I installed IPSec/L2TP on my vps server.
I tried to connect from my mac to this VPN server.
First time, connection is succeeded. But after a few minutes, connection was broken by itself.
After this, I tried to connection again and connection was failed.
pppd[7407]: pppd 2.4.2 (Apple version 727.1.15) started by albert, uid 501
pppd[7407]: L2TP connecting to server '174.128.103.32' (174.128.103.32)...
pppd[7407]: IPSec connection started
racoon[7408]: plogsetfile: about to add racoon log file: /var/log/racoon.log
racoon[7408]: accepted connection on vpn control socket.
racoon[7408]: Connecting.
racoon[7408]: IPSec Phase 1 started (Initiated by me).
racoon[7408]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
racoon[7408]: >>>>> phase change status = Phase 1 started by us
racoon[7408]: >>>>> phase change status = Phase 1 started by peer
racoon[7408]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
racoon[7408]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
racoon[7408]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
racoon[7408]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
racoon[7408]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6).
racoon[7408]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
racoon[7408]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode).
racoon[7408]: IPSec Phase 1 established (Initiated by me).
racoon[7408]: IPSec Phase 2 started (Initiated by me).
racoon[7408]: >>>>> phase change status = Phase 2 started
racoon[7408]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
racoon[7408]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
racoon[7408]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
racoon[7408]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode).
racoon[7408]: IPSec Phase 2 established (Initiated by me).
racoon[7408]: >>>>> phase change status = Phase 2 established
pppd[7407]: IPSec connection established
pppd[7407]: L2TP cannot connect to the server
racoon[7408]: IPSec disconnecting from server 174.128.103.32
racoon[7408]: IKE Packet: transmit success. (Information message).
racoon[7408]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
racoon[7408]: IKE Packet: transmit success. (Information message).
racoon[7408]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
racoon[7408]: glob found no matches for path "/var/run/racoon/*.conf"
racoon[7408]: pfkey DELETE failed: No such file or directory
racoon[7408]: Connecting.
racoon[7408]: Unknown Informational exchange received.
So, on my server, I tried
service ipsec restart
service xl2tpd restart
But connection was failed as before.
After 30~40 minutes, I tried again and connection was succeeded. After a few minutes, the same phenomenon occurred.
The server has two network card.
eth0's ip address 174.128.103.32, eth1's ip address is 10.177.209.15
What's wrong? Please help me.
Followings are my configuration files.
/etc/ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=%forever
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=174.128.103.32
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
/etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = no
listen-addr=174.128.103.32
port = 1701
[lns default]
ip range = 192.168.20.100-192.168.20.200
local ip = 192.168.20.1
refuse chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 4.2.2.1
ms-dns 8.8.4.4
proxyarp
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
/etc/ppp/chap-secrets
user1 l2tpd user1password *
/etc/iptables/rule.v4
iptables -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
/etc/ipsec.secrets
include /var/lib/openswan/ipsec.secrets.inc
/var/lib/openswan/ipsec.secrets.inc
#: RSA /etc/ipsec.d/private/key.pem
%any : PSK "password"
