I have been given some details of a VPN I am meant to connect to, and can't for the life of me get it to work under Kubuntu.
The info I have been given is (fake values substituted where appropriate of course):
I have configured a new VPN account for you on our server.
Your login details are as follows:
IP address: 1.2.3.4 username: myfullname password: wordpass shared secret: XXXXXXXXXX
The connection type is L2TP.
Ensure that you select the option to send all traffic over the VPN.
I have tried 2 routes:
1) Using the KDE widget to configure this
2) Using config files to configure this
Using the widget:
I add the https://launchpad.net/~seriy-pr/+archive/network-manager-l2tp PPA, and install network-manager-l2tp.
Then, I add an L2TP connection and I come across the following fields (which I fill in):
Gateway (1.2.3.4)
User name: (myfullname)
Password: (wordpass)
Then I go into IPsec Settings, and (after checking "Enable IPSec tunnel to L2TP host):
Group Name
Gateway ID
Pre-shared Key
I fill in Pre-shared Key with XXXXXXXXXX, and click OK.
Then I try to connect, and get the following error:
"Necessary secrets for the VPN connection were not provided."
Using config files, and using https://www.elastichosts.com/support/tutorials/linux-l2tpipsec-vpn-client/ as a guide, I do the following:
I add the following to /etc/ipsec.conf:
config setup
....
protostack=netkey
plutoopts="--interface=wlan0"
....
conn tab-vpn
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftnexthop=%defaultroute
leftprotoport=17/1701
right=1.2.3.4
I add the following to /etc/ipsec.secrets:
%any 1.2.3.4: PSK "XXXXXXXXXX"
Then when I restart ipsec with:
sudo ipsec auto --up tab-vpn
I get:
104 "tab-vpn" #1: STATE_MAIN_I1: initiate
003 "tab-vpn" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
003 "tab-vpn" #1: received Vendor ID payload [RFC 3947] method set to=115
003 "tab-vpn" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
003 "tab-vpn" #1: ignoring Vendor ID payload [FRAGMENTATION]
003 "tab-vpn" #1: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
003 "tab-vpn" #1: ignoring Vendor ID payload [IKE CGA version 1]
106 "tab-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "tab-vpn" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
108 "tab-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "tab-vpn" #1: we require peer to have ID '1.2.3.4', but peer declares '192.168.122.2'
218 "tab-vpn" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
I and the server in question are behind the same firewall.
It SHOULD allow me to connect so I can move onto setting up the xl2tpd.conf options, but I don't get that far.
Help?
Best Answer
Try:
in
/etc/ipsec.conf
The
rightid
parameter can be used to specify the IP address that the server identifies itself as (ie. it's LAN IP address rather than the public IP address of the router).If the expected IP address and the IP address that the server identifies as don't match then ipsec abandons the connection attempt.