Here is my attempt:
(my instructions differ from yours and come from here:
https://github.com/hwdsl2/setup-ipsec-v ... pn-clients
I am going to investigate some of these differences in a minute)
Code: Select all
# service strongswan start
Starting strongswan: Starting strongSwan 5.4.0 IPsec [starter]...
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/key/af_key.ko
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/ipv4/ah4.ko
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/ipv4/esp4.ko
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/xfrm/xfrm_ipcomp.ko
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/ipv4/ipcomp.ko
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/ipv4/tunnel4.ko
insmod /lib/modules/2.6.32-696.30.1.el6.x86_64/kernel/net/ipv4/xfrm4_tunnel.ko
[ OK ]
# mkdir -p /var/run/xl2tpd
# touch /var/run/xl2tpd/l2tp-control
# service xl2tpd start
Starting xl2tpd: [ OK ]
# strongswan up work
initiating Main Mode IKE_SA work[1] to my.work.ip.addr
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.0.13[500] to my.work.ip.addr[500] (188 bytes)
received packet: from my.work.ip.addr[500] to 192.168.0.13[500] (124 bytes)
parsed ID_PROT response 0 [ SA V V ]
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.0.13[500] to my.work.ip.addr[500] (244 bytes)
received packet: from my.work.ip.addr[500] to 192.168.0.13[500] (228 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
remote host is behind NAT
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.0.13[4500] to my.work.ip.addr[4500] (108 bytes)
received packet: from my.work.ip.addr[4500] to 192.168.0.13[4500] (92 bytes)
parsed ID_PROT response 0 [ ID HASH N(INITIAL_CONTACT) ]
IDir '192.168.3.1' does not match to 'my.work.ip.addr'
deleting IKE_SA work[1] between 192.168.0.13[192.168.0.13]...my.work.ip.addr[%any]
sending DELETE for IKE_SA work[1]
generating INFORMATIONAL_V1 request 2576914902 [ HASH D ]
sending packet: from 192.168.0.13[4500] to my.work.ip.addr[4500] (92 bytes)
connection 'work' established successfully
# echo "c work" > /var/run/xl2tpd/l2tp-control
At this point
ip a does not show a ppp0 ip address.
Code: Select all
more /var/log/messages
...
Jun 26 22:08:20 hostname charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.4.0, Linux 2.6.32-696.30.1.el6.x86_64, x86_64)
Jun 26 22:08:20 hostname charon: 00[LIB] openssl FIPS mode(2) - enabled
Jun 26 22:08:20 hostname charon: 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
Jun 26 22:08:20 hostname charon: 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
Jun 26 22:08:20 hostname charon: 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
Jun 26 22:08:20 hostname charon: 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
Jun 26 22:08:20 hostname charon: 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
Jun 26 22:08:20 hostname charon: 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
Jun 26 22:08:20 hostname charon: 00[CFG] loaded IKE secret for %any
Jun 26 22:08:20 hostname charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc cmac hmac ctr cc
m gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
Jun 26 22:08:20 hostname charon: 00[JOB] spawning 16 worker threads
Jun 26 22:08:20 hostname charon: 06[CFG] received stroke: add connection 'work'
Jun 26 22:08:20 hostname charon: 06[CFG] added configuration 'work'
Jun 26 22:11:23 hostname NetworkManager[2520]: <info> (eth0): supplicant connection state: completed -> group handshake
Jun 26 22:11:23 hostname NetworkManager[2520]: <info> (eth0): supplicant connection state: group handshake -> completed
Jun 26 22:12:34 hostname xl2tpd[3513]: setsockopt recvref[30]: Protocol not available
Jun 26 22:12:34 hostname kernel: PPP generic driver version 2.4.2
Jun 26 22:12:34 hostname kernel: NET: Registered protocol family 24
Jun 26 22:12:34 hostname xl2tpd[3513]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
