[strongSwan] help setting up basic VPN on ubuntu
Noel Kuntze
noel at familie-kuntze.de
Sat Nov 29 18:04:04 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Imran,
IPsec/L2TP is mostly used with IKEv1, not IKEv2. Please tell us what clients you're trying to use,
to make sure they try to use IKEv2, too.
L2TP is not handled by strongSwan. You need to use xl2tp for that. Most clients try to use transport mode
for the IPsec connection. Make sure your peer configuration has that specified. Also, plese make strongSwan
write a log [1] with the settings shown in [2], show us the log that was created and show us your ipsec.conf.
[1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
[2]
default = 3
mgr = 1
ike = 1
net = 1
enc = 0
cfg = 2
asn = 1
job = 1
knl = 1
append=no
ike_name=no
flush_line=yes
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 29.11.2014 um 17:53 schrieb Imran Akbar:
> Hi everyone,
> thanks for such a well-developed and maintained library.
>
> I'm trying to setup Ipsec/L2TP on my Ubuntu 14 server with IKEv2 and a PSK.
>
> I've read through a bunch of tutorials online:
> http://trick77.com/2014/05/04/strongswan-5-vpn-ubuntu-14-04-lts-psk-xauth/
> http://www.foteviken.de/?p=2175
> http://endlessroad1991.blogspot.com/2014/04/setup-ipsec-vpn-on-ec2.html
>
> and I've opened up UDP ports 500 & 4500, but I still have clients complaining about gateway timeouts and not being able to connect to the VPN.
>
> Is there some sort of a configuration script that can walk you through all the necessary steps to get this working, or a gist that someone could share of their config?
> I don't see anything in my /var/log/auth.conf that's indicative of VPN traffic.
>
> yours,
> imran
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUefyEAAoJEDg5KY9j7GZYGsYQAJH5acr+iWXnZuFsFDgH8dCz
hCeCTmFttfwVjGM1daRLS8QKrHpA7Y0a6nHdIBR92trOYU79re/m9ZAQE6SOzVFW
5eZcn9pM3ILvHtxevxNMDIJQnQ6LXk5W49gneG7GnPlDTAM2Lb3NnG7ZLQkN6mmF
Q/k5KpQCNs06yaDLnL6h2BjIs9LKLA5ldfSk6zLZjn4YNtPOn0yXS67fbFhPA9iA
azYnXOzOiyG2Goz6nphxVveclS849DLD2bH289ZdIeTdP7wFE/182MCYsgB3bzZ1
AKcLg4DwT/VUGWuHnuBTms1/d4LRN5b6q8vVy49o+XN74FHIPqkQYF8rMG511Hbb
pKYtSGeA5R/DsA5V91bBdlBmd6RooOi7HaIAVqRwAvekkXCNeNHdl7fK+MO5aLYz
TJrzQShTcoU96jBQAY0SFnLPUXURfy6ByI3ebWMxM4CQ0Zsuae8XTimVVLcLZgS1
uhvgrefEUnCHeO3pQFkNVxxF5HHSEp3TRKIgoLNvUhj8HbAeEr7a1VyBffZF/nGO
fkX2In11OZuUCAox88U2/O9k2Z1AGXgq8jVVRWRr7FtOZu/nNo4D1WXtQP60MGKU
c6IIGKzSSF4xafavS3DV2lmBUX1G2vVmDhL9LAc9OfaNS7WN3/fKIcWU0lmj/BcN
+UGOfYMOg7SRcYVg+rJ2
=hbeO
-----END PGP SIGNATURE-----
More information about the Users
mailing list