No VPN Connection on 10.04

pw44 · November 29, 2012, 09:44:37 PM

Polly, the strange is that your config files are almost the same as mines, but i'm stiil getting xl2tpd error.
How is your l2tp-secrets looking (no password, please)

Ipsec goes well......
Sambuca, any hint?
TIA,
Paulo

pw44 · November 30, 2012, 06:53:41 PM

Hi,
yesterday, vpn connected, two times and no more.
Is xl2tp reliable?

sambuca · November 30, 2012, 08:51:31 PM

I have experienced that ipsec has stopped a few times - I haven't looked any more at it.

I'm sorry, but I don't know much about xl2tpd in this regard.

br,
sambuca

pw44 · November 30, 2012, 10:54:31 PM

well, it seams the ppp will be the reliable one.....

I will test ppp on 10.04 (had i working on 8.10).
BR
Paulo

Techstyle · December 04, 2012, 09:18:37 PM

It seems somebody closed the ticket, can anybody confirm it works out of the box?

robwoodward75 · December 04, 2012, 11:05:42 PM

Hi Techstyle,

Looks like Pos decided that Sambuca's comment of:

Quote
Changed 10 days ago by sambuca

For the record, the ipsec stuff is logged to /var/log/auth.log and the pppd and xl2tpd is logged to /var/log/syslog. Once you see "STATE_QUICK_R2: IPsec SA established transport mode" in the auth.log, ipsec is connected, and you should start looking at the xl2tpd/pppd logs.

meant that the whole thing was working, rather than just the ipsec connection. Any chance you can re-open the ticket with a suitable comment to make sure the whole thing is fixed before closing the ticket?!!

pw44 · December 06, 2012, 07:19:45 PM

ipsec maybe working, but xl2tpd is unreliable..... could not make it work for more than 2 minutes and repeat it.... i only got it working 2 times, for less than 2 minutes, in a universe of more than 100 tries.

Marie.O · December 06, 2012, 08:23:20 PM

If someone is able to get a good connection for 2 minutes, try changing /etc/ppp/options.xl2tpd

Code Select


lcp-echo-interval 30
lcp-echo-failure 4

to higher numbers, and see if that changes stuff.

robwoodward75 · December 10, 2012, 01:38:33 PM

According to Sambuca on the Ticket, he has a working VPN connection, and has had all along.

Quote
For the record, this was a generic comment related to the logs posted here and elsewhere.

For me, VPN has worked all along, and this was communicated to pos in IRC.

Sambuca,

Any chance you could therefore share all your VPN related settings with us all (obviously hiding passwords), so that we may all have working VPN please? We just need one fully working set which we can try them and confirm.

I am struggling to understand how you've had a working connection all a along, and we (myself, Techstyle, Polly, pw44, and I think posde?!) cannot. I have only ever managed to get a stable VPN connection by connecting to it from within my own network at home, not from outside that network. From outside my network, I can get the IPSEC to authenticate via PSK now, but never managed to connect the L2TP part to establish the fully working VPN. Even with the firewall switched off, I cannot establish a connection.

Thanks.

sambuca · December 10, 2012, 02:44:27 PM

I don't do any special setup in LMCE for VPN, the standard setup done through the web-admin is enough.

That said, I did struggle to get my router to cooperate, and imho I think that is were most people have problems too. To support this theory even more, I am unable to get a VPN connection from my office, but from other networks it works fine.

br,
sambuca

robwoodward75 · December 11, 2012, 03:24:07 PM

Interesting........

I only have a modem connection to the outside facing NIC, the routers are connected to the internal NIC, which I can get (or at least have got) VPN connection on using one of the settings suggested. Office issue I can understand, I have similar problem with ssh to my server from the office, as they block outgoing traffic on port 22, so I have to port forward from another port number back to 22 within the LMCE firewall. however, I have been trying using my Android mobile mainly, or, my laptop pointing at the external DNS entry. Both of which I can get to work from internal to the network, using 192.168.80.1 as the host.

Not sure if it is the modem how I can test / verify that?! Any ideas?

Rob.

sambuca · December 11, 2012, 03:39:56 PM

I have used my mobile data carrier for testing, but I can't guarantee that all providers are the same..

I would first see if there is any settings related to VPN in the modem.

br,
sambuca

pw44 · December 11, 2012, 09:56:11 PM

Frankly speaking, i gave up with ipsec/l2tp.
My setup is:
ADSL <------> Tomato router <----> external NIC LMCE <-----> Internal NIC <-----> Home network.
On my tomato: UDP 500, 1701 and 4500 forward to external NIC
On my LMCE Firewall: 500 and 4500.
I did read a ton of tutorials, had examples, but got it working only 2 times for less than 3 minutes each.
That's all.
I will set up the old pptp, which i had working on my 8.10 box with no glitch, but after vacation.

sambuca · December 12, 2012, 07:25:58 AM

Ok, fair enough.

Just a clarification on the ports, in case anyone reads this later on.
Do not forward port 1701!! Doing so allows bypassing the security of the VPN completely.

In my setup I forwarded ports 500 and 4500, and also enabled "IPSEC passthrough" on the router.

br,
sambuca

LinuxMCE Forums

News:

No VPN Connection on 10.04

pw44

pw44

sambuca

pw44

Techstyle

robwoodward75

pw44

Marie.O

robwoodward75

sambuca

robwoodward75

sambuca

pw44

sambuca