This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP IPSec Linux Roadwarrior

support@computer-ss.com over 14 years ago

Hi I have an ASG 320 and would like to have a few remote Linux workstations connect to it using L2TP/IPSEC.

I have the IPSEC part working fine, but when I try to initiate the L2TP phase I get an authentication error.

Any pointers would be appreciated!  I think I am making a small mistake, but being able to provide a full Linux Roadwarrior config would be a first on this forum.  Unless I really suck that bad at trying to search for an existing solution [:)]

--------------------------------------------- IPSEC Debug ---------------------------------------------------------------------
mann-vpn:/etc/ppp# ipsec status
000 "L2TP-PSK-CLIENT": 10.0.0.109:4500:17/1701---10.0.0.1...publicIP:4500:17/1701; erouted; eroute owner: #34
000 "L2TP-PSK-CLIENT":   newest ISAKMP SA: #31; newest IPsec SA: #34;
000
000 #34: "L2TP-PSK-CLIENT" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2110s; newest IPSEC; eroute owner
000 #34: "L2TP-PSK-CLIENT" esp.5f942ef@publicIP (1104 bytes, 55s ago) esp.cdce2022@10.0.0.109 (1096 bytes, 55s ago); tunnel
000 #33: "L2TP-PSK-CLIENT" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_EXPIRE in 151s
000 #33: "L2TP-PSK-CLIENT" esp.5f94292@publicIP (4811 bytes) esp.9621fcd2@10.0.0.109 (4720 bytes); tunnel
000 #31: "L2TP-PSK-CLIENT" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2821s; newest ISAKMP
000

----------------------------------------- L2TP Debug--------------------------------------

Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: start_pppd: I'm running:
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "/usr/sbin/pppd"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "passive"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "-detach"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: ":"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "refuse-pap"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "auth"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "require-chap"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "name"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "oschmann"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "debug"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "file"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "/etc/ppp/options.l2tpd.client"
Apr 21 08:12:25 oschmann-vpn xl2tpd[2224]: "/dev/pts/0"
Apr 21 08:12:25 oschmann-vpn pppd[2621]: using channel 3
Apr 21 08:12:25 oschmann-vpn pppd[2621]: sent [LCP ConfReq id=0x1     ]
Apr 21 08:12:25 oschmann-vpn pppd[2621]: rcvd [LCP ConfReq id=0x1      ]
Apr 21 08:12:25 oschmann-vpn pppd[2621]: sent [LCP ConfNak id=0x1 ]
Apr 21 08:12:25 oschmann-vpn pppd[2621]: rcvd [LCP ConfReq id=0x2      ]
Apr 21 08:12:25 oschmann-vpn pppd[2621]: sent [LCP ConfAck id=0x2      ]
Apr 21 08:12:28 oschmann-vpn pppd[2621]: sent [LCP ConfReq id=0x1     ]
Apr 21 08:12:28 oschmann-vpn pppd[2621]: rcvd [LCP ConfAck id=0x1     ]
Apr 21 08:12:28 oschmann-vpn pppd[2621]: sent [LCP EchoReq id=0x0 magic=0xa2823e4e]
Apr 21 08:12:28 oschmann-vpn pppd[2621]: rcvd [CHAP Challenge id=0xf8 , name = "Astaro Security Gateway"]
Apr 21 08:12:28 oschmann-vpn pppd[2621]: sent [CHAP Response id=0xf8 , name = "oschmann"]
Apr 21 08:12:28 oschmann-vpn pppd[2621]: rcvd [LCP EchoRep id=0x0 magic=0xad13dadf]
Apr 21 08:12:30 oschmann-vpn pppd[2621]: rcvd [CHAP Failure id=0xf8 "E=691 R=1 C=853ed8ad5e544d98e62bfaeb7f92f001 V=0 M=Access denied"]
Apr 21 08:12:30 oschmann-vpn pppd[2621]: sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Apr 21 08:12:30 oschmann-vpn pppd[2621]: rcvd [LCP TermReq id=0x3 "Authentication failed"]
Apr 21 08:12:30 oschmann-vpn pppd[2621]: sent [LCP TermAck id=0x3]
Apr 21 08:12:30 oschmann-vpn pppd[2621]: rcvd [LCP TermAck id=0x2]
Apr 21 08:12:30 oschmann-vpn xl2tpd[2224]: child_handler : pppd exited for call 47168 with code 19
Apr 21 08:12:30 oschmann-vpn xl2tpd[2224]: Trustingly terminating pppd: sending TERM signal to pid 2621
Apr 21 08:12:30 oschmann-vpn xl2tpd[2224]: pppd 2621 successfully terminated
Apr 21 08:13:08 oschmann-vpn xl2tpd[2224]: check_control: Received out of order control packet on tunnel 32545 (got 906, expected 905)
Apr 21 08:13:08 oschmann-vpn xl2tpd[2224]: handle_packet: bad control packet!

--------------------------------------------L2TP Config----------------------------------------
cat /etc/ppp options.l2tpd.client

ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
noauth
usepeerdns
refuse-pap
refuse-eap
noccp
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000

cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server           secret                  IP addresses
oschmann   *                  myPassword           *
*                 oschmann    myPassword           *

cat /etc/xl2tpd/xl2tpd.conf

[global]                                                               ; Global parameters:
port = 1701                                                    ; * Bind to port 1701
auth file = /etc/l2tpd/l2tp-secrets    ; * Where our challenge secrets are
access control = yes                                   ; * Refuse connections without IP match
rand source = dev                     ; Source for entropy for random
;                                       ; numbers, options are:
;                                       ; dev - reads of /dev/urandom
;                                       ; sys - uses rand()
;                                       ; egd - reads from egd socket
;                                       ; egd is not yet implemented

[lac LXI]
lns = astaroPublicIP
require chap = yes
refuse pap = yes
require authentication = yes
name = oschmann
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

This thread was automatically locked due to age.