Jun 26 22:12:34 hostname xl2tpd[3518]: xl2tpd version xl2tpd-1.3.8 started on hostname PID:3518
Jun 26 22:12:34 hostname xl2tpd[3518]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 26 22:12:34 hostname xl2tpd[3518]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 26 22:12:34 hostname xl2tpd[3518]: Inherited by Jeff McAdams, (C) 2002
Jun 26 22:12:34 hostname xl2tpd[3518]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 26 22:12:34 hostname xl2tpd[3518]: Listening on IP address 0.0.0.0, port 1701
Jun 26 22:13:28 hostname charon: 13[CFG] received stroke: initiate 'work'
Jun 26 22:13:28 hostname charon: 04[IKE] initiating Main Mode IKE_SA work[1] to my.work.ip.addr
Jun 26 22:13:28 hostname charon: 04[ENC] generating ID_PROT request 0 [ SA V V V V ]
Jun 26 22:13:28 hostname charon: 04[NET] sending packet: from 192.168.0.13[500] to my.work.ip.addr[500] (188 bytes)
Jun 26 22:13:28 hostname charon: 08[NET] received packet: from my.work.ip.addr[500] to 192.168.0.13[500] (124 bytes)
Jun 26 22:13:28 hostname charon: 08[ENC] parsed ID_PROT response 0 [ SA V V ]
Jun 26 22:13:28 hostname charon: 08[IKE] received DPD vendor ID
Jun 26 22:13:28 hostname charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
Jun 26 22:13:28 hostname charon: 08[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jun 26 22:13:28 hostname charon: 08[NET] sending packet: from 192.168.0.13[500] to my.work.ip.addr[500] (244 bytes)
Jun 26 22:13:28 hostname charon: 03[NET] received packet: from my.work.ip.addr[500] to 192.168.0.13[500] (228 bytes)
Jun 26 22:13:28 hostname charon: 03[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 26 22:13:28 hostname charon: 03[IKE] local host is behind NAT, sending keep alives
Jun 26 22:13:28 hostname charon: 03[IKE] remote host is behind NAT
Jun 26 22:13:28 hostname charon: 03[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Jun 26 22:13:28 hostname charon: 03[NET] sending packet: from 192.168.0.13[4500] to my.work.ip.addr[4500] (108 bytes)
Jun 26 22:13:28 hostname charon: 11[NET] received packet: from my.work.ip.addr[4500] to 192.168.0.13[4500] (92 bytes)
Jun 26 22:13:28 hostname charon: 11[ENC] parsed ID_PROT response 0 [ ID HASH N(INITIAL_CONTACT) ]
Jun 26 22:13:28 hostname charon: 11[IKE] IDir '192.168.3.1' does not match to 'my.work.ip.addr'
Jun 26 22:13:28 hostname charon: 11[IKE] deleting IKE_SA work[1] between 192.168.0.13[192.168.0.13]...my.work.ip.addr[%any]
Jun 26 22:13:28 hostname charon: 11[IKE] sending DELETE for IKE_SA work[1]
Jun 26 22:13:28 hostname charon: 11[ENC] generating INFORMATIONAL_V1 request 2576914902 [ HASH D ]
Jun 26 22:13:28 hostname charon: 11[NET] sending packet: from 192.168.0.13[4500] to my.work.ip.addr[4500] (92 bytes)
Jun 26 22:18:52 hostname xl2tpd[3518]: Connecting to host my.work.ip.addr, port 1701
Jun 26 22:18:52 hostname xl2tpd[3518]: Connection established to my.work.ip.addr, 1701. Local: 34400, Remote: 12 (ref=0/0).
Jun 26 22:18:52 hostname xl2tpd[3518]: Calling on tunnel 34400
Jun 26 22:18:52 hostname xl2tpd[3518]: Call established with my.work.ip.addr, Local: 7162, Remote: 702, Serial: 1 (ref=0/0)
Jun 26 22:18:52 hostname pppd[3529]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 26 22:18:52 hostname xl2tpd[3518]: control_finish: Connection closed to my.work.ip.addr, serial 1 ()
Jun 26 22:18:52 hostname xl2tpd[3518]: control_finish: Connection closed to my.work.ip.addr, port 1701 (), Local: 34400, Remote: 12
Jun 26 22:21:23 hostname NetworkManager[2520]: <info> (eth0): supplicant connection state: completed -> group handshake
Jun 26 22:21:23 hostname NetworkManager[2520]: <info> (eth0): supplicant connection state: group handshake -> completed
Jun 26 22:21:57 hostname xl2tpd[3518]: Connecting to host my.work.ip.addr, port 1701
Jun 26 22:21:57 hostname xl2tpd[3518]: Connection established to my.work.ip.addr, 1701. Local: 32686, Remote: 12 (ref=0/0).
