Bosse_B
Posts: 621
Joined: Thu Jan 30, 2014 9:53 am

How to set up L2TP VPN server on RPi2 with Jessie?

Wed Oct 11, 2017 9:54 pm

I have just been hit by my VPN server being unrecognized by Apple devices when they update to iOS 10...
The VPN server has been running fine since 2014 using protocol PPTP. Now it does not work anymore for Apple devices but from Windows it still works fine..
So I need to set up something that is compatible with iPad and iOS 10 to connect to from the Internet.

The first choice on an iPhone VPN setup is L2TP and I have googled a bit to see if it exists on RPi.
What I have found are fairly incomplete or hard-to-follow old tutorials for setting up on an RPi, mostly running Wheezy.

So has someone here succeeded in making an L2TP VPN server on RPi2 Jessie working with Apple clients?
If so I would really need a hint to some kind of working howto on the net.
Thanks in advance!

PS: Should this better be asked in the Raspbian subforum?
Bo Berglund
Sweden

Bosse_B
Posts: 621
Joined: Thu Jan 30, 2014 9:53 am

Re: How to set up L2TP VPN server on RPi2 with Jessie?

Thu Oct 12, 2017 8:40 am

So far no reply, maybe I should move to Raspbian?

Anyway I found a tutorial which might be a bit old but mentions Jessie anyway.
L2TP VPN Server on Raspberry Pi
At the end of the configuration it states that I should do this to ensure services start at boot but it did not mention what the responses mean:

Code: Select all

pi@raspbian-pi2 ~ $ sudo update-rc.d -f ipsec remove
update-rc.d: using dependency based boot sequencing
pi@raspbian-pi2 ~ $ sudo update-rc.d ipsec defaults
update-rc.d: using dependency based boot sequencing
Does the message mean that whatever was meant to happen will not?

I did everything in the tutorial but failed to connect.
I have read the log but it is very long so I will only post if there is a request to do so...

I might add in case someone is wondering:
I do have PPTP VPN and OpenVPN servers installed and working on this RPi already.
The problem is that PPTP stopped working from Apple devices, so therefore I am trying to set up L2TP VPN server which is compatible with Apple devices.
Bo Berglund
Sweden

Bosse_B
Posts: 621
Joined: Thu Jan 30, 2014 9:53 am

Re: How to set up L2TP VPN server on RPi2 with Jessie?

Thu Oct 12, 2017 4:31 pm

More time to test:
I have rebooted the RPi at 10:46 and did 3 times a connection attempt from my Android phone using L2TP.
Happened at 10:52:30, 18:08:01 and 18:18:06 respectively
They were unsuccessful and when I looked in syslog I found this:

Code: Select all

  $ cat /var/log/syslog | grep xl2tpd
Oct 12 10:46:26 raspbian-pi2 xl2tpd[12381]: death_handler: Fatal signal 15 received
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2381]: setsockopt recvref[30]: Protocol not available
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2381]: This binary does not support kernel L2TP.
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2402]: xl2tpd version xl2tpd-1.3.1 started on raspbian-pi2 PID:2402
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2402]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2402]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2402]: Inherited by Jeff McAdams, (C) 2002
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2402]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 12 10:46:37 raspbian-pi2 xl2tpd[2402]: Listening on IP address 0.0.0.0, port 1701
Oct 12 10:52:30 raspbian-pi2 xl2tpd[2402]: control_finish: Denied connection to unauthorized peer 95.199.23.246
Oct 12 10:52:30 raspbian-pi2 xl2tpd[2402]: Connection 15196 closed to 95.199.23.246, port 50893 (No Authorization)
Oct 12 10:52:35 raspbian-pi2 xl2tpd[2402]: Unable to deliver closing message for tunnel 56536. Destroying anyway.
Oct 12 18:08:01 raspbian-pi2 xl2tpd[2402]: control_finish: Denied connection to unauthorized peer 95.199.23.246
Oct 12 18:08:01 raspbian-pi2 xl2tpd[2402]: Connection 43807 closed to 95.199.23.246, port 34890 (No Authorization)
Oct 12 18:08:06 raspbian-pi2 xl2tpd[2402]: Unable to deliver closing message for tunnel 65025. Destroying anyway.
Oct 12 18:18:08 raspbian-pi2 xl2tpd[2402]: control_finish: Denied connection to unauthorized peer 95.199.23.246
Oct 12 18:18:08 raspbian-pi2 xl2tpd[2402]: Connection 54318 closed to 95.199.23.246, port 40451 (No Authorization)
Oct 12 18:18:13 raspbian-pi2 xl2tpd[2402]: Unable to deliver closing message for tunnel 28531. Destroying anyway.
The last test was done after I opened the UDP port 1701 on the router and forwarded to the RPi, no difference...

Questions:
1) "This binary does not support kernel L2TP."
What does this mean?
2) "Listening on IP address 0.0.0.0, port 1701"
Why listen on address 0.0.0.0? Should it not be on its eth0 address?
And port 1701 was not in the list of ports to open in the linked tutorial, do I have to open that and if so is it UDP or TCP (I tested UDP with no success)

I listed the ports using netstat and found the ports listed like this:

Code: Select all

$ netstat -vatun
udp        0      0 127.0.0.1:500           0.0.0.0:*
udp        0      0 192.168.119.142:500     0.0.0.0:*
udp        0      0 10.8.0.1:500            0.0.0.0:*
udp        0      0 0.0.0.0:1701            0.0.0.0:*
udp        0      0 127.0.0.1:4500          0.0.0.0:*
udp        0      0 192.168.119.142:4500    0.0.0.0:*
udp        0      0 10.8.0.1:4500           0.0.0.0:*
The interesting part here is the way 1701 differs from the 500 and 4500 ports, only 0.0.0.0 is listed as being listened to...
Why?
And how do I fix the L2TP server so it works?
Bo Berglund
Sweden

Bosse_B
Posts: 621
Joined: Thu Jan 30, 2014 9:53 am

Re: How to set up L2TP VPN server on RPi2 with Jessie?

Fri Oct 13, 2017 3:13 pm

I don't have time for this anymore so I am ditching L2TP for now.
Found the iOS app "OpenVPN Connect" so the clients could use OpenVPN instead.
Just have to make a few more ovpn files for them, but that is manageable.
So I do have a solution anyway....
Bo Berglund
Sweden

Return to “Networking and servers”

Who is online

Users browsing this forum: No registered users and 15 guests