here is to content of my /etc/ipsec.conf
and my /etc/xl2tpd.conf file contents# ipsec.conf - strongSwan IPsec configuration file
config setup
uniqueids=no
charondebug="cfg 2, dmn 2, ike 2, net 0"
conn %default
dpdaction=clear
dpddelay=300s
rekey=no
left=%defaultroute
leftfirewall=yes
right=%any
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
auto=add
#######################################
# L2TP Connections
#######################################
conn L2TP-IKEv1-PSK
type=transport
keyexchange=ikev1
authby=secret
leftprotoport=udp/l2tp
left=%any
right=%any
rekey=no
forceencaps=yes
#######################################
# Default non L2TP Connections
#######################################
conn Non-L2TP
leftsubnet=0.0.0.0/0
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.0/24
#######################################
# EAP Connections
#######################################
# This detects a supported EAP method
conn IKEv2-EAP
also=Non-L2TP
keyexchange=ikev2
eap_identity=%any
rightauth=eap-dynamic
#######################################
# PSK Connections
#######################################
conn IKEv2-PSK
also=Non-L2TP
keyexchange=ikev2
authby=secret
# Cisco IPSec
conn IKEv1-PSK-XAuth
also=Non-L2TP
keyexchange=ikev1
leftauth=psk
rightauth=psk
rightauth2=xauth
iptables configuration[global]
port = 1701
auth file = /etc/ppp/chap-secrets
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
[lns default]
ip range = 10.1.0.2-10.1.0.254
local ip = 10.1.0.1
require chap = yes
refuse pap = yes
require authentication = no
name = l2tpd
;ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/rc.local file contents# Generated by iptables-save v1.4.7 on Mon Oct 2 01:49:34 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [444:44850]
-A INPUT -s 10.0.0.0/24 -i ppp0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1701 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 4500 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i eth0 -j ACCEPT
COMMIT
# Completed on Mon Oct 2 01:49:34 2017
# Generated by iptables-save v1.4.7 on Mon Oct 2 01:49:34 2017
*nat
:PREROUTING ACCEPT [10:1020]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -j SNAT --to-source 158.69.206.22
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -o ppp0 -j MASQUERADE
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -j SNAT --to-source 158.69.206.22
-A POSTROUTING -j SNAT --to-source 10.0.0.0
-A POSTROUTING -j SNAT --to-source 10.1.0.1
COMMIT
# Completed on Mon Oct 2 01:49:34 2017
As stated previously even with the firewall turned off the VPN still has no internet access
/etc/sysctl.conf file contents#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
and the output of getinfo.sh# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
If anyone could help me resolve this that would be awesome like i said i have been going at this for the better part of 6+ hours nowInformation for general problems.Code: Select all
== BEGIN uname -rmi == 2.6.32-696.6.3.el6.x86_64 x86_64 x86_64 == END uname -rmi == == BEGIN rpm -qa \*-release\* == epel-release-6-8.noarch centos-release-6-9.el6.12.3.x86_64 == END rpm -qa \*-release\* == == BEGIN cat /etc/redhat-release == CentOS release 6.9 (Final) == END cat /etc/redhat-release == == BEGIN getenforce == Disabled == END getenforce == == BEGIN free -m == total used free shared buffers cached Mem: 3736 860 2875 0 44 677 -/+ buffers/cache: 138 3597 Swap: 0 0 0 == END free -m == == BEGIN rpm -qa yum\* rpm-\* python | sort == python-2.6.6-66.el6_8.x86_64 rpm-libs-4.8.0-55.el6.x86_64 rpm-python-4.8.0-55.el6.x86_64 yum-3.2.29-81.el6.centos.noarch yum-metadata-parser-1.1.2-16.el6.x86_64 yum-plugin-fastestmirror-1.1.30-40.el6.noarch yum-plugin-security-1.1.30-40.el6.noarch yum-utils-1.1.30-40.el6.noarch == END rpm -qa yum\* rpm-\* python | sort == == BEGIN ls /etc/yum.repos.d == CentOS-Base.