User avatar
MrHopscotch
Posts: 11
Joined: Thu Nov 27, 2014 2:47 am

Re: L2TP mini tutorial

Tue Jun 23, 2015 3:44 pm

A Mac OS X 10.10.3 client says "The L2TP-VPN server did not respond".

My public IP (not real one): 73.134.56.18
VPN server internal IP: 172.16.0.2
Gateway internal IP: 172.16.0.1

auth.log
http://pastebin.com/Z7TeSbKj

/etc/ipsec.conf
http://pastebin.com/L0s1Xs1T

Any help would be greatly appreciated.

My ipsec.conf contains errors in typing some IPs (127 instead of 172), and I fixed those and the problem persists the same.
Last edited by MrHopscotch on Tue Jun 23, 2015 10:49 pm, edited 1 time in total.

User avatar
DougieLawson
Posts: 30139
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: L2TP mini tutorial

Tue Jun 23, 2015 4:30 pm

You can't route 127.xxx.xxx.xxx/8 addresses. They are LOCALHOST only.

Change them to 172.16.xxx.xxx/12 (netmask == 255.240.0.0) addresses which are one of the private networks (like 10.xxx.xxx.xxx/8 and 192.168.xxx.xxx/24).

Your problems are probably a wrong netmask somewhere at one end or the other. If you don't have an explicit netmask then some TCP/IP stacks will make assumptions based on the top octet of the dotted decimal address.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

User avatar
MrHopscotch
Posts: 11
Joined: Thu Nov 27, 2014 2:47 am

Re: L2TP mini tutorial

Tue Jun 23, 2015 5:56 pm

Thank you for your suggestions. I made the changes you suggested. The vendor ID related messages persist, but after them in auth.log a new message is showing up. Hopefully it is because fixing a previous problem exposed another one.

Code: Select all

message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
This is followed by one entry of another message.

Code: Select all

sending notification INVALID_PAYLOAD_TYPE to 67.84.123.34:500
What should be done from here?

bing69
Posts: 4
Joined: Wed Jun 24, 2015 7:16 am

Re: L2TP mini tutorial

Wed Jun 24, 2015 7:29 am

Finally I was able to install a functioning L2TP, thanks to openswan.
Can do everything on my LAN, but unfortunately I can not from my LAN again outside. :oops:
What can I do about it?

Thanks for helping!

bing69
Posts: 4
Joined: Wed Jun 24, 2015 7:16 am

Re: L2TP mini tutorial

Fri Jun 26, 2015 12:03 pm

Nobody??

bing69
Posts: 4
Joined: Wed Jun 24, 2015 7:16 am

Re: L2TP mini tutorial

Sat Jul 04, 2015 11:32 am

Really nobody??

jurmelius
Posts: 85
Joined: Sun Jul 22, 2012 7:00 pm

Re: L2TP mini tutorial

Thu Jul 16, 2015 7:43 am

Hi there.
Thanx for this instruction on how to build L2TP PSK VPN server out from Rpi. :D

I have managed to build RPi OpenVPN server that works great, and my Synology DS413 NAS device has also openVPN & L2TP VPN server build in, So RPi is just an excerzise.

Have ANYONE tested will this VPN server work with Windows Phone 8.1 Update 1 or better?

My Lumia 1020 does not connect to Synology's L2TP server for some reason, though Android does. I really think Lumia's VPN client is broken somwhow.
Last edited by jurmelius on Thu Jul 16, 2015 10:06 am, edited 1 time in total.

jurmelius
Posts: 85
Joined: Sun Jul 22, 2012 7:00 pm

Re: L2TP mini tutorial

Thu Jul 16, 2015 9:07 am

bing69 wrote:Really nobody??
NAT-rules wrong/operator blocking.

gpecurto
Posts: 1
Joined: Fri Oct 09, 2015 11:30 am

Re: L2TP mini tutorial

Fri Oct 09, 2015 11:32 am

gives this error on
'sudo /etc/init.d/ipsec restart'

failed to start openswan IKE daemon - the following error occured:
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:10: syntax error, unexpected VERSION, expecting $end [version]

###EDITED###
Sorry I had 2 lines with
"version 2.0"...
Just removed and solved it...

bing69
Posts: 4
Joined: Wed Jun 24, 2015 7:16 am

Re: L2TP mini tutorial

Sat Oct 17, 2015 8:26 am

jurmelius wrote:
bing69 wrote:Really nobody??
NAT-rules wrong/operator blocking.
Can you give me more information?

eymas
Posts: 12
Joined: Wed Apr 17, 2013 2:56 pm

Re: L2TP mini tutorial

Mon Nov 09, 2015 8:39 am

I've followed this tutorial lately as an upgrade to my previous PPTP VPN, yet I cannot connect and somehow; there's not even a single error anywhere.

When using a Windows 10 PC as a client, it does mention that it cannot connect to the server. While I am confident this does work as I can SSH into it, I don't know where to look for the problem either. The ports have been properly forwarded.

Any advice on how I could discover where the issue lies?

