 (Timeout) ===================CUT END=================== then,my l2tp client shows the connection failed message box. seems that something wrong with the NAT? How can i slove this problem? |
|
| Author: | khaost [ Mon Jan 25, 2010 2:30 am ] |
| Post subject: | |
I got same error with you. Maybe you can try to upgrade your Openswan on Linode to 2.6.24,that fixed L2TP broken with NAT'ed clients. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|