How to set up L2TP client on Ubuntu 18.04?IPSec/L2TP Setupl2tp client yakkety (16.10)18.04 VPN l2tp issue - connects but no access to resources18.04 L2TP VPN Config - what am I missing?L2TP Connection Client on ubuntu 18.04 Server

What's the origin of the trope that dragons used to be common but aren't any more?

How to get previous command without arrow key

Translate "loyal animal" into classical Latin

Googlebot crawls my page too often

Why do the Romance languages use definite articles, when Latin doesn't?

Is 写真 an onomatopoeia?

How are hillsides farmed?

Heat-shrink tubing available as a roll like adhesive tape?

Is this really played by 2200+ players?

How to exaggerate the elevation in QGIS 3.6?

Is the word "attendance" derived from "at ten dance"?

Phrase: the sun is out

Is Heraclitus really a Mobilist?

そう "seem" used for hearing

What happened to SEV?

Endless disc brake issues

Best way to drill square tubing (Without drill press)

How to distinguish between different instruments in a classical orchestra?

Why didn't Petunia know that Harry wasn't supposed to use magic out of school?

What's the part number of this LEGO element?

What kind of mathematical disciplines would be most useful for physics?

Why is Microwaved mac & cheese burnt where they touch?

Is there a name for the phenomenon of false positives counterintuitively outstripping true positives

paying debt collector's invalid rent claim, then suing landlord for money back



How to set up L2TP client on Ubuntu 18.04?


IPSec/L2TP Setupl2tp client yakkety (16.10)18.04 VPN l2tp issue - connects but no access to resources18.04 L2TP VPN Config - what am I missing?L2TP Connection Client on ubuntu 18.04 Server






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















I set up my system according to a tutorial I found on the Internet.



I basically installed the necessary dependencies:



sudo apt install network-manager 
sudo apt install network-manager-l2tp
sudo apt install network-manager-strongswan


And configured them by applying changes on the following files (VPN_SERVER_IP, VPN_IPSEC_PSK, VPN_USERNAME, VPN_PASSWORD are replaced by the real values; XXX.XXX.XXX.XXX in the logs down below is the IP address of the VPN server)



/etc/ipsec.conf:



conn %default
 ikelifetime=60m
 keylife=20m
 rekeymargin=3m
 keyingtries=1
 keyexchange=ikev1
 authby=secret
 ike=aes128-sha1-modp1024,3des-sha1-modp1024!
 esp=aes128-sha1-modp1024,3des-sha1-modp1024!

conn myvpn
 keyexchange=ikev1
 left=%defaultroute
 auto=add
 authby=secret
 type=transport
 leftprotoport=17/1701
 rightprotoport=17/1701
 right=$VPN_SERVER_IP


/etc/ipsec.secrets:



: PSK "$VPN_IPSEC_PSK"


/etc/xl2tpd/xl2tpd.conf:



[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes


/etc/ppp/options.l2tpd.client:



ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name $VPN_USERNAME
password $VPN_PASSWORD


/etc/NetworkManager/NetworkManager.conf (default, nothing changed):



[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no


When I want to connect to VPN I do /etc/init.d/network-manager start, nothing extraordinary shows up in the logs:



ifupdown configuration found.
<info> [1559053123.4216] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
<info> [1559053123.4216] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found.
<info> [1559053123.4216] end _init.
<info> [1559053123.4216] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-settings-plugin-ifupdown.so)
<info> [1559053123.4217] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': new request (1 scripts)
<info> [1559053123.4217] (735157440) ... get_connections.
May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': start running ordered scripts...
<info> [1559053123.4217] (735157440) ... get_connections (managed=false): return empty list.
<info> [1559053123.4218] get unmanaged devices count: 0
<info> [1559053123.4218] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
<info> [1559053123.4218] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
<info> [1559053123.4218] manager: Networking is enabled by state file
<info> [1559053123.4219] dhcp-init: Using DHCP client 'dhclient'
<info> [1559053123.4220] Loaded device plugin: NMBondDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMBridgeDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMDummyDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMEthernetDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMInfinibandDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMMacsecDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMMacvlanDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMPppDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMTunDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMVethDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMVlanDeviceFactory (internal)
<info> [1559053123.4222] Loaded device plugin: NMVxlanDeviceFactory (internal)
<info> [1559053123.4229] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wwan.so)
<info> [1559053123.4234] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-bluetooth.so)
<info> [1559053123.4236] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wifi.so)
<info> [1559053123.4242] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-team.so)
<info> [1559053123.4244] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adsl.so)
<info> [1559053123.4252] device (lo): carrier: link connected
<info> [1559053123.4258] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
<info> [1559053123.4262] device (enp5s0): carrier: link connected
<info> [1559053123.4285] manager: (enp5s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
<info> [1559053123.4335] modem-manager: ModemManager available
<info> [1559053123.4336] manager: startup complete


