Hi all,
I'm trying to setup my Pi to allow to VPN to my home network when I'm away from it.
I'm using a Model B with the latest arch arm release updated
Basically I've followed these tutorials to some degree:
https://smileykeith.com/2014/01/27/ipse ... rch-linux/
http://linux.tips/tutorials/how-to-setu ... spberry-pi
When I restart the pi, the xlt2pd service doesn't seem to autostart even though I have this running:
chmod +x /usr/local/bin/vpn-boot.sh
for
/etc/systemd/system/vpnboot.service
$this->bbcode_second_pass_code('', '[Unit]
Description=VPN Settings at boot
After=netctl@eth0.service
Before=openswan.service xl2tpd.service
[Service]
ExecStart=/usr/local/bin/vpn-boot.sh
[Install]
WantedBy=multi-user.target')
The output of:
systemctl restart openswan
systemctl status openswan
$this->bbcode_second_pass_code('', '
â openswan.service - Openswan daemon
Loaded: loaded (/usr/lib/systemd/system/openswan.service; enabled)
Active: active (running) since Wed 2014-08-13 20:53:31 BST; 3s ago
Process: 799 ExecStop=/usr/lib/systemd/scripts/ipsec --stop (code=exited, status=0/SUCCESS)
Process: 873 ExecStart=/usr/lib/systemd/scripts/ipsec --start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openswan.service
ââ 966 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no -...
ââ 967 logger -s -p daemon.error -t ipsec__plutorun
ââ 970 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no -...
ââ 971 /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
ââ 972 /usr/lib/openswan/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0....
ââ 975 pluto helper # 0
ââ1110 _pluto_adns
Aug 13 20:53:32 0ri0n pluto[972]: added connection description "L2TP-PSK-noNAT"
Aug 13 20:53:32 0ri0n ipsec__plutorun[967]: 002 added connection description "L2TP-PSK-noNAT"
Aug 13 20:53:32 0ri0n pluto[972]: added connection description "passthrough-for-non-l2tp"
Aug 13 20:53:32 0ri0n ipsec__plutorun[967]: 002 added connection description "passthrough-for-non-l2tp"
Aug 13 20:53:32 0ri0n pluto[972]: listening for IKE messages
Aug 13 20:53:32 0ri0n pluto[972]: adding interface eth0/eth0 192.168.0.14:500
Aug 13 20:53:32 0ri0n pluto[972]: adding interface eth0/eth0 192.168.0.14:4500
Aug 13 20:53:32 0ri0n pluto[972]: adding interface lo/lo 127.0.0.1:500
Aug 13 20:53:32 0ri0n pluto[972]: adding interface lo/lo 127.0.0.1:4500
Aug 13 20:53:32 0ri0n pluto[972]: loading secrets from "/etc/ipsec.secrets"')
The output of:
systemctl restart xl2tpd
systemctl status xl2tpd
$this->bbcode_second_pass_code('', 'â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: active (running) since Wed 2014-08-13 20:53:52 BST; 4s ago
Main PID: 1138 (xl2tpd)
CGroup: /system.slice/xl2tpd.service
ââ1138 /usr/bin/xl2tpd -D
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Enabling IPsec SAref processing for L2TP transport mode SAs
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: setsockopt recvref[30]: Protocol not available
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Not looking for kernel support.
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: xl2tpd version xl2tpd-1.3.6 started on 0ri0n PID:1138
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Inherited by Jeff McAdams, (C) 2002
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Aug 13 20:53:52 0ri0n xl2tpd[1138]: xl2tpd[1138]: Listening on IP address 192.168.0.14, port 1701')
The output of:
ipsec verify
$this->bbcode_second_pass_code('', 'Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.41/K3.12.26-1-ARCH (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [FAILED]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
ipsec verify: encountered errors')
Output of netstat -tulpan:
$this->bbcode_second_pass_code('', 'Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 180/sshd
tcp 0 0 192.168.0.14:22 192.168.0.4:50657 ESTABLISHED 759/sshd: pi [priv]
tcp 0 0 192.168.0.14:22 5.9.18.243:2192 ESTABLISHED 752/sshd: root
tcp 0 0 192.168.0.14:22 188.40.84.10:2403 ESTABLISHED 770/sshd: root
tcp 0 0 192.168.0.14:22 176.9.47.75:4114 ESTABLISHED 1167/sshd: root
udp 0 0 127.0.0.1:4500 0.0.0.0:* 972/pluto
udp 0 0 192.168.0.14:4500 0.0.0.0:* 972/pluto
udp 0 0 192.168.0.14:1701 0.0.0.0:* 1138/xl2tpd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 156/avahi-daemon: r
udp 0 0 127.0.0.1:500 0.0.0.0:* 972/pluto
udp 0 0 192.168.0.14:500 0.0.0.0:* 972/pluto
udp 0 0 0.0.0.0:48932 0.0.0.0:* 156/avahi-daemon: r
udp 0 0 0.0.0.0:68 0.0.0.0:* 736/dhcpcd
udp 0 0 0.0.0.0:68 0.0.0.0:* 727/dhcpcd ')
VPN setup
7 posts
• Page 1 of 1
Re: VPN setup
by WarheadsSE » Wed Aug 13, 2014 8:52 pm
The output of the three services prior to restarting them would be more useful.