Lemstrom
Posts: 1
Joined: Sun Jun 05, 2016 6:21 pm

Re: L2TP mini tutorial

Sun Jun 05, 2016 6:31 pm

Hi
I have a question, I got everything to work with my raspberry PI but when I had a power failure last night I had to go in manually to restart to get my vpn to work again. Can I please have some suggestions how I can fix this, have tried to type in the commands in rc and so on but can't get it to work, any help will be welcome, am a nob on Linux and Debian ;)
Lemstrom

daz.uk
Posts: 6
Joined: Sat Mar 15, 2014 10:11 am
Location: Leeds, UK
Contact: Website

Re: L2TP mini tutorial

Mon Jul 25, 2016 6:34 am

Thanks for tutorial.

From unknown reason, it didn't work for me on the beginning.
Manage to connect when noNAT but not when on NAT

Just removed

Code: Select all

rightsubnet=vhost:%priv
And all is working :)

RPi_new
Posts: 2
Joined: Fri Sep 30, 2016 10:42 am

Re: L2TP mini tutorial

Fri Sep 30, 2016 10:52 am

Hi

I have config. af RPi as a L2TP VPN server and opened port 500 UDP, 1701 TCP/UDP and 4500 UDP to the IP address of my RPi. When I make a test from my iOS devices to RPi over Wi-Fi with the internal IP 192.168.x.x as serveraddress, it´s working fine. :D

But when I make a test from my iOS devices to RPi over 3G/4G with the external IP 2.105.x.x as serveraddress, it´s not working at all. :x

I have also tried to set my RPi in DMZ zone and with another router, but it still not working :cry:

What have I done wrong?...

/RPi_new

RPi_new
Posts: 2
Joined: Fri Sep 30, 2016 10:42 am

Re: L2TP mini tutorial

Sat Oct 01, 2016 5:47 am

RPi_new wrote:Hi

I have config. af RPi as a L2TP VPN server and opened port 500 UDP, 1701 TCP/UDP and 4500 UDP to the IP address of my RPi. When I make a test from my iOS devices to RPi over Wi-Fi with the internal IP 192.168.x.x as serveraddress, it´s working fine. :D

But when I make a test from my iOS devices to RPi over 3G/4G with the external IP 2.105.x.x as serveraddress, it´s not working at all. :x

I have also tried to set my RPi in DMZ zone and with another router, but it still not working :cry:

What have I done wrong?...

/RPi_new
Hi I have solved some of the problems :D - Now I can connect to my RPi from outside and work on inside systems and PC/MAC. I just ´"REMARK" this line rightsubnet=vhost:%priv :lol:

BUT.... I can´t "connect"/go to the internet locally from my iOS device when I´m connected via VPN, I have tryed with "force all traffic" ON and OFF. Is´t possible to change that?...

/RPi_new

Bosse_B
Posts: 621
Joined: Thu Jan 30, 2014 9:53 am

Re: L2TP mini tutorial

Thu Oct 12, 2017 4:50 pm

REVIVING THIS THREAD...
I have tried to add L2TP VPN capability to my RPi2 used as my VPN server.
It already runs PPTP and OpenVPN fine and PPTP was used by Apple clients until recently when it stopped working.
Turned out that Apple discontinued support for PPTP VPN in iOS 10....
And running OpenVPN is not native in iOS whereas L2TP is.
So I decided to try and get an L2TP server running on my RPi2 with Raspbian Jessie.

I found this thread, but the instructions were geared towards Wheezy and so the service handling is not the same.
Then I found a blog named L2TP VPN Server on Raspberry Pi, which turns out to be a derivative of this thread's tutorial.

I have followed it but have not gotten it to work yet.
So I posted a thread of my own for this problem, could you please have a look and advice what to do to get it running?
It feels like there is not much remaining but some crucial step still needs to be taken?

SOME TIME LATER...

Had to ditch this attempt cause I never got it to work.
Luckily Apple AppStore has an app named OpenVPN Connect, which can be used on an iPhone and iPad to connect. I tested on my wife's iPhone and it worked just fine. So no need to mess with L2TP at all.
Bo Berglund
Sweden

dokohler
Posts: 1
Joined: Sat Nov 18, 2017 12:41 pm

Re: L2TP mini tutorial

Sat Nov 18, 2017 12:51 pm

I found this thread and still, even if it's pretty old, it's really easy to setup the server with this tutorial. BUT, there are two important notes:


First: Openswan seems broken in the latest release on raspberry. Use an old version instead:

Code: Select all

$ wget http://snapshot.raspbian.org/201403301125/raspbian/pool/main/o/openswan/openswan_2.6.37-3_armhf.deb
$ sudo dpkg -i openswan_2.6.37–3_armhf.deb
Second:
If you're connecting with windows, make shure you enable this options:
vpn-properties.png
vpn-properties.png (92.87 KiB) Viewed 7 times
Source: https://github.com/hwdsl2/setup-ipsec-vpn/issues/7

(Windows Error: the connection was terminated by the remote computer before it could be completed)


You may consider this tutorial as well, if you have any troubles: https://ritazh.com/setup-your-own-l2tp- ... 0d3d4df04c

Return to “Networking and servers”

Who is online

Users browsing this forum: Burngate and 25 guests