Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dumasti2021-11-23 16:53:50
VPN
dumasti, 2021-11-23 16:53:50

Debian 9 does not connect via IPsec/L2TP. What could be the problem?

On the equipment of the provider (mikrotik) IPsec server. I have a debian 9 server and I need to tunnel to the server. The provider gave me:
server: dns.name
login: username
pass: PaSSw0rD
IPSEC key: KeYPassW0rd

Client side config (on debian 9):
/etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

conn myvpn
auto=add
keyexchange =ikev1
authby=secret
type=transport
left=%defaultroute
leftprotoport=17/1701
rightprotoport=17/1701
right=dns.name
ike=aes128-sha1-modp2048
esp=aes128-sha1

/etc/ipsec.secrets
: PSK "KeYPassW0rd"

/etc/xl2tpd/xl2tpd.conf
[lac myvpn]
lns = dns.name
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

/etc/ppp/options.l2tpd.client
ipcp-accept -local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name "username"
password "PaSSw0rD"

The output is:
ipsec up myvpn
initiating Main Mode IKE_SA myvpn[1] to XXX.XXX.XXX.XXX-server
generating ID_PROT request 0 [ SA VVVVV ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (240 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (160 bytes)
parsed ID_PROT response 0 [ SA VVVV ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (372 bytes)
received packet: from XXX.XXX .XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (364 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT ) ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (108 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IDir 'XXX.XXX.XXX.XXX-server' does not match to 'dns.name'
deleting IKE_SA myvpn[1 ] between XXX.XXX.XXX.XXX-client[XXX.XXX.XXX.XXX-client]...XXX.XXX.XXX.XXX-server[%any]
sending DELETE for IKE_SA myvpn[1]
generating INFORMATIONAL_V1 request 280587427 [ HASH D ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (92 bytes) establishing
connection 'myvpn'

failed ://github.com/hwdsl2/setup-ipsec-vpn/blob/mas...

Connection with iOS and Windows is obtained.
Never worked with IPsec before. Thank you for your help.
What am I doing wrong?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
N
nocufa2021-06-30 08:24:37
Why does VPN access work in one direction? 3Reply
R
Romi2021-07-02 01:04:02
How to make VPN autostart configured via GUI in Ubuntu Desktop? 1Reply
T
tradefom2020-05-04 12:44:24
How to remotely connect to a wi-fi network without having access to a wifi router? 2Reply
A
akass2015-11-01 21:45:30
How to access a network with dynamic ip? vpn? 2Reply
K
Kirill Zhilyaev2018-03-10 20:46:24
What are the optimal settings to use for a virtual TCP connection over UDP? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question