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: VPN setup
by Ali3n0id » Wed Aug 13, 2014 9:09 pm
My bad 
systemctl status openswan
$this->bbcode_second_pass_code('', 'â openswan.service - Openswan daemon
Loaded: loaded (/usr/lib/systemd/system/openswan.service; enabled)
Active: active (running) since Thu 1970-01-01 01:00:33 BST; 44 years 7 months ago
Process: 178 ExecStart=/usr/lib/systemd/scripts/ipsec --start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openswan.service
ââ425 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --f...
ââ426 logger -s -p daemon.error -t ipsec__plutorun
ââ427 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --f...
ââ428 /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
ââ431 /usr/lib/openswan/pluto --nofork --secretsfile /etc/ipsec.se...
ââ435 pluto helper # 0
ââ670 _pluto_adns
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description..."
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "L2TP-PSK-noNAT"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description..."
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "passthrough...p"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description..."
Jan 01 01:00:36 0ri0n pluto[431]: listening for IKE messages
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:500
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:4500
Jan 01 01:00:36 0ri0n pluto[431]: loading secrets from "/etc/ipsec.secrets"
Jan 01 01:00:36 0ri0n ipsec__plutorun[426]: 022 "passthrough-for-non-l2tp": ...n
Hint: Some lines were ellipsized, use -l to show in full.')
systemctl status xl2tpd
$this->bbcode_second_pass_code('', '
â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: failed (Result: exit-code) since Thu 1970-01-01 01:00:33 BST; 44 years 7 months ago
Process: 433 ExecStart=/usr/bin/xl2tpd -D (code=exited, status=1/FAILURE)
Main PID: 433 (code=exited, status=1/FAILURE)
Jan 01 01:00:33 0ri0n systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
Jan 01 01:00:33 0ri0n systemd[1]: xl2tpd.service: main process exited, code...RE
Jan 01 01:00:33 0ri0n systemd[1]: Unit xl2tpd.service entered failed state.
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: Enabling IPsec SAref proces...As
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: IPsec SAref does not work w...es
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: init_network: Unable to bin...g.
Hint: Some lines were ellipsized, use -l to show in full.
')
ipsec verify
$this->bbcode_second_pass_code('', '
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.41/K3.12.26-1-ARCH (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [FAILED]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
ipsec verify: encountered errors
')
systemctl status openswan
$this->bbcode_second_pass_code('', 'â openswan.service - Openswan daemon
Loaded: loaded (/usr/lib/systemd/system/openswan.service; enabled)
Active: active (running) since Thu 1970-01-01 01:00:33 BST; 44 years 7 months ago
Process: 178 ExecStart=/usr/lib/systemd/scripts/ipsec --start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openswan.service
ââ425 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --f...
ââ426 logger -s -p daemon.error -t ipsec__plutorun
ââ427 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --f...
ââ428 /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
ââ431 /usr/lib/openswan/pluto --nofork --secretsfile /etc/ipsec.se...
ââ435 pluto helper # 0
ââ670 _pluto_adns
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description..."
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "L2TP-PSK-noNAT"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description..."
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "passthrough...p"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description..."