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Vault.repo CentOS-Vault.repo.rpmnew epel.repo epel-testing.repo == END ls /etc/yum.repos.d == == BEGIN cat /etc/yum.conf == [main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=5 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=19&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release # This is the default, if you make this bigger yum won't see if the metadata # is newer on the remote and so you'll "gain" the bandwidth of not having to # download the new metadata and "pay" for it by yum not having correct # information. # It is esp. important, to have correct metadata, for distributions like # Fedora which don't keep old packages around. If you don't like this checking # interupting your command line usage, it's much better to have something # manually check the metadata once an hour (yum-updatesd will do this). # metadata_expire=90m # PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d == END cat /etc/yum.conf == == BEGIN yum repolist all == Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * epel: mirror.csclub.uwaterloo.ca repo id repo name status C6.0-base CentOS-6.0 - Base disabled C6.0-centosplus CentOS-6.0 - CentOSPlus disabled C6.0-contrib CentOS-6.0 - Contrib disabled C6.0-extras CentOS-6.0 - Extras disabled C6.0-updates CentOS-6.0 - Updates disabled C6.1-base CentOS-6.1 - Base disabled C6.1-centosplus CentOS-6.1 - CentOSPlus disabled C6.1-contrib CentOS-6.1 - Contrib disabled C6.1-extras CentOS-6.1 - Extras disabled C6.1-updates CentOS-6.1 - Updates disabled C6.2-base CentOS-6.2 - Base disabled C6.2-centosplus CentOS-6.2 - CentOSPlus disabled C6.2-contrib CentOS-6.2 - Contrib disabled C6.2-extras CentOS-6.2 - Extras disabled C6.2-updates CentOS-6.2 - Updates disabled C6.3-base CentOS-6.3 - Base disabled C6.3-centosplus CentOS-6.3 - CentOSPlus disabled C6.3-contrib CentOS-6.3 - Contrib disabled C6.3-extras CentOS-6.3 - Extras disabled C6.3-updates CentOS-6.3 - Updates disabled C6.4-base CentOS-6.4 - Base disabled C6.4-centosplus CentOS-6.4 - CentOSPlus disabled C6.4-contrib CentOS-6.4 - Contrib disabled C6.4-extras CentOS-6.4 - Extras disabled C6.4-updates CentOS-6.4 - Updates disabled C6.5-base CentOS-6.5 - Base disabled C6.5-centosplus CentOS-6.5 - CentOSPlus disabled C6.5-contrib CentOS-6.5 - Contrib disabled C6.5-extras CentOS-6.5 - Extras disabled C6.5-updates CentOS-6.5 - Updates disabled C6.6-base CentOS-6.6 - Base disabled C6.6-centosplus CentOS-6.6 - CentOSPlus disabled C6.6-contrib CentOS-6.6 - Contrib disabled C6.6-extras CentOS-6.6 - Extras disabled C6.6-updates CentOS-6.6 - Updates disabled base CentOS-6 - Base enabled: 6,706 base-debuginfo CentOS-6 - Debuginfo disabled c6-media CentOS-6 - Media disabled centosplus CentOS-6 - Plus disabled contrib CentOS-6 - Contrib disabled *epel Extra Packages for Enterprise Linux 6 - x enabled: 12,407 epel-debuginfo Extra Packages for Enterprise Linux 6 - x disabled epel-source Extra Packages for Enterprise Linux 6 - x disabled epel-testing Extra Packages for Enterprise Linux 6 - T disabled epel-testing-debuginfo Extra Packages for Enterprise Linux 6 - T disabled epel-testing-source Extra Packages for Enterprise Linux 6 - T disabled extras CentOS-6 - Extras enabled: 46 fasttrack CentOS-6 - fasttrack disabled updates CentOS-6 - Updates enabled: 663 repolist: 19,822 == END yum repolist all == == BEGIN egrep 'include|exclude' /etc/yum.repos.d/*.repo == == END egrep 'include|exclude' /etc/yum.repos.d/*.repo == == BEGIN sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n == == END sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n == == BEGIN cat /etc/fstab == # # /etc/fstab # Created by anaconda on Fri Mar 3 14:56:02 2017 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/sda1 / ext4 errors=remount-ro,discard 1 1 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 == END cat /etc/fstab == == BEGIN df -h == Filesystem Size Used Avail Use% Mounted on /dev/sda1 50G 1.7G 45G 4% / tmpfs 1.9G 0 1.9G 0% /dev/shm == END df -h == == BEGIN fdisk -lu == Disk /dev/sda: 53.7 GB, 53687091200 bytes 105 heads, 43 sectors/track, 23224 cylinders, total 104857600 