Answer the question
In order to leave comments, you need to log in
Debian 9 does not connect via IPsec/L2TP. What could be the problem?
On the equipment of the provider (mikrotik) IPsec server. I have a debian 9 server and I need to tunnel to the server. The provider gave me:
server: dns.name
login: username
pass: PaSSw0rD
IPSEC key: KeYPassW0rd
Client side config (on debian 9):
/etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
conn myvpn
auto=add
keyexchange =ikev1
authby=secret
type=transport
left=%defaultroute
leftprotoport=17/1701
rightprotoport=17/1701
right=dns.name
ike=aes128-sha1-modp2048
esp=aes128-sha1
/etc/ipsec.secrets
: PSK "KeYPassW0rd"
/etc/xl2tpd/xl2tpd.conf
[lac myvpn]
lns = dns.name
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept -local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name "username"
password "PaSSw0rD"
The output is:
ipsec up myvpn
initiating Main Mode IKE_SA myvpn[1] to XXX.XXX.XXX.XXX-server
generating ID_PROT request 0 [ SA VVVVV ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (240 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (160 bytes)
parsed ID_PROT response 0 [ SA VVVV ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (372 bytes)
received packet: from XXX.XXX .XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (364 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT ) ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (108 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IDir 'XXX.XXX.XXX.XXX-server' does not match to 'dns.name'
deleting IKE_SA myvpn[1 ] between XXX.XXX.XXX.XXX-client[XXX.XXX.XXX.XXX-client]...XXX.XXX.XXX.XXX-server[%any]
sending DELETE for IKE_SA myvpn[1]
generating INFORMATIONAL_V1 request 280587427 [ HASH D ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (92 bytes) establishing
connection 'myvpn'
failed ://github.com/hwdsl2/setup-ipsec-vpn/blob/mas...
Connection with iOS and Windows is obtained.
Never worked with IPsec before. Thank you for your help.
What am I doing wrong?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question