xl2tp + strongswan ipsec — xl2tp timeoutIPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”Can't get the L2TP IPSEC up and runningopenswan and xl2tpd tunnel not working?Cannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8pfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsCan't establish site to site vpn connection between Cisco 3900 and strongSwan clientstrongSwan + xl2tpd VPN server: how to configure several config files?ipsec strongswan debian LXC : received NO_PROPOSAL_CHOSEN notify errorHow to configure strongswan peer-to-peer vpn tunnel using public IP as encryption domain?
How do I partition a matrx into blocks and replace zeros with dots?
Would Jetfuel for a modern jet like an F-16 or a F-35 be producable in the WW2 era?
Boss wants me to falsify a report. How should I document this unethical demand?
Are these reasonable traits for someone with autism?
Plot twist where the antagonist wins
Looking for a soft substance that doesn't dissolve underwater
A steel cutting sword?
Construct a word ladder
Does Nitrogen inside commercial airliner wheels prevent blowouts on touchdown?
Gladys goes shopping
Where's this lookout in Nova Scotia?
Where is the logic in castrating fighters?
Inconsistent results from Wolfram Could
What is Theresa May waiting for?
How should I introduce map drawing to my players?
Did people Unsnap to where they were?
C++ forcing function parameter evalution order
Can I tell a prospective employee that everyone in the team is leaving?
Why didn't Thanos use the Time Stone to stop the Avengers' plan?
Is real public IP Address hidden when using a system wide proxy in Windows 10?
Is it possible to play as a necromancer skeleton?
Do photons bend spacetime or not?
Should one buy new hardware after a system compromise?
Why is this Simple Puzzle impossible to solve?
xl2tp + strongswan ipsec — xl2tp timeout
IPsec/L2TP VPN with OSX client: xl2tpd reports “maximum retries exceeded”Can't get the L2TP IPSEC up and runningopenswan and xl2tpd tunnel not working?Cannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8pfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsCan't establish site to site vpn connection between Cisco 3900 and strongSwan clientstrongSwan + xl2tpd VPN server: how to configure several config files?ipsec strongswan debian LXC : received NO_PROPOSAL_CHOSEN notify errorHow to configure strongswan peer-to-peer vpn tunnel using public IP as encryption domain?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:
Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
uptime: 6 minutes, since Dec 20 01:08:01 2016
malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
Listening IP addresses:
client_ip
Connections:
L2TP-PSK: %any...server_ip IKEv1
L2TP-PSK: local: [client_ip] uses pre-shared key authentication
L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
So everything seems fine on the side of ipsec
When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:
xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
xl2tpd[16779]: Connecting to host server_ip, port 1701
xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[16779]: control_finish: sending SCCRQ
xl2tpd[16779]: network_thread: select timeout
... (5x)
Maximum retries exceeded for tunnel 55245. Closing.
network_thread: select timeout
... (5x)
Unable to deliver closing message for tunnel 55245. Destroying anyway.
Watching the traffic with
tcpdump host server_ip and port l2tp
shows only the following:
12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)
repeatet 5 times and later 3 times:
12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)
Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
What could be wrong?
What can I do, to get more information about the l2tp connection?
I switched on all debugging option in the xl2tp.conf already.
Here are my conf-files:
ipsec.conf
conn L2TP-PSK
keyexchange = ikev1
authby=secret
auto=start
keying=1
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%any
leftprotoport=udp/%any
right=server_ip
rightprotoport=udp/l2tp
xl2tp.conf
[global]
access control = yes
auth file = /etc/xl2tpd/l2tp-secrets
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
[lac connection_name]
lns = server-ip
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.connection_name
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
name = my_loginname
ipsec l2tp strongswan xl2tpd
asked Dec 20 '16 at 0:31
thrthr
136
add a comment |
I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:
Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
uptime: 6 minutes, since Dec 20 01:08:01 2016
malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
Listening IP addresses:
client_ip
Connections:
L2TP-PSK: %any...server_ip IKEv1
L2TP-PSK: local: [client_ip] uses pre-shared key authentication
L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
So everything seems fine on the side of ipsec
When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:
xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
xl2tpd[16779]: Connecting to host server_ip, port 1701
xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[16779]: control_finish: sending SCCRQ
xl2tpd[16779]: network_thread: select timeout
... (5x)
Maximum retries exceeded for tunnel 55245. Closing.
network_thread: select timeout
... (5x)
Unable to deliver closing message for tunnel 55245. Destroying anyway.
