1

Using Openswan with xl2tp on archlinux (4.20) to connect to a vpn, I can create the tunnel and the ppp interface is created howerver it gets the wrong ip address:

enp4s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000  
    inet 192.168.0.10/24 brd 192.168.0.255 scope global enp4s0  

ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 3  
    link/ppp  
    inet 192.168.0.10 peer 172.16.210.254/32 scope global ppp0

The ppp gets a local (client) ip address and not one provided by the vpn, so I can ping 172.16.210.254 but not any other address in the vpn.
These 2 errors I found in journalctl seem weird but I haven't found a reason for them online:

pppd[2485]: not replacing existing default route via 192.168.0.1
pppd[2485]: Cannot determine ethernet address for proxy ARP

and 

connmand[593]: Inconsistent IP pool management (start not found)

Here is the result of route -n: 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 enp4s0
1.1.1.1         192.168.0.1     255.255.255.255 UGH   0      0        0 enp4s0
8.8.8.8         192.168.0.1     255.255.255.255 UGH   0      0        0 enp4s0
172.16.0.0      172.16.210.254  255.240.0.0     UG    0      0        0 ppp0
172.16.210.254  0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 enp4s0
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 enp4s0

I have tested the same exact configuration on a VM with debian 8 and it works.

Here is my configuration:
xl2tpd.conf: 

[lac vpn]
    lns = x.x.x.x # VPN public ip
    ppp debug = yes
    pppoptfile = /etc/ppp/options.l2tpd
    length bit = yes

ppp options.l2tp: 

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name *****
password *****

ipsec.conf :

version 2.0 # conforms to second version of ipsec.conf specification  

config setup  
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24  
        nat_traversal=yes  
        protostack=netkey  
        oe=off  
        plutoopts="--interface=enp4s0"  

conn L2TP  
        authby=secret  
        pfs=no  
        auto=add  
        keyingtries=3  
        dpddelay=30  
        dpdtimeout=120  
        dpdaction=clear  
        rekey=yes  
        ikelifetime=8h  
        keylife=1h  
        type=transport  
        left=192.168.0.10  
        leftnexthop=%defaultroute  
        leftprotoport=17/1701  
        right=x.x.x.x # VPN public IP  
        rightprotoport=17/1701
2A-66-42
  • 111
  • 3

0 Answers0