I'm trying to connect an Ubuntu Server 16.04 to an IPSec L2TP VPN using the strongswan client.
Aparently the connection is established successfully, but the interface ppp0 isn't created.
This is the result of sudo ipsec up myconnection
:
initiating Main Mode IKE_SA myconnection[2] to 116.38.129.101
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (212 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (132 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (244 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (236 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (100 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (68 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myconnection[2] established between 192.168.0.104[192.168.0.104]...116.38.129.101[116.38.129.101]
scheduling reauthentication in 10033s
maximum IKE_SA lifetime 10573s
generating QUICK_MODE request 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (220 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (188 bytes)
parsed QUICK_MODE response 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
connection 'myconnection' established successfully
Any hint?.
Best Answer
First of all check with
uname -a
your Linux kernel version and, if you have the4.14
, I have bad news for you: you have a bugged kernel. The4.13
seems good, and also the4.15
, but not the4.14
. See this answer in a libreswan bug report.Anyway you can also try Network Manager. Install the
network-manager-l2tp
package.Here an example of a valid NetworkManager VPN file that you can save in
/etc/NetworkManager/system-connections/MY_DAMN_VPN
:Then restart Network Manager and activate the VPN:
This stuff was tested in Debian GNU/Linux buster with a damn Microsoft Windows VPN server.
Good luck!
P.S.
Do not try to use OpenVPN to talk with a proprietary VPN server: OpenVPN is based on TLS technology (because it has security in mind). L2TP/IPsec seems to be not. [1]
[1]: https://en.wikipedia.org/wiki/IPsec From Wikipedia you can further read about the NSA interference in IPsec, thanks to some sources about it.