Building network-manager-l2tp on Centos 6.9 laptop

Issues related to configuring your network
TypoSpotter
Posts: 15
Joined: 2018/06/25 12:07:10

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TypoSpotter » 2018/06/27 15:41:35

Yes thank you!:
I've added rightid=192.168.3.1 to the Work.conf file and I get this output:

Code: Select all

# ipsec auto --up Work
002 "Work" #1: initiating Main Mode
104 "Work" #1: STATE_MAIN_I1: initiate
003 "Work" #1: received Vendor ID payload [Dead Peer Detection]
003 "Work" #1: received Vendor ID payload [RFC 3947]
002 "Work" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "Work" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "Work" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "Work" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT+peer behind NAT
002 "Work" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "Work" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "Work" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.1'
002 "Work" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "Work" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP1024}
002 "Work" #1: Dead Peer Detection (RFC 3706): enabled
002 "Work" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:82f9f86c proposal=AES(12)_128-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_MODP1024}
117 "Work" #2: STATE_QUICK_I1: initiate
002 "Work" #2: Dead Peer Detection (RFC 3706): enabled
002 "Work" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "Work" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x91f72e3c <0x690b09b7 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.3.1 NATD=WORKIPADDRESS:4500 DPD=active}
Looks like the ipsec is working.

User avatar
TrevorH
Forum Moderator
Posts: 23871
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TrevorH » 2018/06/27 16:08:41

Yes, that looks hopeful. Now onto the l2tp bit of it...
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

TypoSpotter
Posts: 15
Joined: 2018/06/25 12:07:10

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TypoSpotter » 2018/06/28 10:30:04

Ok, so I have run the four commands:

Code: Select all

service ipsec start
service xl2tpd start
ipsec auto --up Work
xl2tpd-control connect Work
The first three are all ok. The fourth just gives me the command prompt without any output.
I wait a few seconds, then enter ip a. No ppp0 ip address.

The relevant bit of the /var/log/messages file says this:

