B
blamares023452
Hello,
We have a VPN connection at work setup from where people with OSX have got it to work. But I cant get it to work on ubuntu Ubuntu 12.04.4 LTS.
On OSX the settings that work are: Server: 123.123.123, accountname: pelle, password: pwd_pelle, with a shared key: pwd_group (and empty group name). [as a cisco vpn tunnel]
This is my /etc/ipsec.conf
Code:
# /etc/ipsec.conf - Openswan IPsec configuration file
# $Id$
# Manual: ipsec.conf(5)
# Created: Tue Mar 25 09:08:06 2014
# by: The L2TP IPsec VPN Manager application version 1.0.6
#
# WARNING! All changes made in this file will be lost!
version 2.0 # conforms to second version of ipsec.conf specification
config setup
# plutodebug="parsing emitting control private"
plutodebug=none
strictcrlpolicy=no
nat_traversal=yes
interfaces=%defaultroute
oe=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey
conn %default
keyingtries=3
pfs=no
rekey=yes
type=transport
left=%defaultroute
leftprotoport=17/1701
rightprotoport=17/1701
# Add connections here.
conn Work
leftid=[AT sign]VPN_Group_2
leftxauthusername=pelle
left=%defaultroute
right=123.123.123
keyexchange=ike
auto=start
auth=esp
authby=secret
ikelifetime=28800s
esp=3des-sha1;modp1024
ike=3des-sha1,aes128-sha1;modp1024
pfs=yes
compress=no
forceencaps=yes
remote_peer_type=cisco
rightxauthserver=yes
And this is my ipsec.secrets
Code:
# /etc/ipsec.secrets - secrets for IKE/IPsec authentication
# $Id$
# Manual: ipsec.secrets(5)
# Created: Tue Mar 25 09:08:06 2014
# by: The L2TP IPsec VPN Manager application version 1.0.6
#
# WARNING! All changes made in this file will be lost!
#
#
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
#
%any : PSK "pwd_group"
[at sign]pelle : XAUTH "pwd_pelle"
I get this while connecting:
Code:
root_pc:~# ipsec auto --add Work
root_pc:~# ipsec auto --up Work
104 "Work" #4: STATE_MAIN_I1: initiate
003 "Work" #4: received Vendor ID payload [RFC 3947] method set to=109
003 "Work" #4: received Vendor ID payload [Dead Peer Detection]
003 "Work" #4: ignoring unknown Vendor ID payload [8299031757a36082c6a621de000500b3]
106 "Work" #4: STATE_MAIN_I2: sent MI2, expecting MR2
003 "Work" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
108 "Work" #4: STATE_MAIN_I3: sent MI3, expecting MR3
010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 20s for response
010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 40s for response
031 "Work" #4: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "Work" #4: starting keying attempt 2 of at most 3, but releasing whack
And these are the settings in the fortigate 111c web-UI as seen from the people who set up the tunnel.
at this URL:
i.imgur.comXXX/BKSyvRg.jpg
Note: using vpnc with cisco vpn does not work either. My settings are:
root_pc:~# cat /etc/vpnc/myvpn.conf
Code:
IPSec gateway 123.123.123
IPSec secret pwd_group
IKE Authmode psk
Xauth username pelle
Xauth password pwd_pelle
Debug 200
IKE DH Group dh2
Continue reading...
We have a VPN connection at work setup from where people with OSX have got it to work. But I cant get it to work on ubuntu Ubuntu 12.04.4 LTS.
On OSX the settings that work are: Server: 123.123.123, accountname: pelle, password: pwd_pelle, with a shared key: pwd_group (and empty group name). [as a cisco vpn tunnel]
This is my /etc/ipsec.conf
Code:
# /etc/ipsec.conf - Openswan IPsec configuration file
# $Id$
# Manual: ipsec.conf(5)
# Created: Tue Mar 25 09:08:06 2014
# by: The L2TP IPsec VPN Manager application version 1.0.6
#
# WARNING! All changes made in this file will be lost!
version 2.0 # conforms to second version of ipsec.conf specification
config setup
# plutodebug="parsing emitting control private"
plutodebug=none
strictcrlpolicy=no
nat_traversal=yes
interfaces=%defaultroute
oe=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey
conn %default
keyingtries=3
pfs=no
rekey=yes
type=transport
left=%defaultroute
leftprotoport=17/1701
rightprotoport=17/1701
# Add connections here.
conn Work
leftid=[AT sign]VPN_Group_2
leftxauthusername=pelle
left=%defaultroute
right=123.123.123
keyexchange=ike
auto=start
auth=esp
authby=secret
ikelifetime=28800s
esp=3des-sha1;modp1024
ike=3des-sha1,aes128-sha1;modp1024
pfs=yes
compress=no
forceencaps=yes
remote_peer_type=cisco
rightxauthserver=yes
And this is my ipsec.secrets
Code:
# /etc/ipsec.secrets - secrets for IKE/IPsec authentication
# $Id$
# Manual: ipsec.secrets(5)
# Created: Tue Mar 25 09:08:06 2014
# by: The L2TP IPsec VPN Manager application version 1.0.6
#
# WARNING! All changes made in this file will be lost!
#
#
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
#
%any : PSK "pwd_group"
[at sign]pelle : XAUTH "pwd_pelle"
I get this while connecting:
Code:
root_pc:~# ipsec auto --add Work
root_pc:~# ipsec auto --up Work
104 "Work" #4: STATE_MAIN_I1: initiate
003 "Work" #4: received Vendor ID payload [RFC 3947] method set to=109
003 "Work" #4: received Vendor ID payload [Dead Peer Detection]
003 "Work" #4: ignoring unknown Vendor ID payload [8299031757a36082c6a621de000500b3]
106 "Work" #4: STATE_MAIN_I2: sent MI2, expecting MR2
003 "Work" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
108 "Work" #4: STATE_MAIN_I3: sent MI3, expecting MR3
010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 20s for response
010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 40s for response
031 "Work" #4: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "Work" #4: starting keying attempt 2 of at most 3, but releasing whack
And these are the settings in the fortigate 111c web-UI as seen from the people who set up the tunnel.
at this URL:
i.imgur.comXXX/BKSyvRg.jpg
Note: using vpnc with cisco vpn does not work either. My settings are:
root_pc:~# cat /etc/vpnc/myvpn.conf
Code:
IPSec gateway 123.123.123
IPSec secret pwd_group
IKE Authmode psk
Xauth username pelle
Xauth password pwd_pelle
Debug 200
IKE DH Group dh2
Continue reading...