3
2
I'm trying to create a L2TP/IPSec PSK VPN from my Android phone to my Ubuntu server on my home network.
I am receiving two errors. the first one is a failure checking IP forwarding when I run ipsec verify.
"Two or more interfaces found, checking IP forwarding [FAILED]"
The second error occurs when I try and connect to ipsec from my Android phone. In the auth.log I get this error;
Aug 7 19:47:57 ubuntu pluto[5019]: packet from 70.192.193.159:13305: initial Main Mode message received on 192.168.10.104:500 but no connection has been authorized with policy=PSK
Regarding IP forwarding, yes I've added "net.ipv4.ip_forward=1" into sysctl.conf and ran "sysctl -p /etc/sysctl.conf"
From my research the common thoughts are that these problem are caused by a misconfiguration in ipsec.conf and/or ipsec.secrets.
I'm thinking the problem has to do with subtle difference when on a natted network. First I have a Comcast cable modem in bridge mode. Next I have a Linksys wired/wireless router that uses DHCP to retrieve my public IP address, 70.192.193.70. My Ubuntu server retrieves it's reserved DHCP natted IP address, et al from my Linksys router, 192.168.10.104. My Linksys router is the default gateway, 192.168.10.1.
I am hoping somebody is going to read this and say silly Chris can't you see that you have to configure these files like this.. LOL!. This reading I've done all uses example IP{ addresses like a.b.c.d and e.f.g.h. I've given you actual IP addresses to make everything less confusing. With all that below are what my files currently look like.
/etc/ipsec.secrets
192.168.10.104 %any: PSK "myPSKpassword"
/etc/ipsec.conf
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24
# virtual_private=%v4:192.168.10.0/24
#contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through which a client connects.
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
# Apple iOS doesn't send delete notify so we need dead peer detection
# to detect vanishing clients
dpddelay=30
dpdtimeout=120
dpdaction=clear
# Set ikelifetime and keylife to same defaults windows has
ikelifetime=8h
keylife=1h
type=transport
# Replace IP address with your local IP (private, behind NAT IP is okay as well)
#left=x.x.x.x
left=192.168.10.104
# For updated Windows 2000/XP clients,
# to support old clients as well, use leftprotoport=17/%any
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
#force all to be nat'ed. because of iOS
forceencaps=yes
I am so stuck.. Any and all advice is greatly welcome!
This helped get rid of my "Two or more interfaces found" problem. – Kevin Li – 2016-01-23T15:11:43.427