Code: Select all

Jun 28 11:00:53 HOSTNAME kernel: PPP generic driver version 2.4.2
Jun 28 11:00:53 HOSTNAME kernel: NET: Registered protocol family 24
Jun 28 11:00:53 HOSTNAME kernel: PPPoL2TP kernel driver, V1.0
Jun 28 11:01:04 HOSTNAME kernel: padlock: VIA PadLock not detected.
Jun 28 11:01:04 HOSTNAME kernel: padlock: VIA PadLock Hash Engine not detected.
Jun 28 11:01:04 HOSTNAME kernel: cryptd: max_cpu_qlen set to 100
Jun 28 11:01:04 HOSTNAME kernel: alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
Jun 28 11:01:04 HOSTNAME kernel: padlock: VIA PadLock not detected.
Jun 28 11:01:04 HOSTNAME kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Jun 28 11:01:04 HOSTNAME kernel: NET: Registered protocol family 15
Jun 28 11:01:04 HOSTNAME kernel: alg: No test for cipher_null (cipher_null-generic)
Jun 28 11:01:04 HOSTNAME kernel: alg: No test for ecb(cipher_null) (ecb-cipher_null)
Jun 28 11:01:04 HOSTNAME kernel: alg: No test for digest_null (digest_null-generic)
Jun 28 11:01:04 HOSTNAME kernel: alg: No test for compress_null (compress_null-generic)
Jun 28 11:01:04 HOSTNAME kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Jun 28 11:01:12 HOSTNAME xl2tpd[3702]: setsockopt recvref[30]: Protocol not available
Jun 28 11:01:12 HOSTNAME xl2tpd[3702]: Using l2tp kernel support.
Jun 28 11:01:12 HOSTNAME xl2tpd[3703]: xl2tpd version xl2tpd-1.3.8 started on vec1503 PID:3703
Jun 28 11:01:12 HOSTNAME xl2tpd[3703]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 28 11:01:12 HOSTNAME xl2tpd[3703]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 28 11:01:12 HOSTNAME xl2tpd[3703]: Inherited by Jeff McAdams, (C) 2002
Jun 28 11:01:12 HOSTNAME xl2tpd[3703]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 28 11:01:12 HOSTNAME xl2tpd[3703]: Listening on IP address 0.0.0.0, port 1701
Jun 28 11:01:21 HOSTNAME kernel: alg: No test for authenc(hmac(sha1),cbc(aes)) (authenc(hmac(sha1-generic),cbc-aes-aesni))
Jun 28 11:01:28 HOSTNAME NetworkManager[2485]: <info> (eth0): supplicant connection state:  completed -> group handshake
Jun 28 11:01:28 HOSTNAME NetworkManager[2485]: <info> (eth0): supplicant connection state:  group handshake -> completed
Jun 28 11:01:41 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:02:12 HOSTNAME xl2tpd[3703]: Maximum retries exceeded for tunnel 53070.  Closing.
Jun 28 11:02:12 HOSTNAME xl2tpd[3703]: Connection 0 closed to WORKIPADDRESS, port 1701 (Timeout)
Jun 28 11:02:43 HOSTNAME xl2tpd[3703]: Will redial in 30 seconds
Jun 28 11:03:13 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:03:44 HOSTNAME xl2tpd[3703]: Maximum retries exceeded for tunnel 20799.  Closing.
Jun 28 11:03:44 HOSTNAME xl2tpd[3703]: Connection 0 closed to WORKIPADDRESS, port 1701 (Timeout)
Jun 28 11:04:15 HOSTNAME xl2tpd[3703]: Will redial in 30 seconds
Jun 28 11:04:45 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:05:10 HOSTNAME pulseaudio[3019]: ratelimit.c: 25 events suppressed
Jun 28 11:05:16 HOSTNAME xl2tpd[3703]: Maximum retries exceeded for tunnel 58600.  Closing.
Jun 28 11:05:16 HOSTNAME xl2tpd[3703]: Connection 0 closed to WORKIPADDRESS, port 1701 (Timeout)
Jun 28 11:05:48 HOSTNAME xl2tpd[3703]: Will redial in 30 seconds
Jun 28 11:06:18 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:06:25 HOSTNAME xl2tpd[3703]: Connection established to WORKIPADDRESS, 1701.  Local: 10490, Remote: 14 (ref=0/0).
Jun 28 11:06:25 HOSTNAME xl2tpd[3703]: Calling on tunnel 10490
Jun 28 11:06:25 HOSTNAME xl2tpd[3703]: Call established with WORKIPADDRESS, Local: 22307, Remote: 949, Serial: 1 (ref=0/0)
Jun 28 11:06:25 HOSTNAME pppd[3751]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 28 11:06:25 HOSTNAME pppd[3751]: Plugin pppol2tp.so loaded.
Jun 28 11:06:25 HOSTNAME xl2tpd[3703]: control_finish: Connection closed to WORKIPADDRESS, serial 1 ()
Jun 28 11:06:55 HOSTNAME xl2tpd[3703]: Calling on tunnel 10490
Jun 28 11:07:26 HOSTNAME xl2tpd[3703]: Maximum retries exceeded for tunnel 10490.  Closing.
Jun 28 11:07:26 HOSTNAME xl2tpd[3703]: Connection 14 closed to WORKIPADDRESS, port 1701 (Timeout)
Jun 28 11:07:56 HOSTNAME xl2tpd[3703]: Calling on tunnel 10490
Jun 28 11:08:27 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:08:58 HOSTNAME xl2tpd[3703]: Maximum retries exceeded for tunnel 34609.  Closing.
Jun 28 11:08:58 HOSTNAME xl2tpd[3703]: Connection 0 closed to WORKIPADDRESS, port 1701 (Timeout)
Jun 28 11:09:29 HOSTNAME xl2tpd[3703]: Will redial in 30 seconds
Jun 28 11:09:59 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:10:30 HOSTNAME xl2tpd[3703]: Maximum retries exceeded for tunnel 24769.  Closing.
Jun 28 11:10:30 HOSTNAME xl2tpd[3703]: Connection 0 closed to WORKIPADDRESS, port 1701 (Timeout)
Jun 28 11:11:01 HOSTNAME xl2tpd[3703]: Will redial in 30 seconds
Jun 28 11:11:28 HOSTNAME NetworkManager[2485]: <info> (eth0): supplicant connection state:  completed -> group handshake
Jun 28 11:11:28 HOSTNAME NetworkManager[2485]: <info> (eth0): supplicant connection state:  group handshake -> completed
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Connection established to WORKIPADDRESS, 1701.  Local: 2629, Remote: 14 (ref=0/0).
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Calling on tunnel 2629
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Call established with WORKIPADDRESS, Local: 28665, Remote: 955, Serial: 4 (ref=0/0)
Jun 28 11:11:31 HOSTNAME pppd[5607]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 28 11:11:31 HOSTNAME pppd[5607]: Plugin pppol2tp.so loaded.
Jun 28 11:11:31 HOSTNAME pppd[5607]: pppd 2.4.5 started by USER, uid 0
Jun 28 11:11:31 HOSTNAME pppd[5607]: Using interface ppp0
Jun 28 11:11:31 HOSTNAME pppd[5607]: Connect: ppp0 <--> 
Jun 28 11:11:31 HOSTNAME pppd[5607]: Overriding mtu 1500 to 1410
Jun 28 11:11:31 HOSTNAME pppd[5607]: Overriding mru 1500 to mtu value 1410
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: control_finish: Connection closed to WORKIPADDRESS, serial 4 ()
Jun 28 11:11:31 HOSTNAME pppd[5607]: Terminating on signal 15
Jun 28 11:11:37 HOSTNAME pppd[5607]: Connection terminated.
Jun 28 11:11:37 HOSTNAME pppd[5607]: Modem hangup
Jun 28 11:11:37 HOSTNAME pppd[5607]: Exit.
There is also an xl2tpd logfile specified in /etc/ppp/options.l2tpd.client . Here is a sample (which keeps repeating, but the channel number and the magic number keep changing):

