VPN Client OpenSwan

Issues related to configuring your network
nesa1212
Posts: 10
Joined: 2017/02/17 03:36:15

VPN Client OpenSwan

Postby nesa1212 » 2017/07/08 08:29:19

I have VPN server using Openswan with address 103.19.208.247

Then, i want connect my laptop (CENTOS) with IP 103.19.208.243 to VPN server. Here my configuration:

/etc/ipsec.conf

Code: Select all

 config setup
    protostack=netkey
    dumpdir=/var/run/pluto
    nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4: 25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
    conn L2TP-PSK
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    ikelifetime=8h
    rekey=no
    type=transport
    left=103.19.208.243
    leftprotoport=17/1701
    right=103.19.208.247
    rightprotoport=17/1701
    dpddelay=10
    dpdtimeout=90
    dpdaction=clear


/etc/ipsec.secrets

Code: Select all

103.19.208.243 103.19.208.247: PSK "vpnku"


/etc/xl2tpd/xl2tpd.conf

Code: Select all

 [lac vpn-connection]
    lns=103.19.208.247
    ppp debug = yes
    pppoptfile = /etc/ppp/options.xl2tpd
    length bit = yes


/etc/ppp/options.xl2tpd

Code: Select all

  ipcp-accept-local
    ipcp-accept-remote
    require-mschap-v2
    refuse-pap
    ms-dns 8.8.8.8
    noccp
    auth
    crtscts
    idle 1800
    mtu 1410
    mru 1410
    nodefaultroute
    debug
    lock
    proxyarp
    connect-delay 5000
    name lele (myvpn username)
    password nana1234 (my vpn password)


and when i type:ipsec auto --up L2TP-PSK

002 "L2TP-PSK" #10: initiating Quick Mode PSK+ENCRYPT+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:ed53b5a6 proposal=defaults pfsgroup=no-pfs}
117 "L2TP-PSK" #10: STATE_QUICK_I1: initiate
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 500ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 1000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 2000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 4000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 8000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 16000ms for response
010 "L2TP-PSK" #10: STATE_QUICK_I1: retransmission; will wait 32000ms for response
031 "L2TP-PSK" #10: max number of retransmissions (8) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
000 "L2TP-PSK" #10: starting keying attempt 2 of at most 3, but releasing whack


What should i do to solve this problem to connect my VPNServer?

Thank you

Whoever
Posts: 952
Joined: 2013/09/06 03:12:10

Re: VPN Client OpenSwan

Postby Whoever » 2017/07/08 16:10:17

If you have control of both the client and server, I strongly recommend that you drop the IPSEC-based VPN and use OpenVPN. There are packages for this in the EPEL repo. Configuration is much easier. Issues such as firewall configuration are much simpler.

nesa1212
Posts: 10
Joined: 2017/02/17 03:36:15

Re: VPN Client OpenSwan

Postby nesa1212 » 2017/07/09 23:59:57

Whoever wrote:If you have control of both the client and server, I strongly recommend that you drop the IPSEC-based VPN and use OpenVPN. There are packages for this in the EPEL repo. Configuration is much easier. Issues such as firewall configuration are much simpler.




I want that but i must to connect that with openswan. I tried to find solution on Google but i can't found. What should i do to solve that problem?

FinnJoye2
Posts: 4
Joined: 2017/11/09 12:19:59

Re: VPN Client OpenSwan

Postby FinnJoye2 » 2017/11/11 09:19:49

Whoever wrote:If you have control of both the client and server, I strongly recommend that you drop the IPSEC-based VPN and use OpenVPN. There are packages for this in the EPEL repo. Configuration is much easier. Issues such as firewall configuration are much simpler.


OpenVPN is the best way to solve this issue, i have tried and fixed it :)