Jan 01 01:00:36 0ri0n pluto[431]: listening for IKE messages
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:500
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:4500
Jan 01 01:00:36 0ri0n pluto[431]: loading secrets from "/etc/ipsec.secrets"
Jan 01 01:00:36 0ri0n ipsec__plutorun[426]: 022 "passthrough-for-non-l2tp": ...n
Hint: Some lines were ellipsized, use -l to show in full.')
systemctl status xl2tpd
$this->bbcode_second_pass_code('', '
â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: failed (Result: exit-code) since Thu 1970-01-01 01:00:33 BST; 44 years 7 months ago
Process: 433 ExecStart=/usr/bin/xl2tpd -D (code=exited, status=1/FAILURE)
Main PID: 433 (code=exited, status=1/FAILURE)
Jan 01 01:00:33 0ri0n systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
Jan 01 01:00:33 0ri0n systemd[1]: xl2tpd.service: main process exited, code...RE
Jan 01 01:00:33 0ri0n systemd[1]: Unit xl2tpd.service entered failed state.
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: Enabling IPsec SAref proces...As
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: IPsec SAref does not work w...es
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: init_network: Unable to bin...g.
Hint: Some lines were ellipsized, use -l to show in full.
')
ipsec verify
$this->bbcode_second_pass_code('', '
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.41/K3.12.26-1-ARCH (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [FAILED]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
ipsec verify: encountered errors
')
- Ali3n0id
- Posts: 9
- Joined: Sun Aug 03, 2014 12:03 pm
Re: VPN setup
by WarheadsSE » Thu Aug 14, 2014 12:12 am
Can I get that xl2tpd status with -l? It cut off the messages. Rather important.
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: VPN setup
by Ali3n0id » Thu Aug 14, 2014 5:41 pm
Of course!
$this->bbcode_second_pass_code('', ' systemctl status xl2tpd -l
â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: failed (Result: exit-code) since Thu 1970-01-01 01:00:33 BST; 44 year s 7 months ago
Process: 433 ExecStart=/usr/bin/xl2tpd -D (code=exited, status=1/FAILURE)
Main PID: 433 (code=exited, status=1/FAILURE)
Jan 01 01:00:33 0ri0n systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
Jan 01 01:00:33 0ri0n systemd[1]: xl2tpd.service: main process exited, code=exited, status=1/FAILURE
Jan 01 01:00:33 0ri0n systemd[1]: Unit xl2tpd.service entered failed state.
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: Enabling IPsec SAref processing for L2TP transport mode SAs
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: init_network: Unable to bind socket: Cannot assign requested address. Terminating.
')
$this->bbcode_second_pass_code('', ' systemctl status xl2tpd -l
â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: failed (Result: exit-code) since Thu 1970-01-01 01:00:33 BST; 44 year s 7 months ago
Process: 433 ExecStart=/usr/bin/xl2tpd -D (code=exited, status=1/FAILURE)
Main PID: 433 (code=exited, status=1/FAILURE)
Jan 01 01:00:33 0ri0n systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
Jan 01 01:00:33 0ri0n systemd[1]: xl2tpd.service: main process exited, code=exited, status=1/FAILURE
Jan 01 01:00:33 0ri0n systemd[1]: Unit xl2tpd.service entered failed state.
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: Enabling IPsec SAref processing for L2TP transport mode SAs
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes
Jan 01 01:00:34 0ri0n xl2tpd[433]: xl2tpd[433]: init_network: Unable to bind socket: Cannot assign requested address. Terminating.
')
- Ali3n0id
- Posts: 9
- Joined: Sun Aug 03, 2014 12:03 pm
Re: VPN setup
by WarheadsSE » Thu Aug 14, 2014 6:51 pm
Yeah, sorting out that last line will probably solve your issue.
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: VPN setup
by Ali3n0id » Sun Aug 17, 2014 8:03 pm
Okay
I've gotten rid of this message by changing the IP address in
$this->bbcode_second_pass_code('', '
systemctl status xl2tpd -l
â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: active (running) since Sun 2014-08-17 20:52:11 BST; 8min ago
Main PID: 21745 (xl2tpd)
CGroup: /system.slice/xl2tpd.service
ââ21745 /usr/bin/xl2tpd -D
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Enabling IPsec SAref processing for L2TP transport mode SAs
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: IPsec SAref does not work with L2TP kernel mode yet, ena bling force userspace=yes
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: setsockopt recvref[30]: Protocol not available
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Not looking for kernel support.
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: xl2tpd version xl2tpd-1.3.6 started on 0ri0n PID:21745
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc .