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000352e8 Device Boot Start End Blocks Id System /dev/sda1 * 2048 104857599 52427776 83 Linux == END fdisk -lu == == BEGIN blkid == /dev/sda1: UUID="7e192559-d669-4919-840b-4c9a846fafa7" TYPE="ext4" == END blkid == == BEGIN cat /proc/mdstat == Personalities : unused devices: <none> == END cat /proc/mdstat == == BEGIN pvs == == END pvs == == BEGIN vgs == == END vgs == == BEGIN lvs == == END lvs == == BEGIN rpm -qa kernel\* | sort == kernel-2.6.32-642.15.1.el6.x86_64 kernel-2.6.32-642.el6.x86_64 kernel-2.6.32-696.10.3.el6.x86_64 kernel-2.6.32-696.6.3.el6.x86_64 kernel-firmware-2.6.32-696.10.3.el6.noarch kernel-headers-2.6.32-696.10.3.el6.x86_64 == END rpm -qa kernel\* | sort == == BEGIN lspci -nn == 00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC [Natoma] [8086:1237] (rev 02) 00:01.0 ISA bridge [0601]: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II] [8086:7000] 00:01.1 IDE interface [0101]: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II] [8086:7010] 00:01.2 USB controller [0c03]: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] [8086:7020] (rev 01) 00:01.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI [8086:7113] (rev 03) 00:02.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8] 00:03.0 Ethernet controller [0200]: Red Hat, Inc Virtio network device [1af4:1000] 00:04.0 SCSI storage controller [0100]: Red Hat, Inc Virtio SCSI [1af4:1004] 00:05.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon [1af4:1002] == END lspci -nn == == BEGIN lsusb == Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd == END lsusb == == BEGIN rpm -qa kmod\* kmdl\* == == END rpm -qa kmod\* kmdl\* == == BEGIN ifconfig -a == eth0 Link encap:Ethernet HWaddr FA:16:3E:A4:A9:E9 inet addr:158.69.206.22 Bcast:158.69.206.22 Mask:255.255.255.255 inet6 addr: fe80::f816:3eff:fea4:a9e9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:49069 errors:0 dropped:0 overruns:0 frame:0 TX packets:39741 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:122720380 (117.0 MiB) TX bytes:5625202 (5.3 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ppp0 Link encap:Point-to-Point Protocol inet addr:10.1.0.1 P-t-P:10.1.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:236 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:41373 (40.4 KiB) TX bytes:86 (86.0 b) == END ifconfig -a == == BEGIN brctl show == bridge name bridge id STP enabled interfaces == END brctl show == == BEGIN route -n == Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 158.69.192.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.1.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 0.0.0.0 158.69.192.1 0.0.0.0 UG 0 0 0 eth0 == END route -n == == BEGIN sysctl -a | grep .rp_filter == net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.all.arp_filter = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.arp_filter = 0 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.lo.arp_filter = 0 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.eth0.arp_filter = 0 net.ipv4.conf.ppp0.rp_filter = 1 net.ipv4.conf.ppp0.arp_filter = 0 == END sysctl -a | grep .rp_filter == == BEGIN ip rule show == 0: from all lookup local 220: from all lookup 220 32766: from all lookup main 32767: from all lookup default == END ip rule show == == BEGIN ip route show == 158.69.192.1 dev eth0 scope link 10.1.0.2 dev ppp0 proto kernel scope link src 10.1.0.1 default via 158.69.192.1 dev eth0 == END ip route show == == BEGIN cat /etc/resolv.conf == ; generated by /sbin/dhclient-script search local vps.ovh.ca nameserver 213.186.33.99 == END cat /etc/resolv.conf == == BEGIN egrep 'net|hosts' /etc/nsswitch.conf == #hosts: db files nisplus nis dns hosts: files dns #networks: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files netmasks: files networks: files netgroup: nisplus == END egrep 'net|hosts' /etc/nsswitch.conf == == BEGIN chkconfig --list | grep -Ei 'network|wpa' == network 0:off 1:off 2:on 3:on 4:on 5:on 6:off == END chkconfig --list | grep -Ei 'network|wpa' ==