How to connect to a L2TP VPN given some info from a sysadmin

networking kubuntu network-manager vpn
7,961

Try:

conn tab-vpn
    ...
    rightid=192.168.122.2

in /etc/ipsec.conf

The rightid parameter can be used to specify the IP address that the server identifies itself as (ie. it's LAN IP address rather than the public IP address of the router).

If the expected IP address and the IP address that the server identifies as don't match then ipsec abandons the connection attempt.

Share:
7,961

Related videos on Youtube

Asfand Qazi
Author by

Asfand Qazi

Updated on September 18, 2022

Comments

  • Asfand Qazi
    Asfand Qazi almost 2 years

    I have been given some details of a VPN I am meant to connect to, and can't for the life of me get it to work under Kubuntu.

    The info I have been given is (fake values substituted where appropriate of course):

    I have configured a new VPN account for you on our server.

    Your login details are as follows:

    IP address: 1.2.3.4
username: myfullname
password: wordpass
shared secret: XXXXXXXXXX

    The connection type is L2TP.

    Ensure that you select the option to send all traffic over the VPN.

    I have tried 2 routes:

    1) Using the KDE widget to configure this

    2) Using config files to configure this

    Using the widget:

    I add the https://launchpad.net/~seriy-pr/+archive/network-manager-l2tp PPA, and install network-manager-l2tp.

    Then, I add an L2TP connection and I come across the following fields (which I fill in): Gateway (1.2.3.4) User name: (myfullname) Password: (wordpass)

    Then I go into IPsec Settings, and (after checking "Enable IPSec tunnel to L2TP host): Group Name Gateway ID Pre-shared Key

    I fill in Pre-shared Key with XXXXXXXXXX, and click OK.

    Then I try to connect, and get the following error:

    "Necessary secrets for the VPN connection were not provided."

    Using config files, and using https://www.elastichosts.com/support/tutorials/linux-l2tpipsec-vpn-client/ as a guide, I do the following:

    I add the following to /etc/ipsec.conf:

    config setup
....
    protostack=netkey
    plutoopts="--interface=wlan0"
....
conn tab-vpn
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    rekey=yes
    ikelifetime=8h
    keylife=1h
    type=transport
    left=%defaultroute
    leftnexthop=%defaultroute
    leftprotoport=17/1701
    right=1.2.3.4

    I add the following to /etc/ipsec.secrets:

    %any 1.2.3.4: PSK "XXXXXXXXXX"

    Then when I restart ipsec with:

    sudo ipsec auto --up tab-vpn

    I get:

    104 "tab-vpn" #1: STATE_MAIN_I1: initiate
003 "tab-vpn" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
003 "tab-vpn" #1: received Vendor ID payload [RFC 3947] method set to=115 
003 "tab-vpn" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
003 "tab-vpn" #1: ignoring Vendor ID payload [FRAGMENTATION]
003 "tab-vpn" #1: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
003 "tab-vpn" #1: ignoring Vendor ID payload [IKE CGA version 1]
106 "tab-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "tab-vpn" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
108 "tab-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "tab-vpn" #1: we require peer to have ID '1.2.3.4', but peer declares '192.168.122.2'
218 "tab-vpn" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION

    I and the server in question are behind the same firewall.

    It SHOULD allow me to connect so I can move onto setting up the xl2tpd.conf options, but I don't get that far.

    Help?

    • No Time
      No Time about 10 years
      Are you trying to put any number in for the IP? (where you have %any 1.2.3.4) That seems to be where you are having issues
    • Mladen B.
      Mladen B. about 10 years
      IP address (1.2.3.4 in your case) is not the Gateway info. It is the ip address of a VPN dial-in point (remote VPN server). Once you login with your credentials, most probably DHCP will automatically give you an appropriate IP address and the Gateway info.
    • Asfand Qazi
      Asfand Qazi about 10 years
      Unfortunately, I've left the place of work where I needed this, so I have no way of testing it. If a few people can confirm that any of the techniques work, I'll accept the best answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ssh: connect to host [ip] port 22: No route to host
/dev/ppp can't be opened
OpenVPN setup with PIA - Connects but no internet
How to auto(re)connect to openvpn connection?
How to connect to two VPNs at the same time?
Configuring routes so that vpn is only used for local resources
OpenConnect: Force all connections throught VPN (if IPv6 unavailable)
globalprotect option missing in network-manager VPN options
cannot connect using L2TP IPsec VPN Manager 1.0.9 on Ubuntu Desktop 14.04
add a route for VPN with NetworkManager