Page 1 of 1
L2tp VPN Server HELP!
Posted: Sun Apr 06, 2014 2:21 am
by Malekith
Hi all,
I have been trying to get my raspberry pi to be an L2TP vpn server and have had no luck.
I was able to get this to work about 5 months ago but now it just wont work.
I have tried both of the tutorials below:
http://linux.tips/tutorials/how-to-setu ... #comment-2
http://willitscript.com/post/4035740864 ... vpn-server
and for some reason i cant get them to work.
i have checked the ipsec verify and all is good there, i alos checked the /var/log/auth.log and it seems to be getting a request from my iphone but just wont let it connect.
this is the /var/log/auth.log information:
Code: Select all
raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx received Vendor ID payload [RFC 3947] method set to=109
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Apr 6 02:16:06 raspberrypi pluto[3498]: packet from xx.xxx.x.xxx:xxxxx: received Vendor ID payload [Dead Peer Detection]
Apr 6 02:16:06 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: responding to Main Mode from unknown peer xx.xxx.x.xxx
Apr 6 02:16:06 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 6 02:16:06 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 6 02:16:06 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:06 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: sending notification INVALID_PAYLOAD_TYPE to 49.196.7.220:36613
Apr 6 02:16:10 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:10 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: sending notification INVALID_PAYLOAD_TYPE to 49.196.7.220:36613
Apr 6 02:16:13 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:13 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: sending notification INVALID_PAYLOAD_TYPE to xx.xxx.x.xxx:xxxxx
Apr 6 02:16:16 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:16 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: sending notification INVALID_PAYLOAD_TYPE to 49.196.7.220:36613
Apr 6 02:16:16 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:16 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx#2: sending notification INVALID_PAYLOAD_TYPE to xx.xxx.x.xxx:xxxxx
Apr 6 02:16:29 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:29 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: sending notification INVALID_PAYLOAD_TYPE to xx.xxx.x.xxx:xxxxx
Apr 6 02:16:36 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Apr 6 02:16:36 raspberrypi pluto[3498]: "L2TP-PSK-NAT"[2] xx.xxx.x.xxx #2: sending notification INVALID_PAYLOAD_TYPE to xx.xxx.x.xxx:xxxxx
xx.xxx.x.xxx:xxxxx being my iphones ip address at the time.
i am running the latest rasbian wheezy from the raspberry pi website 06/04/2014.
can someone please shed some light on what my be going wrong?
thanks in advance!
Re: L2tp VPN Server HELP!
Posted: Sun Apr 06, 2014 11:05 pm
by confounded
I came across this issue tonight when I upgraded OpenSwan. I fixed it by reverting to the previous version:
Code: Select all
wget http://snapshot.raspbian.org/201403301125/raspbian/pool/main/o/openswan/openswan_2.6.37-3_armhf.deb
sudo dpkg -i openswan_2.6.37-3_armhf.deb
Re: L2tp VPN Server HELP!
Posted: Mon Apr 07, 2014 2:02 am
by gunner10
Hi,
I'm having the exact same problem. I followed the same tutorial today from scratch for the first time and it doesn't work for me either. Error messages are the same.
I hope someone could help out with this.
Thanks
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 12:54 am
by gunner10
Hi confounded,
I ran those commands as you suggested but I'm still not able to connect.
Here is my /var/log/auth.log while trying to connect from my ipad.
Code: Select all
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: received Vendor ID payload [RFC 3947] method set to=109
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Apr 9 01:46:51 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:500: received Vendor ID payload [Dead Peer Detection]
Apr 9 01:46:51 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: responding to Main Mode from unknown peer xxx.xxx.99.191
Apr 9 01:46:51 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 9 01:46:51 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.6'
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[11] xxx.xxx.99.191 #13: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.99.191 {isakmp=#0/ipsec=#0}
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: new NAT mapping for #13, was xxx.xxx.99.191:500, now xxx.xxx.99.191:4500
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Apr 9 01:46:52 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: Dead Peer Detection (RFC 3706): enabled
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: Applying workaround for Mac OS X NAT-OA bug, ignoring proposed subnet
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: the peer proposed: xxx.xxx.172.52/32:17/1701 -> xxx.xxx.99.191/32:17/0
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: responding to Quick Mode proposal {msgid:5d8a3f75}
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: us: 192.168.0.14<192.168.0.14>[+S=C]:17/1701
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: them: xxx.xxx.99.191[192.168.1.6,+S=C]:17/61932
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 9 01:46:53 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 9 01:46:54 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: Dead Peer Detection (RFC 3706): enabled
Apr 9 01:46:54 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 9 01:46:54 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #14: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x035f96cb <0x42727f16 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=xxx.xxx.99.191:4500 DPD=enabled}
Apr 9 01:47:14 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: received Delete SA(0x035f96cb) payload: deleting IPSEC State #14
Apr 9 01:47:14 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: received and ignored informational message
Apr 9 01:47:14 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191 #13: received Delete SA payload: deleting ISAKMP State #13
Apr 9 01:47:14 raspberrypi pluto[2798]: "L2TP-PSK-NAT"[12] xxx.xxx.99.191: deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.99.191 {isakmp=#0/ipsec=#0}
Apr 9 01:47:14 raspberrypi pluto[2798]: packet from xxx.xxx.99.191:4500: received and ignored informational message
Any help or suggestions would be appreciated. Been trying to get a VPN setup working on my Pi for a few weeks now. Setup the L2TP VPN the other day from scratch and still can't get it working.
