Rvl's questions -ubuntu

Rvl

Asked: 2020-11-19 20:41:13 +0800 CST

L2TP/IPSEC Client configuration Ubuntu 18.04 LTS

I am trying to setup an IPSEC/L2TP client VPN configuration on a Ubuntu 18.04 using Strongswan and xl2tpd. I have no control over the server side configuration.

UPDATE & Partial Resolution

The lock option in the options.l2tpd.client was producing the error. This was eventually found in SysLog after shutting down other Strongswan VPN connections that were swamping the log file.

Now the pppx interface is available and showing correct VPN internal IP address, but IPSec configuration is still incorrect and won't connect.

SysLog IPSec connection

Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 14[NET] sending packet: from 192.168.15.120[500] to 103.195.52.179[500] (1224 bytes)
Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 13[IKE] retransmit 1 of request with message ID 0
Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 13[NET] sending packet: from 192.168.15.120[500] to 103.195.52.179[500] (1224 bytes)
Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 10[IKE] retransmit 2 of request with message ID 0
Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 10[NET] sending packet: from 192.168.15.120[500] to 103.195.52.179[500] (1224 bytes)
Nov 19 16:38:08 aeesgroup_r710 ipsec[8348]: 06[IKE] retransmit 3 of request with message ID 0
Nov 19 16:38:19 aeesgroup_r710 kernel: [10293.239767] [UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:00:10:75:58:fa:79:08:00 SRC=192.168.15.3 DST=224.0.0.1 LEN=144 TOS=0x00 PREC=0x00 TTL=1 ID=49135 DF PROTO=UDP SPT=58157 DPT=4448 LEN=124
Nov 19 16:38:20 aeesgroup_r710 pppd[8954]: sent [LCP EchoReq id=0x1a magic=0x47da512a]
Nov 19 16:38:20 aeesgroup_r710 pppd[8954]: rcvd [LCP EchoReq id=0x17 magic=0x8652e960]
Nov 19 16:38:20 aeesgroup_r710 pppd[8954]: sent [LCP EchoRep id=0x17 magic=0x47da512a]
Nov 19 16:38:20 aeesgroup_r710 pppd[8954]: rcvd [LCP EchoRep id=0x1a magic=0x8652e960]
Nov 19 16:38:31 aeesgroup_r710 charon: 12[IKE] retransmit 4 of request with message ID 0
Nov 19 16:38:31 aeesgroup_r710 charon: 12[NET] sending packet: from 192.168.15.120[500] to 103.195.52.179[500] (1224 bytes)
Nov 19 16:38:50 aeesgroup_r710 pppd[8954]: sent [LCP EchoReq id=0x1b magic=0x47da512a]
Nov 19 16:38:50 aeesgroup_r710 pppd[8954]: rcvd [LCP EchoReq id=0x18 magic=0x8652e960]
Nov 19 16:38:50 aeesgroup_r710 pppd[8954]: sent [LCP EchoRep id=0x18 magic=0x47da512a]
Nov 19 16:38:50 aeesgroup_r710 pppd[8954]: rcvd [LCP EchoRep id=0x1b magic=0x8652e960]
Nov 19 16:39:13 aeesgroup_r710 charon: 08[IKE] retransmit 5 of request with message ID 0
Nov 19 16:39:13 aeesgroup_r710 charon: 08[NET] sending packet: from 192.168.15.120[500] to 103.195.52.179[500] (1224 bytes)

ORIGINAL ISSUE

Currently I seem to run into the issue that using command echo "c myvpn" > /var/run/xl2tpd/l2tp-control does not create a pppx interface. When running the command as root there is no warning or error message displayed, and I can't seem to find any recorded issues in Syslog. I have tried multiple restarts and reinstalls of xl2tpd. This was the original tutorial I followed, but made a number of changes to support the server configuration and later strongswan version. https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup

Could someone advise where the ppp debug logs reside for xl2tpd & what may be causing issue with no creating of a pppx interface. Network manager is installed on this machine, I'm not sure if this is relevant. All setup has been done in the CLI interface and there are no configurations in the network manager GUI.

Below are the configuration files for Strongswan and xl2tpd

Strongswan ipsec.conf

conn myvpn
        authby=secret
        ike=aes256-sha1-modp1024
        esp=3des-sha1
        auto=add
        keyingtries=%forever
        dpddelay=30
        dpdaction=clear
        rekey=yes
        ikelifetime=8h
        keylife=1h
        type=transport
        left=192.168.15.120
        #leftprotoport=17/1701
        right=103.195.52.179
        #rightprotoport=17/1701
        keyexchange=ikev2
        leftid=%any
        leftsubnet = 172.20.10.0/24

ipsec.secrets standard leftid/rightid : PSK

xl2tpd.conf

[lac myvpn]
lns = 103.195.52.179
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

options.l2tpd.client file

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name $USERNAME
password $PASSWORD

L2TP/IPSEC Client configuration Ubuntu 18.04 LTS

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?