0

I spent 2 days to configure and figure what's wrong with this setup of L2TP/IPsec VPN. I'm using Debian 8.6 on my VPS server and on my Virtual machine on laptop I'm using Ubuntu 14.04.5. On my VPS im using Strongswan for IKE, xl2tpd and ppp. I have error from Charon called "no shared key found for MY VPS IP ADDRESS - MY IP ADDRESS" which can u see on this logs from journal. Here are files and logs from my Debian, Ubuntu and files content, i don't know what's wrong. I think its small error or something is missing which i can't see here.

journalctl log https://i.sstatic.net/Bg8aT.png

/etc/ipsec.conf

config setup
    # strictcrlpolicy=yes
    # uniqueids = no

# Add connections here.
conn vpnserver
        type=transport
        authby=secret
        pfs=no
        rekey=no
        keyingtries=1
        left=%any
        leftprotoport=udp/l2tp
        #[email protected]
        right=%any
        rightprotoport=udp/%any
        auto=add

/etc/ipsec.secrets

MY VPS IP ADDRESS %any: PSK "testkeyy1234"

/etc/xl2tpd/xl2tpd.conf

[global]

listen-addr = access control = no debug avp = yes debug network = yes debug state = yes debug tunnel = yes

[lns default]

ip range = 192.168.200.100-192.168.200.110
local ip = 192.168.200.10

refuse pap = yes refuse chap = no
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/xl2tpd-options
length bit = yes

/etc/ipsec.d/l2tp-psk.conf

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT

authby=secret
pfs=no
auto=add
keyingtries=3 rekey=no
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h keylife=1h
type=transport
left= GATEWAY IP
leftprotoport=17/1701

right=%any
rightprotoport=17/%any

conn passthrough-for-non-l2tp

    type=passthrough
    left=<MY VPS IP ADDRESS>
    leftnexthop=<MY VPS GATEWAY ADDRESS>
    right=0.0.0.0
    rightsubnet=0.0.0.0/0
    auto=route

/etc/ppp/xl2tpd-options

mru 1280
mtu 1280
require-mschap-v2
auth
nodefaultroute
lock proxyarp
require-chap
ms-dns 8.8.8.8
ms-dns 8.8.4.4

/etc/ppp/chap-secrets

user l2tpd password *

Here are log from Ubuntu connection info i have Error 300 comunicate

Linux log https://i.sstatic.net/2T3k3.png

I checked ipsec verify command and it gives me no errors. Here is rest of ubuntu files content:

/etc/ipsec.secrets

%any MY VPS IP ADDRESS: PSK "testkeyy1234"

/etc/ipsec.conf

version 2.0
config setup

    plutodebug=none
    strictcrlpolicy=no
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
    protostack=netkey

conn %default

    keyingtries=3
    pfs=no
    rekey=yes
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701 conn test      authby=secret
    right=<MY VPS IP ADDRESS>
    rightid="<MY VPS IP ADDRESS>"
    auto=add

/etc/xl2tpd/xl2tpd.conf

[global]

debug avp = no
debug network = no
debug packet = no debug state = no
debug tunnel = no

[lac test]
lns = MY VPS IP ADDRESS
pppoptfile = /etc/ppp/test.options.xl2tpd
length bit = yes
redial = no

/etc/ppp/test.options.xl2tpd

plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock hide-password
modem
noipx

ipparam L2tpIPsecVpn-test
promptprog "/usr/bin/L2tpIPsecVpn"

refuse-eap
refuse-pap

remotename ""
name "user"

Improve this question

1 Answer 1

Reset to default
0

It looks like you didn't put a space before the colon in %any: PSK. There must be at least one space character on both sides of the colon (unless the colon starts the line), otherwise strongSwan's stroke plugin won't be able to load the secret.

Improve this answer
1
  • Thank u it worked. I put spaces on server file before IP and after %any now it looks like: (space)IP %any : PSK "password" . On my ubuntu now it looks like: (no space)%any IP : PSK "password". Problem solved.
    – Jacob
    Commented Nov 8, 2016 at 17:21

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .