L2TP Over IPSec VPN from Linux (any linux distribution)
Hi folks!
Anyone have any luck w/ L2TP Over IPSec VPN connections from some Linux distribution?
My case (USG-1100) works fine from Windows, macOS and Android. But it doesn't work from Linux distributions (Ubuntu 18.04 doesn't have client, Ubuntu 16.04, Fedora etc. I am receiving ERROR:
"578da8a0-1365-413b-97f2-88322e336242" #1: ERROR: asynchronous network error report on wlp3s0 (sport=500) for message to 176.xx.xx.xx port 500, complainant 176.xx.xx.xx: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] ).
Is it working for somebody? Does anybody know how to?
Thanks a lot!
Anyone have any luck w/ L2TP Over IPSec VPN connections from some Linux distribution?
My case (USG-1100) works fine from Windows, macOS and Android. But it doesn't work from Linux distributions (Ubuntu 18.04 doesn't have client, Ubuntu 16.04, Fedora etc. I am receiving ERROR:
"578da8a0-1365-413b-97f2-88322e336242" #1: ERROR: asynchronous network error report on wlp3s0 (sport=500) for message to 176.xx.xx.xx port 500, complainant 176.xx.xx.xx: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] ).
Is it working for somebody? Does anybody know how to?
Thanks a lot!
0
Comments
-
Hi @pista,
Can you paste USG VPN phase 1 and phase 2 negotiation log(Monitor > LOG), Maybe we can find some clues by VPN connection Log.
0 -
Hi @Zyxel_Cooldia ,
thanks for your reply! I tried from two linux devices today (Ubuntu 16.04 and Fedora r27). In the attachment you can find the logs from journalctl from both devices.“Phase1 Algorithms” is set to 3des-sha1 in Zyxel settings and in linux connection as well.“Phase2 Algorithms” to 3des-sha1 in Zyxel settings and in linux connection as well.
Looks like IKE in Phase1 are not sync correctly, just wondering why. Should I use some different settings for these algorithms?
Do you have please any idea?
Thank you!0 -
Hi @pista,
Can you provide the USG side VPN connection log, not Linux VPN log.
1) Log in USG Web GUI
2) Go to menu “Monitor > Log”, take a screen shot for VPN connection log.
0 -
Hi @Zyxel_Cooldia
It was attached in 'ubuntu_16_04' as well, screenshot in the attachment of this message.Thank you for your help in advance.
0 -
Hi @pista,
I install Ubuntu 18.04 LTS on lab device to test l2tp over IP sec VPN connection to USG. it works fine on VPN connection.
It seems phase 1 DH group mismatch with USG phase1 configuration on your site.
Can you set the phase 1 DH group to 14 (on USG) and try it again.
0 -
@Zyxel_Cooldia thx, I will do it and I will let you know!
Can you provide me some manual? Or the best would be to provide me your setting from USG and Ubuntu (to see how did you set it up). I could follow and try as well.
I appreciate your help! Thank you!0 -
Olá boa tarde! Alguém tem manual (passo a passo) como configurar a VPN no linux usando USG110 ? Pois no Windows eu consigo fazer esta configuração facilmente. Meu e-mail: edvaldo.silva@jcl-tecnologia.com.br
0 -
Hi @pista,
The following is lab testing VPN configuration, assume related VPN module installed correctly on Linux, you should only need to modify the DH group on USG phase 1 for VPN connection.
~~~~~~~~~~~~~~~~~~~~~ Configuration file~~~~~~~~~~~~~~~~~~~~~~~~~~
!
isakmp policy WIZ_L2TP_VPN
peer-ip 0.0.0.0 0.0.0.0
local-ip interface wan1
authentication pre-share
encrypted-keystring $4$9eOBIIyQ$smPR6vGlxEufdb9dONhlwS6Zi5oT2vxckyi3tK33Gakg/DwtBRF12f8G25E49YXVEbcpBxS32kJSx5xYWRqDXc3D0r4PWG5N9rGVnKzSvss$
mode main
transform-set 3des-sha 3des-md5 des-sha
group14
lifetime 86400
dpd-interval 30
peer-id type any
!
crypto map WIZ_L2TP_VPN
ipsec-isakmp WIZ_L2TP_VPN
encapsulation transport
transform-set esp-3des-sha esp-3des-md5 esp-des-sha
set security-association lifetime seconds 86400
set pfs none
scenario remote-access-server
local-policy WIZ_L2TP_VPN_LOCAL
remote-policy any
!
........
........
!
l2tp-over-ipsec crypto WIZ_L2TP_VPN
l2tp-over-ipsec pool WIZ_L2TP_VPN_IP_ADDRESS_POOL
l2tp-over-ipsec first-dns-server 8.8.8.8
l2tp-over-ipsec second-dns-server 168.95.1.1
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Web GUI configuration (Configuration > VPN > IPSec VPN > VPN gateway)
0 -
@Zyxel_Cooldia, thank you!
May I ask you what VPN module is installed on your Linux [Ubuntu 18.04 LTS]? And what file 'Configuration file' (name and destination) you meant?
Appreciate your help!0 -
Hi @pista,
You can setup L2TP connection easily by installed network-manager-l2tp network-manager-l2tp-gnome, as for related VPN module, I will send you the information you need via private message.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight