1

I am trying to set up a VPN (Strongswan + xl2tpd) between my desktop and a server in AWS both running Linux (Ubuntu) but I really am getting lost.

I believe I have the IPSec part working but I am not entirely convinced as the l2tp part does not work and doesn't seem to show anything in the logs.

I bring the IPSec tunnel up with

$ ipsec up AWSVPN

Then:

$ ipsec status
Security Associations (1 up, 0 connecting):
      AWSVPN[3]: ESTABLISHED 17 minutes ago, 192.168.1.150[robin.blah.blah]...52.x.x.91[vpn.blah.blah]
      AWSVPN{7}:  INSTALLED, TUNNEL, ESP in UDP SPIs: ca867b64_i cda2db1d_o
      AWSVPN{7}:   10.0.1.123/32 === 10.0.0.0/23

Trying the l2tp part:

$ echo "c awsvpn" > /var/run/xl2tpd/l2tp-control

I get this in the client syslog:

Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: get_call: allocating new tunnel for host 52.25.35.91, port 1701.
Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: Connecting to host 52.x.x.91, port 1701
Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: control_finish: message type is (null)(0).  Tunnel is 0, call is 0.
Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: control_finish: sending SCCRQ
Jul 15 13:18:38 H61N-USB3 xl2tpd[10340]: network_thread: select timeout
Jul 15 13:18:42 H61N-USB3 xl2tpd[10340]: message repeated 4 times: [ network_thread: select timeout]
Jul 15 13:18:42 H61N-USB3 xl2tpd[10340]: Maximum retries exceeded for tunnel 65296.  Closing.
Jul 15 13:18:42 H61N-USB3 xl2tpd[10340]: Connection 0 closed to 52.x.x.91, port 1701 (Timeout)
Jul 15 13:18:43 H61N-USB3 xl2tpd[10340]: network_thread: select timeout
Jul 15 13:18:47 H61N-USB3 xl2tpd[10340]: message repeated 4 times: [ network_thread: select timeout]
Jul 15 13:18:47 H61N-USB3 xl2tpd[10340]: Unable to deliver closing message for tunnel 65296. Destroying anyway.

On the server I get nothing.

Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: xl2tpd version xl2tpd-1.3.6 started on ip-172-31-38-36 PID:4751
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Inherited by Jeff McAdams, (C) 2002
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Listening on IP address 0.0.0.0, port 1701

I think there must be some step I am missing. Can anyone help?

Robin Elvin
  • 131
  • 1
  • 1
  • 5
  • If you use private IPs in the IPsec tunnel you probably have to adjust the L2TP config accordingly. But why even use L2TP if both hosts run Linux? Just use plain IPsec in tunnel mode, preferably with IKEv2. – ecdsa Jul 16 '15 at 14:19
  • @ecdsa I got it working by adding a route on the local side. If I only bring up the IPsec tunnel I cannot access the internet via it. – Robin Elvin Jul 16 '15 at 21:15

0 Answers0