Watching the traffic with
tcpdump host server_ip and port l2tp
shows only the following:
12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)
repeatet 5 times and later 3 times:
12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)
Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
What could be wrong?
What can I do, to get more information about the l2tp connection?
I switched on all debugging option in the xl2tp.conf already.
Here are my conf-files:
ipsec.conf
conn L2TP-PSK
keyexchange = ikev1
authby=secret
auto=start
keying=1
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%any
leftprotoport=udp/%any
right=server_ip
rightprotoport=udp/l2tp
xl2tp.conf
[global]
access control = yes
auth file = /etc/xl2tpd/l2tp-secrets
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
[lac connection_name]
lns = server-ip
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.connection_name
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
name = my_loginname
ipsec l2tp strongswan xl2tpd
asked Dec 20 '16 at 0:31
thrthr
136
add a comment |
I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:
Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
uptime: 6 minutes, since Dec 20 01:08:01 2016
malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
Listening IP addresses:
client_ip
Connections:
L2TP-PSK: %any...server_ip IKEv1
L2TP-PSK: local: [client_ip] uses pre-shared key authentication
L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
So everything seems fine on the side of ipsec
When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:
xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
xl2tpd[16779]: Connecting to host server_ip, port 1701
xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[16779]: control_finish: sending SCCRQ
xl2tpd[16779]: network_thread: select timeout
... (5x)
Maximum retries exceeded for tunnel 55245. Closing.
network_thread: select timeout
... (5x)
Unable to deliver closing message for tunnel 55245. Destroying anyway.
Watching the traffic with
tcpdump host server_ip and port l2tp
shows only the following:
12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)
repeatet 5 times and later 3 times:
12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)
Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
What could be wrong?
What can I do, to get more information about the l2tp connection?
I switched on all debugging option in the xl2tp.conf already.
Here are my conf-files:
ipsec.conf
conn L2TP-PSK
keyexchange = ikev1
authby=secret
auto=start
keying=1
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%any
leftprotoport=udp/%any
right=server_ip
rightprotoport=udp/l2tp
xl2tp.conf
[global]
access control = yes
auth file = /etc/xl2tpd/l2tp-secrets
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
[lac connection_name]
lns = server-ip
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.connection_name
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
name = my_loginname
ipsec l2tp strongswan xl2tpd
asked Dec 20 '16 at 0:31
thrthr
136
I'm trying to connect to a ipsec/l2tp vpn from a private network behind a nat-router. It works from different windows clients, but from my linux machine (openSuSE 12.3, stronswan 5.1.3, xl2tp 1.3.0) I don't manage to connect. First problem was, that the server seems to handle just IKE v1 protocol. "keyexchange = ikev1" in ipsec.conf solved this issue. Now "ipsec statusall" shows:
Status of IKE charon daemon (strongSwan 5.1.3, Linux 3.16.7-53-desktop, x86_64):
uptime: 6 minutes, since Dec 20 01:08:01 2016
malloc: sbrk 2838528, mmap 0, used 652816, free 2185712
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon curl soup ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
Listening IP addresses:
client_ip
Connections:
L2TP-PSK: %any...server_ip IKEv1
L2TP-PSK: local: [client_ip] uses pre-shared key authentication
L2TP-PSK: remote: [server_ip] uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
L2TP-PSK[1]: ESTABLISHED 6 minutes ago, client_ip[client_ip]...server_ip[server_ip]
L2TP-PSK[1]: IKEv1 SPIs: a505b49c4edac068_i* 829bf572900386be_r, pre-shared key reauthentication in 7 hours
L2TP-PSK[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
So everything seems fine on the side of ipsec
When starting the l2tp protocol with "echo "c connection_name" > /var/run/xl2tpd/l2tp-control" I just see some timeouts in the systemlog:
xl2tpd[16779]: get_call: allocating new tunnel for host server_ip, port 1701.