Jun 26 22:21:57 hostname xl2tpd[3518]: Calling on tunnel 32686
Jun 26 22:21:57 hostname xl2tpd[3518]: Call established with my.work.ip.addr, Local: 19569, Remote: 703, Serial: 2 (ref=0/0)
Jun 26 22:21:57 hostname pppd[3532]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 26 22:21:57 hostname pppd[3532]: pppd 2.4.5 started by user, uid 0
Jun 26 22:21:57 hostname xl2tpd[3518]: control_finish: Connection closed to my.work.ip.addr, serial 2 ()
Jun 26 22:21:57 hostname pppd[3532]: Couldn't get channel number: Input/output error
Jun 26 22:21:58 hostname pppd[3532]: Exit.
Jun 26 22:23:28 hostname xl2tpd[3518]: Maximum retries exceeded for tunnel 32686. Closing.
Jun 26 22:23:28 hostname xl2tpd[3518]: Connection 12 closed to my.work.ip.addr, port 1701 (Timeout)
I noticed I forgot to modprobe the appropriate modules, so I try again:
Code: Select all
# modprobe l2tp_ppp
FATAL: Module l2tp_ppp not found.
# modprobe pppol2tp
# service xl2tpd restart
Stopping xl2tpd: [ OK ]
Starting xl2tpd: [ OK ]
# echo "c work" > /var/run/xl2tpd/l2tp-control
Again no ppp0 ip address from
ip a
Code: Select all
Jun 26 22:32:22 hostname kernel: PPPoL2TP kernel driver, V1.0
Jun 26 22:32:52 hostname xl2tpd[3518]: death_handler: Fatal signal 15 received
Jun 26 22:32:52 hostname xl2tpd[3561]: setsockopt recvref[30]: Protocol not available
Jun 26 22:32:52 hostname xl2tpd[3561]: Using l2tp kernel support.
Jun 26 22:32:52 hostname xl2tpd[3562]: xl2tpd version xl2tpd-1.3.8 started on hostname PID:3562
Jun 26 22:32:52 hostname xl2tpd[3562]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 26 22:32:52 hostname xl2tpd[3562]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 26 22:32:52 hostname xl2tpd[3562]: Inherited by Jeff McAdams, (C) 2002
Jun 26 22:32:52 hostname xl2tpd[3562]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 26 22:32:52 hostname xl2tpd[3562]: Listening on IP address 0.0.0.0, port 1701
Jun 26 22:33:13 hostname xl2tpd[3562]: Connecting to host my.work.ip.addr, port 1701
Jun 26 22:33:13 hostname xl2tpd[3562]: Connection established to my.work.ip.addr, 1701. Local: 59127, Remote: 12 (ref=0/0).
Jun 26 22:33:13 hostname xl2tpd[3562]: Calling on tunnel 59127
Jun 26 22:33:13 hostname xl2tpd[3562]: Call established with my.work.ip.addr, Local: 1582, Remote: 704, Serial: 1 (ref=0/0)
Jun 26 22:33:13 hostname pppd[3564]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 26 22:33:13 hostname pppd[3564]: Plugin pppol2tp.so loaded.
Jun 26 22:33:13 hostname pppd[3564]: pppd 2.4.5 started by user, uid 0
Jun 26 22:33:13 hostname pppd[3564]: Using interface ppp0
Jun 26 22:33:13 hostname pppd[3564]: Connect: ppp0 <-->
Jun 26 22:33:13 hostname pppd[3564]: Overriding mtu 1500 to 1410
Jun 26 22:33:13 hostname pppd[3564]: Overriding mru 1500 to mtu value 1410
Jun 26 22:33:13 hostname xl2tpd[3562]: control_finish: Connection closed to my.work.ip.addr, serial 1 ()
Jun 26 22:33:13 hostname pppd[3564]: Terminating on signal 15
Jun 26 22:33:19 hostname pppd[3564]: Connection terminated.
Jun 26 22:33:19 hostname charon: 06[KNL] interface ppp0 deleted
Jun 26 22:33:19 hostname pppd[3564]: Modem hangup
Jun 26 22:33:19 hostname pppd[3564]: Exit.
Jun 26 22:34:44 hostname xl2tpd[3562]: Maximum retries exceeded for tunnel 59127. Closing.
Jun 26 22:34:44 hostname xl2tpd[3562]: Connection 12 closed to my.work.ip.addr, port 1701 (Timeout)