Finally, a tool which can provide the required UI and generate the suitable configuration for xl2tp, ppp and openswan to provide the L2TP over IPsec on Linux with only a few clicks. I have tested it, it works without problem with my dept ASA applicance and CUHK’s VPN. The only minor problem is that you better to do a reboot after adding VPN connection, otherwise it will never works!! Moreover, after the disconnection, the assigned DNS servers cannot be resumed to the original one.
https://launchpad.net/l2tp-ipsec-vpn
Ubuntu 11.04 installation procedures :
sudo apt-add-repository ppa:werner-jaeger/ppa-werner-vpn
sudo apt-get update
sudo apt-get install l2tp-ipsec-vpn
gsettings set com.canonical.Unity.Panel systray-whitelist "['all']"
sudo shutdown -r now
http://www.tuvpn.com/en/tutorials/l2tp-ipsec-ubuntu-11-04-natty-narwhal#step-0
PS: After testing the VPN connections to my dept. VPN for a while, I found a strange problem : All the connection worked without problem at the very beginning, say ssh, http, etc. However, whenever I needed to submit a form via one of my testing web server. The connection hanged and the form could never been saved. I have puzzled for this problem for weeks. At last, baesd on my past experience of configuration of modem dialup, I changed the mtu of the ppp connection from default 1500 to 1000 since sometimes you may need to adjust the mtu during dialup over WAN and everything worked like a magic!!
For my conflagration at home, I need to add mtu 1000 at the end of the file /etc/ppp/IEVPN.options.xl2tpd and at my office LAN, I don’t need to add this to make the stuff works.
Extra:
你好, ubuntu連不上 cuhk vpn的問題困擾我好久
我嘗試按照你的方法去做但連不上CUHK VPN
請問那個remote server不是vpn.cuhk.edu.hk麼, 圖中看上去不太像
求求你幫幫我吧!!
附上log
xl2tpd[1128]: death_handler: Fatal signal 15 received
Stopping xl2tpd: xl2tpd.
ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.38-11-generic…
Sep 11 02:31:15 CQ40 ipsec__plutorun: Starting Pluto subsystem…
recvref[22]: Protocol not available
xl2tpd[1957]: This binary does not support kernel L2TP.
xl2tpd[1958]: xl2tpd version xl2tpd-1.2.6 started on CQ40 PID:1958
xl2tpd[1958]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[1958]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[1958]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[1958]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[1958]: Listening on IP address 0.0.0.0, port 1701
Starting xl2tpd: xl2tpd.
Sep 11 02:31:15 CQ40 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Sep 11 02:31:16 CQ40 ipsec__plutorun: 002 added connection description “CUHK”
003 NAT-Traversal: Trying new style NAT-T
003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
003 NAT-Traversal: Trying old style NAT-T
104 “CUHK” #1: STATE_MAIN_I1: initiate
003 “CUHK” #1: received Vendor ID payload [RFC 3947] method set to=109
106 “CUHK” #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 “CUHK” #1: received Vendor ID payload [Cisco-Unity]
003 “CUHK” #1: received Vendor ID payload [Dead Peer Detection]
003 “CUHK” #1: ignoring unknown Vendor ID payload [dd4bef7cf49cdd8d64a70ddb632cbf57]
003 “CUHK” #1: received Vendor ID payload [XAUTH]
003 “CUHK” #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
108 “CUHK” #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 “CUHK” #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 “CUHK” #2: STATE_QUICK_I1: initiate
003 “CUHK” #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=4d323697
003 “CUHK” #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
004 “CUHK” #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xcbdfe529 <0x30c5657f xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
xl2tpd[1958]: Connecting to host vpn.cuhk.edu.hk, port 1701
xl2tpd[1958]: handle_avps: don't know how to handle atribute 110.
xl2tpd[1958]: handle_avps: don't know how to handle atribute 111.
