xl2tp + strongswan ipsec — xl2tp timeoutIPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”Can't get the L2TP IPSEC up and runningopenswan and xl2tpd tunnel not working?Cannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8pfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsCan't establish site to site vpn connection between Cisco 3900 and strongSwan clientstrongSwan + xl2tpd VPN server: how to configure several config files?ipsec strongswan debian LXC : received NO_PROPOSAL_CHOSEN notify errorHow to configure strongswan peer-to-peer vpn tunnel using public IP as encryption domain?

How do I partition a matrx into blocks and replace zeros with dots?

Would Jetfuel for a modern jet like an F-16 or a F-35 be producable in the WW2 era?

Boss wants me to falsify a report. How should I document this unethical demand?

Are these reasonable traits for someone with autism?

Plot twist where the antagonist wins

Looking for a soft substance that doesn't dissolve underwater

A steel cutting sword?

Construct a word ladder

Does Nitrogen inside commercial airliner wheels prevent blowouts on touchdown?

Gladys goes shopping

Where's this lookout in Nova Scotia?

Where is the logic in castrating fighters?

Inconsistent results from Wolfram Could

What is Theresa May waiting for?

How should I introduce map drawing to my players?

Did people Unsnap to where they were?

C++ forcing function parameter evalution order

Can I tell a prospective employee that everyone in the team is leaving?

Why didn't Thanos use the Time Stone to stop the Avengers' plan?

Is real public IP Address hidden when using a system wide proxy in Windows 10?

Is it possible to play as a necromancer skeleton?

Do photons bend spacetime or not?

Should one buy new hardware after a system compromise?

Why is this Simple Puzzle impossible to solve?



xl2tp + strongswan ipsec — xl2tp timeout


IPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”Can't get the L2TP IPSEC up and runningopenswan and xl2tpd tunnel not working?Cannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8pfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsCan't establish site to site vpn connection between Cisco 3900 and strongSwan clientstrongSwan + xl2tpd VPN server: how to configure several config files?ipsec strongswan debian LXC : received NO_PROPOSAL_CHOSEN notify errorHow to configure strongswan peer-to-peer vpn tunnel using public IP as encryption domain?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








1















I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:



Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
 uptime: 6 minutes, since Dec 20 01:08:01 2016
 malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
 worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
 loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
Listening IP addresses:
 client_ip
Connections:
 L2TP-PSK: %any...server_ip IKEv1
 L2TP-PSK: local: [client_ip] uses pre-shared key authentication
 L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
 L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
 L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
 L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
 L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048


So everything seems fine on the side of ipsec
When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:



 xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
 xl2tpd[16779]: Connecting to host server_ip, port 1701
 xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.

xl2tpd[16779]: control_finish: sending SCCRQ
 xl2tpd[16779]: network_thread: select timeout
 ... (5x)
 Maximum retries exceeded for tunnel 55245. Closing.
 network_thread: select timeout
 ... (5x)
 Unable to deliver closing message for tunnel 55245. Destroying anyway.


Watching the traffic with




tcpdump host server_ip and port l2tp




shows only the following:



12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)


repeatet 5 times and later 3 times:



12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)


Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
What could be wrong?



What can I do, to get more information about the l2tp connection?



I switched on all debugging option in the xl2tp.conf already.
Here are my conf-files:



ipsec.conf



conn L2TP-PSK
 keyexchange = ikev1
 authby=secret
 auto=start
 keying=1
 rekey=yes
 ikelifetime=8h
 keylife=1h
 type=transport
 left=%any
 leftprotoport=udp/%any
 right=server_ip
 rightprotoport=udp/l2tp


xl2tp.conf



[global]
access control = yes
auth file = /etc/xl2tpd/l2tp-secrets
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes

[lac connection_name]
lns = server-ip
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.connection_name
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
name = my_loginname





ipsec l2tp strongswan xl2tpd







share|improve this question






























    1















    I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:



    Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
     uptime: 6 minutes, since Dec 20 01:08:01 2016
     malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
     worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
     loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
    Listening IP addresses:
     client_ip
    Connections:
     L2TP-PSK: %any...server_ip IKEv1
     L2TP-PSK: local: [client_ip] uses pre-shared key authentication
     L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
     L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
    Security Associations (1 up, 0 connecting):
     L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
     L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
     L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048


    So everything seems fine on the side of ipsec
    When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:



     xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
     xl2tpd[16779]: Connecting to host server_ip, port 1701
     xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.

    xl2tpd[16779]: control_finish: sending SCCRQ
     xl2tpd[16779]: network_thread: select timeout
     ... (5x)
     Maximum retries exceeded for tunnel 55245. Closing.
     network_thread: select timeout
     ... (5x)
     Unable to deliver closing message for tunnel 55245. Destroying anyway.


