Hello everyone, I need help configuring a VPN with “L2TP / IPSec” and android devices.
Enabled VPN l2tp, created PSK, user created, but can not establish connection.
Thank you
P.S. This is an on-line translation
Log
Apr 20 13:21:24 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #1: Dead Peer Detection (RFC 3706): enabled
Apr 20 13:21:24 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Apr 20 13:21:24 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #1: received and ignored informational message
Apr 20 13:21:25 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #1: the peer proposed: aaa.bbb.ccc.ddd:17/1701 -> 1.160.129.220/32:17/0
Apr 20 13:21:25 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: responding to Quick Mode proposal {msgid:f4628ac9}
Apr 20 13:21:25 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: us: 192.168.1.1<%eth0>[@server.local.net,+S=C]:17/1701
Apr 20 13:21:25 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: them: 91.253.34.186[1.160.129.220,+S=C]:17/0
Apr 20 13:21:25 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 20 13:21:25 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 20 13:21:26 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: Dead Peer Detection (RFC 3706): enabled
Apr 20 13:21:26 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 20 13:21:26 server pluto[15949]: “~L2TPeth0”[2] 91.253.34.186 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x072b1027 <0xc86475ea xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=91.253.34.186:40770 DPD=enabled}
Nethserver is the default gateway of the network and the router I enabled DMZ ip address of the server, and then from the outside all the doors converge towards the red zone of the server, the PDC is enabled.
Forwarding activated on the modem into the red zone of the server, but still does not go, however, the log can see that the connection comes the server, but has rejected it for this wrong authentication,.
But user, password and key psk are just checked many times.
Apr 20 13:31:38 server pluto[15949]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 91.253.34.186 port 40384, complainant 91.253.34.186: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
It is possible that the IKE Deamon is not running on Nethserver. Is the “xl2tpd (Layer 2 Tunneling Protocol)”-Service running?
If not: Did you already tried to restart the Nethserver (if possible)?
Hm, maybe the problem is also caused by your router.
"It is also possible that the remote IP is actually a NAT device with the IPsec device behind it. In that case, using rekey=no and letting the other end initiate might make this error go away."
How to do this: I cannot tell you. Maybe @alefattorini or @davidep can?
I ran a test with openvpn both on Aruba that on my server behind modem, everything works great, but my intention was to use ipsec to avoid the openvpn install on devices.