Thanks,
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 1:22 am
by Malekith
Hi gunner10,
I used the code given by confounded, and was unable to get it to install,
I then found that i had to run:
To get the old dependencies. Once i had done that i was able to run confounded's code to install openswan.
Please note that is you are using the
http://willitscript.com/post/4035740864 ... vpn-server tutorial, or even the
http://linux.tips/tutorials/how-to-setu ... #comment-2 tutorial you need to take out the openswan, from the line
Code: Select all
sudo apt-get install openswan xl2tpd ppp lsof
Therefore you should only run,
Code: Select all
sudo apt-get install xl2tpd ppp lsof
If you didnt take the openswan out you may have re-installed the newer version of openswan. I know that sounds silly but i'll admit i have done it before.
Once I finished the install, my vpn was back to normal, thanks confounded!!
Hope others are able to get this back up and running!
Regards,
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 1:34 am
by gunner10
Hi Malekith,
After running confounded's code, did you then proceed to follow all the steps in the tutorial from scratch?
I just run the code, which looked to install fine. After that I haven't done anything.
I've only used this tutorial
http://linux.tips/tutorials/how-to-setu ... #comment-2 but all the configuration was done before I ran confounded's code.
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 1:58 am
by Malekith
Gunner10,
I used that tutorial to start off, but then decided to start from scratch using the will it script tutorial.
I ran the tutorial as normal, i may have not run the apt-get upgrade(sorry i cant remember) however at the start i did the following,
Code: Select all
apt-get install -f
wget http://snapshot.raspbian.org/201403301125/raspbian/pool/main/o/openswan/openswan_2.6.37-3_armhf.deb
sudo dpkg -i openswan_2.6.37-3_armhf.deb
sudo apt-get install xl2tpd ppp lsof
and then followed on with the installation.
Please note that with these tutorials you need to read everything and make sure you read the code that you are pasting in. The reason i say this is when pasting the code in, the IP addresses will be wrong. My IP range was different so i had to change parts of the code. Again i know this sounds silly, but i installed it with the wrong IP addresses because i was rushing it.
If you need more help, please ask and i will see what i can do. I'm no expert on Linux, but I've stuffed this up enough times to know some problems haha.
Regards,
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 2:36 am
by gunner10
Thanks for all your help guys.
Ok so I've finally got it working.
What I did was follow the 'Adding Users' section in the Will It Script tutorial. Once I added the user account I was able to connect.
However, I had another user account setup only in the /etc/ppp/chap-secrets file which I setup when trying out PPTP VPN, I am able to use this account to authenticate also so I'm not sure what's going on.
I also added the 'sudo update-rc.d ipsec defaults' and 'sudo update-rc.d xl2tpd defaults' however after a 'sudo reboot' I can't connect until I run 'sudo /etc/init.d/ipsec restart' and 'sudo /etc/init.d/xl2tpd restart' so I'm not sure what's going on there.
The other issue I have which I'm not sure you can help with is I can't connect to the VPN from my Windows 7 machine. Any ideas?
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 3:46 am
by Malekith
I havent actually tried to connect from a computer running windows, only from idevices.
are you using a domain? or are you just typing in your ip address?
In regards to the "sudo update-rc.d" i have not yet restarted my pi, i will do this tonight when i get home and see if it is the same for me.
Regards,
Re: L2tp VPN Server HELP!
Posted: Wed Apr 09, 2014 5:21 am
by gunner10
I have dynamic dns setup on the router where the Pi is located and port forwarding set to forward the port to the Pi on the internal network.
So when I setup the VPN clients, I use my dynamic dns address.
I can see the windows client trying to connect in the auth.log, similar to when it wasn't working previously, but it doesn't connect. My iPhone and iPad connect fine now which is great.
Re: L2tp VPN Server HELP!
Posted: Thu Apr 10, 2014 2:29 am
by Malekith
Hi Gunner10,
Last night i rebooted my raspberry pi and then tried to connect to the vpn. Mine was successful. I'm not sure why your set up is not saving the rc.d defaults. Hopefully someone with better knowledge of linux will be able to help you.
In regards to the connection from windows, i haven't been able to test this yet. I am hoping to test this today. Once i have the results ill let you know.
Regards,
Re: L2tp VPN Server HELP!