    Watching the traffic with




    tcpdump host server_ip and port l2tp




    shows only the following:



    12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)


    repeatet 5 times and later 3 times:



    12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)


    Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
    What could be wrong?



    What can I do, to get more information about the l2tp connection?



    I switched on all debugging option in the xl2tp.conf already.
    Here are my conf-files:



    ipsec.conf



    conn L2TP-PSK
     keyexchange = ikev1
     authby=secret
     auto=start
     keying=1
     rekey=yes
     ikelifetime=8h
     keylife=1h
     type=transport
     left=%any
     leftprotoport=udp/%any
     right=server_ip
     rightprotoport=udp/l2tp


    xl2tp.conf



    [global]
    access control = yes
    auth file = /etc/xl2tpd/l2tp-secrets
    debug avp = yes
    debug network = yes
    debug state = yes
    debug tunnel = yes

    [lac connection_name]
    lns = server-ip
    ppp debug = yes
    pppoptfile = /etc/ppp/options.xl2tpd.connection_name
    length bit = yes
    require authentication = yes
    require chap = yes
    refuse pap = yes
    name = my_loginname





    ipsec l2tp strongswan xl2tpd







    share|improve this question


























      1












      1








      1








      I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:



      Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
       uptime: 6 minutes, since Dec 20 01:08:01 2016
       malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
       worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
       loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
      Listening IP addresses:
       client_ip
      Connections:
       L2TP-PSK: %any...server_ip IKEv1
       L2TP-PSK: local: [client_ip] uses pre-shared key authentication
       L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
       L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
      Security Associations (1 up, 0 connecting):
       L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
       L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
       L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048


      So everything seems fine on the side of ipsec
      When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:



       xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
       xl2tpd[16779]: Connecting to host server_ip, port 1701
       xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.

      xl2tpd[16779]: control_finish: sending SCCRQ
       xl2tpd[16779]: network_thread: select timeout
       ... (5x)
       Maximum retries exceeded for tunnel 55245. Closing.
       network_thread: select timeout
       ... (5x)
       Unable to deliver closing message for tunnel 55245. Destroying anyway.


      Watching the traffic with




      tcpdump host server_ip and port l2tp




      shows only the following:



      12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)


      repeatet 5 times and later 3 times:



      12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)


      Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
      What could be wrong?



      What can I do, to get more information about the l2tp connection?



      I switched on all debugging option in the xl2tp.conf already.
      Here are my conf-files:



      ipsec.conf



      conn L2TP-PSK
       keyexchange = ikev1
       authby=secret
       auto=start
       keying=1
       rekey=yes
       ikelifetime=8h
       keylife=1h
       type=transport
       left=%any
       leftprotoport=udp/%any
       right=server_ip
       rightprotoport=udp/l2tp


      xl2tp.conf



      [global]
      access control = yes
      auth file = /etc/xl2tpd/l2tp-secrets
      debug avp = yes
      debug network = yes
      debug state = yes
      debug tunnel = yes

      [lac connection_name]
      lns = server-ip
      ppp debug = yes
      pppoptfile = /etc/ppp/options.xl2tpd.connection_name
      length bit = yes
      require authentication = yes
      require chap = yes
      refuse pap = yes
      name = my_loginname





      ipsec l2tp strongswan xl2tpd







      share|improve this question
















      I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:



      Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
       uptime: 6 minutes, since Dec 20 01:08:01 2016
       malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
       worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
       loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
      Listening IP addresses:
       client_ip
      Connections:
       L2TP-PSK: %any...server_ip IKEv1
       L2TP-PSK: local: [client_ip] uses pre-shared key authentication
       L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
       L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
      Security Associations (1 up, 0 connecting):
       L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
       L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
       L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048


      So everything seems fine on the side of ipsec
      When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:



       xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
       xl2tpd[16779]: Connecting to host server_ip, port 1701
       xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.

      xl2tpd[16779]: control_finish: sending SCCRQ
       xl2tpd[16779]: network_thread: select timeout
       ... (5x)
       Maximum retries exceeded for tunnel 55245. Closing.
       network_thread: select timeout
       ... (5x)
       Unable to deliver closing message for tunnel 55245. Destroying anyway.