Code: Select all

using channel 92
Using interface ppp0
Connect: ppp0 <--> 
Overriding mtu 1500 to 1410
PPPoL2TP options: debugmask 0
Overriding mru 1500 to mtu value 1410
sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <magic 0x834f9b6c>]
Terminating on signal 15
sent [LCP TermReq id=0x2 "User request"]
Modem hangup
Connection terminated.
Is there anywhere else I should be looking?

User avatar
TrevorH
Forum Moderator
Posts: 23871
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TrevorH » 2018/06/28 10:53:56

Not that I know of though if you have someone with access to the server side, maybe get them to check for errors there.

Here I get this sort of thing:

Code: Select all

Jun 25 16:21:09 c6test xl2tpd[16199]: setsockopt recvref[30]: Protocol not available
Jun 25 16:21:09 c6test kernel: PPP generic driver version 2.4.2
Jun 25 16:21:09 c6test kernel: NET: Registered protocol family 24
Jun 25 16:21:09 c6test xl2tpd[16199]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
Jun 25 16:21:09 c6test xl2tpd[16204]: xl2tpd version xl2tpd-1.3.8 started on c6test.trevor.local PID:16204
Jun 25 16:21:09 c6test xl2tpd[16204]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 25 16:21:09 c6test xl2tpd[16204]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 25 16:21:09 c6test xl2tpd[16204]: Inherited by Jeff McAdams, (C) 2002
Jun 25 16:21:09 c6test xl2tpd[16204]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 25 16:21:09 c6test xl2tpd[16204]: Listening on IP address 0.0.0.0, port 1701
Jun 25 16:21:11 c6test xl2tpd[16204]: Connecting to host z.z.z.z, port 1701
Jun 25 16:21:11 c6test xl2tpd[16204]: Connection established to z.z.z.z, 1701.  Local: 15122, Remote: 21222 (ref=0/0).
Jun 25 16:21:11 c6test xl2tpd[16204]: Calling on tunnel 15122
Jun 25 16:21:11 c6test xl2tpd[16204]: Call established with z.z.z.z, Local: 13271, Remote: 5944, Serial: 1 (ref=0/0)
Jun 25 16:21:11 c6test pppd[16207]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 25 16:21:11 c6test pppd[16207]: pppd 2.4.5 started by trevor, uid 0
Jun 25 16:21:11 c6test pppd[16207]: Using interface ppp0
Jun 25 16:21:11 c6test pppd[16207]: Connect: ppp0 <--> /dev/pts/2
Jun 25 16:21:14 c6test pppd[16207]: Remote message: Session started successfully
Jun 25 16:21:14 c6test pppd[16207]: PAP authentication succeeded
Jun 25 16:21:14 c6test pppd[16207]: local  IP address x.x.x.x
Jun 25 16:21:14 c6test pppd[16207]: remote IP address y.y.y.y
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

TypoSpotter
Posts: 15
Joined: 2018/06/25 12:07:10

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TypoSpotter » 2018/06/28 16:11:27

Thanks for your message log.
What I did notice is that while most of my connection attempts fail, every so often a connection is established.

Code: Select all

Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Connecting to host WORKIPADDRESS, port 1701
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Connection established to WORKIPADDRESS, 1701.  Local: 2629, Remote: 14 (ref=0/0).
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Calling on tunnel 2629
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: Call established with WORKIPADDRESS, Local: 28665, Remote: 955, Serial: 4 (ref=0/0)
And when the connection is established, then a call is also established. And then pppd comes in, before xl2tpd logs that the connection is closed.