Posted: Fri Apr 11, 2014 2:13 am
by Malekith
Hi Gunner10,
I tested the VPN through windows 7 yesterday, I too am unable to get it to connect. I am not sure what is stopping this from happening. Hopefully someone on this forum will be able to shed some light on the situation.
Regards,
Re: L2tp VPN Server HELP!
Posted: Sat Apr 12, 2014 11:15 am
by ijhammo
confounded wrote:I came across this issue tonight when I upgraded OpenSwan. I fixed it by reverting to the previous version:
Code: Select all
wget http://snapshot.raspbian.org/201403301125/raspbian/pool/main/o/openswan/openswan_2.6.37-3_armhf.deb
sudo dpkg -i openswan_2.6.37-3_armhf.deb
I can confirm this got it working again for me. Many thanks confounded
Re: L2tp VPN Server HELP!
Posted: Mon Apr 14, 2014 12:58 pm
by Wezlo
I did revert to a previous version, as per instructions, but as far as I can tell the older version is dependent on an older version of openssl which is still susceptible to heartbleed - am I wrong on this?
Re: L2tp VPN Server HELP!
Posted: Wed Apr 16, 2014 5:21 am
by Malekith
I am not sure about that? can someone please advice on the heartbleed and openssl issue?
thanks
Re: L2tp VPN Server HELP!
Posted: Wed Apr 16, 2014 8:36 am
by DougieLawson
Malekith wrote:I am not sure about that? can someone please advice on the heartbleed and openssl issue?
thanks
Search the forum. There's been plenty of threads about heartbleed. We don't need another.
Re: L2tp VPN Server HELP!
Posted: Tue Apr 29, 2014 1:27 pm
by Pikantje
Hi Guys,
I had my Pi just set up to function as a VPN server via openswan, and had tested it once; A couple of days later however it did not work anymore. Going through the forum I came across this item an read about doing a 'reverse' action, installing an older version of openswan:
wget http://snapshot.raspbian.org/2014033011 ... _armhf.deb
sudo dpkg -i openswan_2.6.37-3_armhf.deb
And indeed, this solved the problem. And the VPN still works, but with the old version.
Has anybody yet found out how to get the VPN working again using the most recent version op openswan?
Best regards,
Jan.
HELP HELP: still nobody with the same problem? I still have it.... Any help is appreciated!!!
Re: L2tp VPN Server HELP!
Posted: Thu May 22, 2014 2:39 pm
by Pikantje
Help help help.... Am I the only person having this problem? Any help appreciated.
regards,
Jan.
Re: L2tp VPN Server HELP!
Posted: Tue Jun 10, 2014 12:38 am
by Malekith
Hi,
I have still not found out if the vpn is now working on the new OpenSwan. has anyone been able to test this?
regards,
Re: L2tp VPN Server HELP!
Posted: Wed Jun 18, 2014 12:02 am
by jhenkens
Hey all,
I used to use a bunch of debian packages to get an L2TP VPN working, but it always sucked, even after days of configuration. This winter I found out about softether and have switched to using that as my VPN. It is much, much more solid. I have even put together some scripts which work in setting up the VPN from a scratch Raspbian install (I use raspbian-ua-netinst).
The only things you need to do beforehand are set up your user account (you shouldn't be using root for everything on your pi!), make sure the user account has sudo permissions, and then follow the readme.
https://gist.github.com/jhenkens/11190151
Re: L2tp VPN Server HELP!
Posted: Tue Feb 24, 2015 3:16 pm
by simple-simon
I attempted the willitscript tutorial with Wifi and came across a few issues, which I think I have solved, BUT and this is a big caveat I am a newbie so I don't know whether this is the right approach.
First problem was the version of openswan as posted above by confounded, which I could see the symptoms in /var/log/auth.log as :
message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Following confounded's advice fixed this but...
Second problem was IOS Client, which I could see in auth.log as:
ENCAPSULATION_MODE_UDP_TRANSPORT_RFC must only be used if NAT-Traversal is detected
This I found here:
https://issues.apache.org/jira...
which meant putting
in /etc/ipsec.conf under the connection (conn L2TP-PSK). This may disable all non IOS and Mac OSX client as I have seen some comments on this.
With those two the VPN sets up but then I lose connection to the network which appears to be when an ifplug event happens (not sure I understand that fully) but when this happens /etc/ifplugd/action.d/action_wpa is run. Some posts suggested renaming this file which looked a bit hacky to me so I tried changing my /etc/network/interfaces line which has wpa-roam… to wpa-conf (
http://superuser.com/questions... - [ignore that it is for openvpn the event is the same]). This disabled my wifi completely. Finally I found that I needed to static my IP properly by finding this:
http://raspberrypi.stackexchan... which gave me the right combination of wpa-conf and getting my static ip right.
I hope this helps.
One more thing I found this item (
http://linux.tips/tutorials/ho... on putting settings in rc.local don't know whether it is right or not but I have done that and it seems to work.