xl2tpd[1958]: Connection established to 137.189.192.204, 1701. Local: 48691, Remote: 54684 (ref=0/0).
xl2tpd[1958]: Calling on tunnel 48691
xl2tpd[1958]: Call established with 137.189.192.204, Local: 30828, Remote: 5047, Serial: 1 (ref=0/0)
xl2tpd[1958]: start_pppd: I'm running:
xl2tpd[1958]: "/usr/sbin/pppd"
xl2tpd[1958]: "passive"
xl2tpd[1958]: "nodetach"
xl2tpd[1958]: ":"
xl2tpd[1958]: "file"
xl2tpd[1958]: "/etc/ppp/CUHK.options.xl2tpd"
xl2tpd[1958]: "/dev/pts/0"
pppd[2171]: Plugin passprompt.so loaded.
pppd[2171]: pppd 2.4.5 started by root, uid 0
pppd[2171]: Using interface ppp0
pppd[2171]: Connect: ppp0 /dev/pts/0
pppd[2171]: No response to PAP authenticate-requests
pppd[2171]: Connection terminated.
pppd[2171]: Exit.
xl2tpd[1958]: child_handler : pppd exited for call 5047 with code 19
xl2tpd[1958]: call_close: Call 30828 to 137.189.192.204 disconnected
xl2tpd[1958]: control_finish: Connection closed to 137.189.192.204, port 1701 (No application/session timer expired), Local: 48691, Remote: 54684
xl2tpd[1958]: Terminating pppd: sending TERM signal to pid 2171
From your log, it seems that you are almost there. I suggest you to try to uncheck all the protocols of EAP and left only PAP.
http://imageshack.us/photo/my-images/594/screenshotconnectionset.png/
http://imageshack.us/photo/my-images/823/screenshotconnectionset.png/
http://imageshack.us/photo/my-images/534/screenshotconnectionset.png/
http://imageshack.us/photo/my-images/190/screenshotconnectionset.png/
this is my current setting, i unchecked all the protocols except PAP and it is still not working, the log becomes like this
please help~~~~m(- -)m
ipsec_setup: Stopping Openswan IPsec…
xl2tpd[2928]: death_handler: Fatal signal 15 received
Stopping xl2tpd: xl2tpd.
ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.38-11-generic…
Sep 12 19:07:08 CQ40 ipsec__plutorun: Starting Pluto subsystem…
Sep 12 19:07:08 CQ40 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
recvref[22]: Protocol not available
xl2tpd[3211]: This binary does not support kernel L2TP.
Starting xl2tpd: xl2tpd.
xl2tpd[3213]: xl2tpd version xl2tpd-1.2.6 started on CQ40 PID:3213
xl2tpd[3213]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[3213]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[3213]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[3213]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[3213]: Listening on IP address 0.0.0.0, port 1701
Sep 12 19:07:08 CQ40 ipsec__plutorun: 002 added connection description “CUHK”
Sep 12 19:07:08 CQ40 ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
Sep 12 19:07:08 CQ40 ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Sep 12 19:07:08 CQ40 ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T
104 “CUHK” #1: STATE_MAIN_I1: initiate
003 “CUHK” #1: received Vendor ID payload [RFC 3947] method set to=109
106 “CUHK” #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 “CUHK” #1: received Vendor ID payload [Cisco-Unity]
003 “CUHK” #1: received Vendor ID payload [Dead Peer Detection]
003 “CUHK” #1: ignoring unknown Vendor ID payload [33aa879741ccfb4ded4fbfaf8cbd021b]
003 “CUHK” #1: received Vendor ID payload [XAUTH]
003 “CUHK” #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
108 “CUHK” #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 “CUHK” #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 “CUHK” #2: STATE_QUICK_I1: initiate
003 “CUHK” #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=151ddba0
004 “CUHK” #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x4ee71270 <0xac6febca xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
xl2tpd[3213]: Connecting to host vpn.cuhk.edu.hk, port 1701
xl2tpd[3213]: handle_avps: don't know how to handle atribute 110.