Code: Select all

Jun 28 11:11:31 HOSTNAME pppd[5607]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 28 11:11:31 HOSTNAME pppd[5607]: Plugin pppol2tp.so loaded.
Jun 28 11:11:31 HOSTNAME pppd[5607]: pppd 2.4.5 started by USER, uid 0
Jun 28 11:11:31 HOSTNAME pppd[5607]: Using interface ppp0
Jun 28 11:11:31 HOSTNAME pppd[5607]: Connect: ppp0 <--> 
Jun 28 11:11:31 HOSTNAME pppd[5607]: Overriding mtu 1500 to 1410
Jun 28 11:11:31 HOSTNAME pppd[5607]: Overriding mru 1500 to mtu value 1410
Jun 28 11:11:31 HOSTNAME xl2tpd[3703]: control_finish: Connection closed to WORKIPADDRESS, serial 4 ()
Jun 28 11:11:31 HOSTNAME pppd[5607]: Terminating on signal 15
Jun 28 11:11:37 HOSTNAME pppd[5607]: Connection terminated.
Jun 28 11:11:37 HOSTNAME pppd[5607]: Modem hangup
Jun 28 11:11:37 HOSTNAME pppd[5607]: Exit.
I have also noticed this, my pppd connect message says this:

Code: Select all

Jun 28 11:11:31 HOSTNAME pppd[5607]: Connect: ppp0 <--> 
While yours says this:

Code: Select all

Jun 25 16:21:11 c6test pppd[16207]: Connect: ppp0 <--> /dev/pts/2
Possibly something wrong with my ppp setup or my options?

And there is possibly more than one thing wrong. Your connection is established first time, where mine is only established some of the time.

User avatar
TrevorH
Forum Moderator
Posts: 23871
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TrevorH » 2018/06/28 16:52:41

What's the output from uname -a on your system?
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

TypoSpotter
Posts: 15
Joined: 2018/06/25 12:07:10

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TypoSpotter » 2018/06/29 09:16:01

Code: Select all

$ uname -a
Linux HOSTNAME 2.6.32-696.30.1.el6.x86_64 #1 SMP Tue May 22 03:28:18 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

User avatar
TrevorH
Forum Moderator
Posts: 23871
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TrevorH » 2018/06/29 10:24:28

Well, it's a slim chance that this is what's different but my test system is already running 6.10 from the CR repo. If you want to try that then yum install centos-release-cr then yum --enablerepo=cr update (might need --noplugins if you have priorities assigned at the moment).
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

TypoSpotter
Posts: 15
Joined: 2018/06/25 12:07:10

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TypoSpotter » 2018/06/29 11:15:20

Sorry I should have mentioned this morning I've been trying again, this time I have NOT been modprobing pppol2tp, where previously I have been. (I noticed you haven't, and it works for you)

I don't know if that is the difference, but now I am getting this kind of input:

Code: Select all

Jun 29 12:01:50 HOSTNAME xl2tpd[4292]: Connecting to host WORKIPADDRESS, port 1701
Jun 29 12:01:50 HOSTNAME xl2tpd[4292]: Connection established to WORKIPADDRESS, 1701.  Local: 26903, Remote: 13 (ref=0/0).
Jun 29 12:01:50 HOSTNAME xl2tpd[4292]: Calling on tunnel 26903
Jun 29 12:01:50 HOSTNAME xl2tpd[4292]: Call established with WORKIPADDRESS, Local: 137, Remote: 1280, Serial: 42 (ref=0/0)
Jun 29 12:01:50 HOSTNAME pppd[5679]: Warning: can't open options file /root/.ppprc: Permission denied
Jun 29 12:01:50 HOSTNAME pppd[5679]: pppd 2.4.5 started by USER, uid 0
Jun 29 12:01:50 HOSTNAME pppd[5679]: Using interface ppp0
Jun 29 12:01:50 HOSTNAME pppd[5679]: Connect: ppp0 <--> /dev/pts/1
Jun 29 12:01:50 HOSTNAME xl2tpd[4292]: control_finish: Connection closed to WORKIPADDRESS, serial 42 ()
Jun 29 12:01:50 HOSTNAME pppd[5679]: Modem hangup
Jun 29 12:01:50 HOSTNAME pppd[5679]: Connection terminated.
Jun 29 12:01:50 HOSTNAME xl2tpd[4292]: control_finish: Connection closed to WORKIPADDRESS, port 1701 (), Local: 26903, Remote: 13
Jun 29 12:01:51 HOSTNAME pppd[5679]: Exit.
So now I get /dev/pts/1 on my connect ppp0 line. I don't know for sure if not running modprobe pppol2tp is the difference yet, but it seems quite likely. But I'm still not connecting successfully.

I have been setting up wpa_supplicant in preparation of rebooting with NetworkManager disabled. Not likely, but I wondered if NetworkManager is interfering with xl2tpd. At least I have learned how to set up wireless networks without NetworkManager if nothing else.

User avatar
TrevorH
Forum Moderator
Posts: 23871
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Building network-manager-l2tp on Centos 6.9 laptop

Post by TrevorH » 2018/06/29 11:22:02

I'm not using NM at all on my el6 test system but do on the system I usually use the VPN from though that is el7. And, no, I don't modprobe anything special.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply