cannot connect using L2TP IPsec VPN Manager 1.0.9 on Ubuntu Desktop 14.04
L2TP/IPSec VPN it is a two phase vpn. First IPSec, second L2TP with PPP. Before trying to solve any problem with L2TP (with or without NAT) you must be sure that first phase (IPSec) it is ok. There are two possible methods for IPSec authentication/encryption, ssl certs or pre-shared key. If you are using ssl certs than you can have a empty ipsec.secrets, but if you plan to use pre-shared key your ipsec.secrets must have a pre-shared key there. If you do not have any problems with IPSec you will be able to establish a security association with IPSec and first phase is done.
Second phase you must choose a authetication method for PPP and you are denying all pppd available password methods... refuse-eap refuse-chap refuse-mschap refuse-mschap-v2 you need to accept at least one...
Your problem it is here: Aug 21 18:56:33.659 xl2tpd[5488]: Connecting to host vpn.obeohealth.com, port 1701 Aug 21 18:56:38.665 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541. Closing. Aug 21 18:56:38.665 [ERROR 410] Connection attempt to 'MYCO-VPN' timed out
This means that you are not able to establish a L2 tunnel and probably it is because your IPSec connection it is not established yet.
You can turn on debug in L2TP to help you and you should check pluto logs also.
Related videos on Youtube
Comments
-
ritin over 1 year
used Synaptic to install L2TP
have checked the dependencies are installed too.
but cannot connect to work VPN
when i click connect Ubuntu reports
error 410$> sudo ipsec verify
Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.38/K3.13.0-34-generic (netkey) Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing XFRM related proc values [FAILED] Please disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause the sending of bogus ICMP redirects! [FAILED] Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects! [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [WARNING] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED]
SysLog >
Aug 21 18:56:30 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection Aug 21 18:56:30 WITTY105 L2tpIPsecVpnControlDaemon: Executing command ipsec setup stop Aug 21 18:56:30 WITTY105 ipsec_setup: Stopping Openswan IPsec... Aug 21 18:56:32 WITTY105 kernel: [ 4417.877398] NET: Unregistered protocol family 15 Aug 21 18:56:32 WITTY105 ipsec_setup: ...Openswan IPsec stopped Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command ipsec setup stop finished with exit code 0 Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop Aug 21 18:56:32 WITTY105 xl2tpd[1307]: death_handler: Fatal signal 15 received Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0 Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd start Aug 21 18:56:32 WITTY105 xl2tpd[5487]: setsockopt recvref[30]: Protocol not available Aug 21 18:56:32 WITTY105 xl2tpd[5487]: This binary does not support kernel L2TP. Aug 21 18:56:32 WITTY105 xl2tpd[5488]: xl2tpd version xl2tpd-1.3.6 started on WITTY105 PID:5488 Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Forked by Scott Balmos and David Stipp, (C) 2001 Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Inherited by Jeff McAdams, (C) 2002 Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Forked again by Xelerance (www.xelerance.com) (C) 2006 Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Listening on IP address 0.0.0.0, port 1701 Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd start finished with exit code 0 Aug 21 18:56:33 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection Aug 21 18:56:33 WITTY105 xl2tpd[5488]: Connecting to host vpn.mycompany.com, port 1701 Aug 21 18:56:38 WITTY105 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541. Closing. Aug 21 18:56:38 WITTY105 xl2tpd[5488]: Connection 0 closed to 50.***.***.206, port 1701 (Timeout) Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop Aug 21 18:56:38 WITTY105 xl2tpd[5488]: death_handler: Fatal signal 15 received Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0 Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection
MYCO-VPN.options.xl2tpd
plugin passprompt.so ipcp-accept-local ipcp-accept-remote idle 72000 ktune noproxyarp asyncmap 0 noauth crtscts lock hide-password modem noipx ipparam L2tpIPsecVpn-MYCO-VPN promptprog "/usr/bin/L2tpIPsecVpn" refuse-eap refuse-chap refuse-mschap refuse-mschap-v2 remotename "" name "[email protected]" password "mypass"
ipsec.config
version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug="parsing emitting control private" # plutodebug=none strictcrlpolicy=no nat_traversal=yes interfaces=%defaultroute oe=off # which IPsec stack to use. netkey,klips,mast,auto or none protostack=netkey conn %default keyingtries=3 pfs=no rekey=yes type=transport left=%defaultroute leftprotoport=17/1701 rightprotoport=17/1701 # Add connections here.
ipsec.secrets > is empty
the VPN Manager Logs show >
Aug 21 18:56:30.789 ipsec_setup: Stopping Openswan IPsec... Aug 21 18:56:32.206 Stopping xl2tpd: xl2tpd. Aug 21 18:56:32.206 xl2tpd[1307]: death_handler: Fatal signal 15 received Aug 21 18:56:32.216 <b>recvref[30]: Protocol not available</b> Aug 21 18:56:32.217 <b>xl2tpd[5487]: This binary does not support kernel L2TP.</b> Aug 21 18:56:32.217 xl2tpd[5488]: xl2tpd version xl2tpd-1.3.6 started on WITTY105 PID:5488 Aug 21 18:56:32.218 xl2tpd[5488]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Aug 21 18:56:32.218 xl2tpd[5488]: Forked by Scott Balmos and David Stipp, (C) 2001 Aug 21 18:56:32.218 xl2tpd[5488]: Inherited by Jeff McAdams, (C) 2002 Aug 21 18:56:32.220 xl2tpd[5488]: Forked again by Xelerance (www.xelerance.com) (C) 2006 Aug 21 18:56:32.220 xl2tpd[5488]: Listening on IP address 0.0.0.0, port 1701 Aug 21 18:56:32.220 Starting xl2tpd: xl2tpd. Aug 21 18:56:33.659 xl2tpd[5488]: Connecting to host vpn.obeohealth.com, port 1701 Aug 21 18:56:38.665 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541. Closing. Aug 21 18:56:38.665 [ERROR 410] Connection attempt to 'MYCO-VPN' timed out Aug 21 18:56:38.667 xl2tpd[5488]: Connection 0 closed to 50.***.***.205, port 1701 (Timeout) Aug 21 18:56:38.676 Stopping xl2tpd: xl2tpd. Aug 21 18:56:38.676 xl2tpd[5488]: death_handler: Fatal signal 15 received
These lines are are self explanatory
recvref[30]: Protocol not available
xl2tpd[5487]: This binary does not support kernel L2TP.
kernel: [ 4417.877398] NET: Unregistered protocol family 15
so, how to L2TP?
if Ubuntu Desktop doesnt have support, which Distro does?
TIA-
Kos about 8 yearsI managed to enable L2TP IPsec connection with Ububntu 14.04 using this instruction That is not a GUI way and according to my search there isn't an up to date out of box GUI method in any Linux distribution. There is another [link ](gist.github.com/yannispanousis/012f20ee1e977835be8f) to the same approach.
-