xl2tpd[3213]: handle_avps: don't know how to handle atribute 111.
xl2tpd[3213]: Connection established to 137.189.192.204, 1701. Local: 34142, Remote: 40572 (ref=0/0).
xl2tpd[3213]: Calling on tunnel 34142
xl2tpd[3213]: Call established with 137.189.192.204, Local: 35858, Remote: 6930, Serial: 1 (ref=0/0)
xl2tpd[3213]: start_pppd: I'm running:
xl2tpd[3213]: "/usr/sbin/pppd"
xl2tpd[3213]: "passive"
xl2tpd[3213]: "nodetach"
xl2tpd[3213]: ":"
xl2tpd[3213]: "file"
xl2tpd[3213]: "/etc/ppp/CUHK.options.xl2tpd"
xl2tpd[3213]: "/dev/pts/0"
pppd[3259]: Plugin passprompt.so loaded.
pppd[3259]: pppd 2.4.5 started by root, uid 0
pppd[3259]: Using interface ppp0
pppd[3259]: Connect: ppp0 /dev/pts/0
pppd[3259]: No response to PAP authenticate-requests
pppd[3259]: Connection terminated.
pppd[3259]: Exit.
xl2tpd[3213]: child_handler : pppd exited for call 6930 with code 19
xl2tpd[3213]: call_close: Call 35858 to 137.189.192.204 disconnected
Yes. I have tested it further on CUHK VPN and have similar result with you. After entered the correct password, the system will return No response to PAP authenticate-requests. Still can’t figure out what happens while the system settings work without problem with my dept. VPN.
Hi, I also use this tool by following this post: http://soeasytomakeitwork.wordpress.com/2014/05/02/set-up-a-l2tpipsec-vpn-connection-on-ubuntu-desktop/
However, after setting CUHK VPN of IE VPN, I get the following error
Dec 29 15:01:40 ivp ipsec_setup: …Openswan IPsec started
Dec 29 15:01:40 ivp pluto: adjusting ipsec.d to /etc/ipsec.d
Dec 29 15:01:40 ivp ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Dec 29 15:01:40 ivp ipsec__plutorun: 002 added connection description “CUHK”
Dec 29 15:01:40 ivp ipsec__plutorun: 002 added connection description “IE”
Dec 29 15:01:42 ivp wpa_supplicant[1287]: wlan0: CTRL-EVENT-SCAN-STARTED
Dec 29 15:01:43 ivp pppd[25902]: Script /etc/ppp/ip-up finished (pid 25913), status = 0x0
Dec 29 15:01:43 ivp pppd[25902]: Script /etc/ppp/ip-down started (pid 26261)
Dec 29 15:01:43 ivp xl2tpd[25826]: death_handler: Fatal signal 15 received
Dec 29 15:01:44 ivp pppd[25902]: Script /etc/ppp/ip-down finished (pid 26261), status = 0x1
Dec 29 15:01:44 ivp pppd[25902]: Exit.
Dec 29 15:01:44 ivp xl2tpd[26318]: setsockopt recvref[30]: Protocol not available
Dec 29 15:01:44 ivp xl2tpd[26318]: This binary does not support kernel L2TP.
Dec 29 15:01:44 ivp xl2tpd[26319]: xl2tpd version xl2tpd-1.3.6 started on ivp PID:26319
Dec 29 15:01:44 ivp xl2tpd[26319]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Dec 29 15:01:44 ivp xl2tpd[26319]: Forked by Scott Balmos and David Stipp, (C) 2001
Dec 29 15:01:44 ivp xl2tpd[26319]: Inherited by Jeff McAdams, (C) 2002
Dec 29 15:01:44 ivp xl2tpd[26319]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Dec 29 15:01:44 ivp xl2tpd[26319]: Listening on IP address 0.0.0.0, port 1701
Do you have any idea about this problem? Thank you!