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Inherited by Jeff McAdams, (C) 2002
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Listening on IP address 192.168.0.14, port 1701
')
However now openswan has an issue:
$this->bbcode_second_pass_code('', 'systemctl status openswan -l
â openswan.service - Openswan daemon
Loaded: loaded (/usr/lib/systemd/system/openswan.service; enabled)
Active: active (running) since Thu 1970-01-01 01:00:33 BST; 44 years 7 months ago
Process: 178 ExecStart=/usr/lib/systemd/scripts/ipsec --start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openswan.service
ââ425 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$ --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --plutostderrlogtime no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
ââ426 logger -s -p daemon.error -t ipsec__plutorun
ââ427 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$ --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --plutostderrlogtime no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
ââ428 /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
ââ431 /usr/lib/openswan/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$
ââ435 pluto helper # 0
ââ670 _pluto_adns
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description "L2TP-PSK-NAT"
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "L2TP-PSK-noNAT"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description "L2TP-PSK-noNAT"
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "passthrough-for-non-l2tp"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description "passthrough-for-non-l2tp"
Jan 01 01:00:36 0ri0n pluto[431]: listening for IKE messages
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:500
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:4500
Jan 01 01:00:36 0ri0n pluto[431]: loading secrets from "/etc/ipsec.secrets"
Jan 01 01:00:36 0ri0n ipsec__plutorun[426]: 022 "passthrough-for-non-l2tp": we cannot identify ourselves with either end of this connection
')
I've gotten rid of this message by changing the IP address in
$this->bbcode_second_pass_code('', '
systemctl status xl2tpd -l
â xl2tpd.service - Level 2 Tunnel Protocol Daemon (L2TP)
Loaded: loaded (/usr/lib/systemd/system/xl2tpd.service; enabled)
Active: active (running) since Sun 2014-08-17 20:52:11 BST; 8min ago
Main PID: 21745 (xl2tpd)
CGroup: /system.slice/xl2tpd.service
ââ21745 /usr/bin/xl2tpd -D
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Enabling IPsec SAref processing for L2TP transport mode SAs
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: IPsec SAref does not work with L2TP kernel mode yet, ena bling force userspace=yes
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: setsockopt recvref[30]: Protocol not available
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Not looking for kernel support.
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: xl2tpd version xl2tpd-1.3.6 started on 0ri0n PID:21745
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc .
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Inherited by Jeff McAdams, (C) 2002
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Aug 17 20:52:11 0ri0n xl2tpd[21745]: xl2tpd[21745]: Listening on IP address 192.168.0.14, port 1701
')
However now openswan has an issue:
$this->bbcode_second_pass_code('', 'systemctl status openswan -l
â openswan.service - Openswan daemon
Loaded: loaded (/usr/lib/systemd/system/openswan.service; enabled)
Active: active (running) since Thu 1970-01-01 01:00:33 BST; 44 years 7 months ago
Process: 178 ExecStart=/usr/lib/systemd/scripts/ipsec --start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openswan.service
ââ425 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$ --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --plutostderrlogtime no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
ââ426 logger -s -p daemon.error -t ipsec__plutorun
ââ427 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$ --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --plutostderrlogtime no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
ââ428 /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
ââ431 /usr/lib/openswan/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$
ââ435 pluto helper # 0
ââ670 _pluto_adns
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description "L2TP-PSK-NAT"
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "L2TP-PSK-noNAT"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description "L2TP-PSK-noNAT"
Jan 01 01:00:35 0ri0n pluto[431]: added connection description "passthrough-for-non-l2tp"
Jan 01 01:00:35 0ri0n ipsec__plutorun[426]: 002 added connection description "passthrough-for-non-l2tp"
Jan 01 01:00:36 0ri0n pluto[431]: listening for IKE messages
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:500
Jan 01 01:00:36 0ri0n pluto[431]: adding interface lo/lo 127.0.0.1:4500
Jan 01 01:00:36 0ri0n pluto[431]: loading secrets from "/etc/ipsec.secrets"
Jan 01 01:00:36 0ri0n ipsec__plutorun[426]: 022 "passthrough-for-non-l2tp": we cannot identify ourselves with either end of this connection
')
- Ali3n0id
- Posts: 9
- Joined: Sun Aug 03, 2014 12:03 pm
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 56 guests