Ubuntu: cannot connect using L2TP IPsec VPN Manager 1.0.9 on Ubuntu Desktop 14.04



Question:

used Synaptic to install L2TP
have checked the dependencies are installed too.
but cannot connect to work VPN
when i click connect Ubuntu reports
error 410

$> sudo ipsec verify

Checking your system to see if IPsec got installed and started correctly:  Version check and ipsec on-path                                 [OK]  Linux Openswan U2.6.38/K3.13.0-34-generic (netkey)  Checking for IPsec support in kernel                            [OK]   SAref kernel support                                           [N/A]   NETKEY:  Testing XFRM related proc values                      [FAILED]      Please disable /proc/sys/net/ipv4/conf/*/send_redirects    or NETKEY will cause the sending of bogus ICMP redirects!        [FAILED]      Please disable /proc/sys/net/ipv4/conf/*/accept_redirects    or NETKEY will accept bogus ICMP redirects!        [OK]  Checking that pluto is running                                  [OK]   Pluto listening for IKE on udp 500                             [OK]   Pluto listening for NAT-T on udp 4500                          [OK]  Checking for 'ip' command                                       [OK]  Checking /bin/sh is not /bin/dash                               [WARNING]  Checking for 'iptables' command                                 [OK]  Opportunistic Encryption Support                                [DISABLED]  

SysLog >

Aug 21 18:56:30 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection  Aug 21 18:56:30 WITTY105 L2tpIPsecVpnControlDaemon: Executing command ipsec setup stop  Aug 21 18:56:30 WITTY105 ipsec_setup: Stopping Openswan IPsec...  Aug 21 18:56:32 WITTY105 kernel: [ 4417.877398] NET: Unregistered protocol family 15  Aug 21 18:56:32 WITTY105 ipsec_setup: ...Openswan IPsec stopped  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command ipsec setup stop finished     with exit code 0  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop  Aug 21 18:56:32 WITTY105 xl2tpd[1307]: death_handler: Fatal signal 15 received  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd start  Aug 21 18:56:32 WITTY105 xl2tpd[5487]: setsockopt recvref[30]: Protocol not available  Aug 21 18:56:32 WITTY105 xl2tpd[5487]: This binary does not support kernel L2TP.  Aug 21 18:56:32 WITTY105 xl2tpd[5488]: xl2tpd version xl2tpd-1.3.6 started on WITTY105 PID:5488  Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.  Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Forked by Scott Balmos and David Stipp, (C) 2001  Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Inherited by Jeff McAdams, (C) 2002  Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Forked again by Xelerance (www.xelerance.com) (C) 2006  Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Listening on IP address 0.0.0.0, port 1701  Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd start finished with exit code 0  Aug 21 18:56:33 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection  Aug 21 18:56:33 WITTY105 xl2tpd[5488]: Connecting to host vpn.mycompany.com, port 1701  Aug 21 18:56:38 WITTY105 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541.  Closing.  Aug 21 18:56:38 WITTY105 xl2tpd[5488]: Connection 0 closed to 50.***.***.206, port 1701 (Timeout)  Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection  Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop  Aug 21 18:56:38 WITTY105 xl2tpd[5488]: death_handler: Fatal signal 15 received  Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0  Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection  

MYCO-VPN.options.xl2tpd

plugin passprompt.so  ipcp-accept-local  ipcp-accept-remote  idle 72000  ktune  noproxyarp  asyncmap 0  noauth  crtscts  lock  hide-password  modem  noipx    ipparam L2tpIPsecVpn-MYCO-VPN    promptprog "/usr/bin/L2tpIPsecVpn"    refuse-eap  refuse-chap  refuse-mschap  refuse-mschap-v2    remotename ""  name "myname@mycompany.com"  password "mypass"  

ipsec.config

version 2.0 # conforms to second version of ipsec.conf specification    config setup      plutodebug="parsing emitting control private"      # plutodebug=none      strictcrlpolicy=no      nat_traversal=yes      interfaces=%defaultroute      oe=off      # which IPsec stack to use. netkey,klips,mast,auto or none      protostack=netkey    conn %default      keyingtries=3      pfs=no      rekey=yes      type=transport      left=%defaultroute      leftprotoport=17/1701      rightprotoport=17/1701    # Add connections here.  

ipsec.secrets > is empty

the VPN Manager Logs show >

Aug 21 18:56:30.789 ipsec_setup: Stopping Openswan IPsec...  Aug 21 18:56:32.206 Stopping xl2tpd: xl2tpd.  Aug 21 18:56:32.206 xl2tpd[1307]: death_handler: Fatal signal 15 received  Aug 21 18:56:32.216 <b>recvref[30]: Protocol not available</b>  Aug 21 18:56:32.217 <b>xl2tpd[5487]: This binary does not support kernel L2TP.</b>  Aug 21 18:56:32.217 xl2tpd[5488]: xl2tpd version xl2tpd-1.3.6 started on WITTY105     PID:5488  Aug 21 18:56:32.218 xl2tpd[5488]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.  Aug 21 18:56:32.218 xl2tpd[5488]: Forked by Scott Balmos and David Stipp, (C) 2001  Aug 21 18:56:32.218 xl2tpd[5488]: Inherited by Jeff McAdams, (C) 2002  Aug 21 18:56:32.220 xl2tpd[5488]: Forked again by Xelerance (www.xelerance.com) (C)     2006  Aug 21 18:56:32.220 xl2tpd[5488]: Listening on IP address 0.0.0.0, port 1701  Aug 21 18:56:32.220 Starting xl2tpd: xl2tpd.  Aug 21 18:56:33.659 xl2tpd[5488]: Connecting to host vpn.obeohealth.com, port 1701  Aug 21 18:56:38.665 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541.      Closing.  Aug 21 18:56:38.665 [ERROR  410]   Connection attempt to 'MYCO-VPN' timed out  Aug 21 18:56:38.667 xl2tpd[5488]: Connection 0 closed to 50.***.***.205, port 1701 (Timeout)  Aug 21 18:56:38.676 Stopping xl2tpd: xl2tpd.  Aug 21 18:56:38.676 xl2tpd[5488]: death_handler: Fatal signal 15 received  


These lines are are self explanatory
recvref[30]: Protocol not available
xl2tpd[5487]: This binary does not support kernel L2TP.

kernel: [ 4417.877398] NET: Unregistered protocol family 15
so, how to L2TP?
if Ubuntu Desktop doesnt have support, which Distro does?

TIA


Solution:1

L2TP/IPSec VPN it is a two phase vpn. First IPSec, second L2TP with PPP. Before trying to solve any problem with L2TP (with or without NAT) you must be sure that first phase (IPSec) it is ok. There are two possible methods for IPSec authentication/encryption, ssl certs or pre-shared key. If you are using ssl certs than you can have a empty ipsec.secrets, but if you plan to use pre-shared key your ipsec.secrets must have a pre-shared key there. If you do not have any problems with IPSec you will be able to establish a security association with IPSec and first phase is done.

Second phase you must choose a authetication method for PPP and you are denying all pppd available password methods... refuse-eap refuse-chap refuse-mschap refuse-mschap-v2 you need to accept at least one...

Your problem it is here: Aug 21 18:56:33.659 xl2tpd[5488]: Connecting to host vpn.obeohealth.com, port 1701 Aug 21 18:56:38.665 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541. Closing. Aug 21 18:56:38.665 [ERROR 410] Connection attempt to 'MYCO-VPN' timed out

This means that you are not able to establish a L2 tunnel and probably it is because your IPSec connection it is not established yet.

You can turn on debug in L2TP to help you and you should check pluto logs also.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »