7

I'm setting up LT2p over IPSec on my Centos 6.3 fresh install.

I have iptables flushed, permit all.

Whenever I try to connect, i get a 'no reply from vpn' and nothi

Here's my ipsec.conf file (Server is 1.2.3.4) :

config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=1.2.3.4
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any

My /etc/ipsec.secrets

1.2.3.4 %any: PSK "password"

My sysctl.conf (appened lines)

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1

Here's what 'ipsec verify' gives:

# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.32/K2.6.32-279.19.1.el6.x86_64 (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing for disabled ICMP send_redirects              [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

And I see xl2tpd is listening on 1701/udp :

udp        0      0 1.2.3.4:1701     0.0.0.0:*     2096/xl2tpd 
Disco
  • 1,301
  • 5
  • 19
  • 34
  • First, use `tcpdump` on both sides to make sure that packets are being transmitted and being received. – bahamat Jan 15 '13 at 15:54
  • Ok i see this when I connect : – Disco Jan 15 '13 at 16:13
  • 17:12:38.239822 IP MYIPHERE.isakmp > SERVERIP.isakmp: isakmp: phase 1 I ident A few times but nothing after that. – Disco Jan 15 '13 at 16:13
  • Phase 1 failure means the preshared key isn't being accepted. Look for `authpriv.*` messages in syslog (on Debian in `/var/log/auth.log`). Remember, your `ipsec.secrets` file needs to have the left and right side reversed for each side. – bahamat Jan 17 '13 at 07:25
  • Is your computer (the one you're trying to connect from) to the CentOS server behind NAT? – Bogdan Stoica Feb 04 '19 at 14:36

1 Answers1

1

Check that your network is working properly the data rate of sent and recieved packets is also responding or not, sometimes due to connection lost or some other problem this problem is caused.