xl2tpd[16779]: Connecting to host server_ip, port 1701
xl2tpd[16779]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[16779]: control_finish: sending SCCRQ
xl2tpd[16779]: network_thread: select timeout
... (5x)
Maximum retries exceeded for tunnel 55245. Closing.
network_thread: select timeout
... (5x)
Unable to deliver closing message for tunnel 55245. Destroying anyway.
Watching the traffic with
tcpdump host server_ip and port l2tp
shows only the following:
12:58:39.221494 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() *FIRM_VER(1680) *HOST_NAME(my_site) *VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(49091) *RECV_WIN_SIZE(4)
repeatet 5 times and later 3 times:
12:58:44.226892 IP client_ip.l2f > server_ip.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(49091) *RESULT_CODE(1/0 Timeout)
Obviously there is no answer from the server to the l2tp packages. But as said before, it works with several windows clients
What could be wrong?
What can I do, to get more information about the l2tp connection?
I switched on all debugging option in the xl2tp.conf already.
Here are my conf-files:
ipsec.conf
conn L2TP-PSK
keyexchange = ikev1
authby=secret
auto=start
keying=1
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%any
leftprotoport=udp/%any
right=server_ip
rightprotoport=udp/l2tp
xl2tp.conf
[global]
access control = yes
auth file = /etc/xl2tpd/l2tp-secrets
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
[lac connection_name]
lns = server-ip
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.connection_name
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
name = my_loginname
ipsec l2tp strongswan xl2tpd
ipsec l2tp strongswan xl2tpd
asked Dec 20 '16 at 0:31
thrthr
136
asked Dec 20 '16 at 0:31
thrthr
136
edited Dec 21 '16 at 12:33
thr
asked Dec 20 '16 at 0:31
thrthr
136
asked Dec 20 '16 at 0:31
thrthr
136
asked Dec 20 '16 at 0:31
thrthr
136
136
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.
To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.
sudo apt-get install ike-scan
sudo ike-scan <address.of.server>
Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
# leave off gnome if using Unity/KDE
sudo apt-get install network-manager-l2tp-gnome
http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
http://disq.us/p/1jcput9
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f821709%2fxl2tp-strongswan-ipsec-xl2tp-timeout%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.
To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.
sudo apt-get install ike-scan
sudo ike-scan <address.of.server>
Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
# leave off gnome if using Unity/KDE
sudo apt-get install network-manager-l2tp-gnome
http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
http://disq.us/p/1jcput9
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
add a comment |
I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.
To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.
sudo apt-get install ike-scan
sudo ike-scan <address.of.server>
Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
# leave off gnome if using Unity/KDE
sudo apt-get install network-manager-l2tp-gnome
http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
http://disq.us/p/1jcput9
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
add a comment |
I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.
To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.
sudo apt-get install ike-scan
sudo ike-scan <address.of.server>
Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
# leave off gnome if using Unity/KDE
sudo apt-get install network-manager-l2tp-gnome
http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
http://disq.us/p/1jcput9
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
I was able to get this working in my case (Ubuntu) by using the NetworkManager L2TP plugin and forcing only the specific encryption algorithm supported by the server.
To discover the algorithms supported by your server you can use ike-scan which may be in the package repository or you can find an equivalent script here.
sudo apt-get install ike-scan
sudo ike-scan <address.of.server>
Then once you know the supported protocols you can put them into the config files or use the GUI by installing the below.
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
# leave off gnome if using Unity/KDE
sudo apt-get install network-manager-l2tp-gnome
http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
http://disq.us/p/1jcput9
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
edited Jun 7 '17 at 21:26
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
answered Jun 7 '17 at 21:17
dragon788dragon788
32937
32937
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f821709%2fxl2tp-strongswan-ipsec-xl2tp-timeout%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