      Watching the traffic with




      tcpdump host server_ip and port l2tp




      shows only the following:



      12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)


      repeatet 5 times and later 3 times:



      12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)


      Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
      What could be wrong?



      What can I do, to get more information about the l2tp connection?



      I switched on all debugging option in the xl2tp.conf already.
      Here are my conf-files:



      ipsec.conf



      conn L2TP-PSK
       keyexchange = ikev1
       authby=secret
       auto=start
       keying=1
       rekey=yes
       ikelifetime=8h
       keylife=1h
       type=transport
       left=%any
       leftprotoport=udp/%any
       right=server_ip
       rightprotoport=udp/l2tp


      xl2tp.conf



      [global]
      access control = yes
      auth file = /etc/xl2tpd/l2tp-secrets
      debug avp = yes
      debug network = yes
      debug state = yes
      debug tunnel = yes

      [lac connection_name]
      lns = server-ip
      ppp debug = yes
      pppoptfile = /etc/ppp/options.xl2tpd.connection_name
      length bit = yes
      require authentication = yes
      require chap = yes
      refuse pap = yes
      name = my_loginname





      ipsec l2tp strongswan xl2tpd




      ipsec l2tp strongswan xl2tpd






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 21 '16 at 12:33







      thr

















      asked Dec 20 '16 at 0:31









      thrthr

      136




      136




















          1 Answer
          1






          active

          oldest

          votes


















          0














          I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.



          To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.



          sudo apt-get install ike-scan
          sudo ike-scan <address.of.server>


          Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.



          sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp 
          sudo apt-get update 
          # leave off gnome if using Unity/KDE
          sudo apt-get install network-manager-l2tp-gnome


          http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/



          http://disq.us/p/1jcput9






          share|improve this answer

























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "2"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f821709%2fxl2tp-strongswan-ipsec-xl2tp-timeout%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.



            To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.



            sudo apt-get install ike-scan
            sudo ike-scan <address.of.server>


            Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.



            sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp 
            sudo apt-get update 
            # leave off gnome if using Unity/KDE
            sudo apt-get install network-manager-l2tp-gnome


            http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/



            http://disq.us/p/1jcput9






            share|improve this answer





























              0














              I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.



              To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.



              sudo apt-get install ike-scan
              sudo ike-scan <address.of.server>


              Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.



              sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp 
              sudo apt-get update 
              # leave off gnome if using Unity/KDE
              sudo apt-get install network-manager-l2tp-gnome


              http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/



              http://disq.us/p/1jcput9






              share|improve this answer



























                0












                0








                0







                I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.



                To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.



                sudo apt-get install ike-scan
                sudo ike-scan <address.of.server>


                Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.



                sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp 
                sudo apt-get update 
                # leave off gnome if using Unity/KDE
                sudo apt-get install network-manager-l2tp-gnome


                http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/



                http://disq.us/p/1jcput9






                share|improve this answer















                I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.



                To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.



                sudo apt-get install ike-scan
                sudo ike-scan <address.of.server>


                Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.



                sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp 
                sudo apt-get update 
                # leave off gnome if using Unity/KDE
                sudo apt-get install network-manager-l2tp-gnome


                http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/



                http://disq.us/p/1jcput9







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jun 7 '17 at 21:26

























                answered Jun 7 '17 at 21:17









                dragon788dragon788

                32937




                32937



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f821709%2fxl2tp-strongswan-ipsec-xl2tp-timeout%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

                    Image
                    Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
                    Read more

                    Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

                    Image
                    Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
                    Read more

                    Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

                    Image
                    OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
                    Read more