ipsec up myvpn also seems successful:



initiating Main Mode IKE_SA myvpn[1] to 82.161.237.247
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (212 bytes)
received packet: from 82.161.237.247[500] to 192.168.10.56[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (244 bytes)
received packet: from 82.161.237.247[500] to 192.168.10.56[500] (244 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (108 bytes)
received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.10.56[192.168.10.56]...82.161.237.247[82.161.237.247]
scheduling reauthentication in 3420s
maximum IKE_SA lifetime 3600s
generating QUICK_MODE request 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (364 bytes)
received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (332 bytes)
parsed QUICK_MODE response 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
CHILD_SA myvpn1 established with SPIs c970ab39_i cf32f312_o and TS 192.168.10.56/32[udp/l2f] === 82.161.237.247/32[udp/l2f]
generating QUICK_MODE request 1511457566 [ HASH ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (60 bytes)
connection 'myvpn' established successfully


So in general it looks like there are no errors, but I am unable to verify whether I actually made the connection or not. The biggest issue is that no ppp0 device shows up when I execute ip link:



1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
 link/ether 6c:f0:49:70:55:16 brd ff:ff:ff:ff:ff:ff


Because of that I am unable do define which traffic should go through the VPN server. How can I ensure that ppp0 device shows up and the IP address is assigned to it by the DHCP/VPN server?






18.04 vpn ipsec







share|improve this question
































    0

















    I set up my system according to a tutorial I found on the Internet.



    I basically installed the necessary dependencies:



    sudo apt install network-manager 
    sudo apt install network-manager-l2tp
    sudo apt install network-manager-strongswan


    And configured them by applying changes on the following files (VPN_SERVER_IP, VPN_IPSEC_PSK, VPN_USERNAME, VPN_PASSWORD are replaced by the real values; XXX.XXX.XXX.XXX in the logs down below is the IP address of the VPN server)



    /etc/ipsec.conf:



    conn %default
     ikelifetime=60m
     keylife=20m
     rekeymargin=3m
     keyingtries=1
     keyexchange=ikev1
     authby=secret
     ike=aes128-sha1-modp1024,3des-sha1-modp1024!
     esp=aes128-sha1-modp1024,3des-sha1-modp1024!

    conn myvpn
     keyexchange=ikev1
     left=%defaultroute
     auto=add
     authby=secret
     type=transport
     leftprotoport=17/1701
     rightprotoport=17/1701
     right=$VPN_SERVER_IP


    /etc/ipsec.secrets:



    : PSK "$VPN_IPSEC_PSK"


    /etc/xl2tpd/xl2tpd.conf:



    [lac myvpn]
    lns = $VPN_SERVER_IP
    ppp debug = yes
    pppoptfile = /etc/ppp/options.l2tpd.client
    length bit = yes


    /etc/ppp/options.l2tpd.client:



    ipcp-accept-local
    ipcp-accept-remote
    refuse-eap
    require-chap
    noccp
    noauth
    mtu 1280
    mru 1280
    noipdefault
    defaultroute
    usepeerdns
    debug
    lock
    connect-delay 5000
    name $VPN_USERNAME
    password $VPN_PASSWORD


    /etc/NetworkManager/NetworkManager.conf (default, nothing changed):



    [main]
    plugins=ifupdown,keyfile

    [ifupdown]
    managed=false

    [device]
    wifi.scan-rand-mac-address=no


    When I want to connect to VPN I do /etc/init.d/network-manager start, nothing extraordinary shows up in the logs:



    ifupdown configuration found.
    <info> [1559053123.4216] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
    <info> [1559053123.4216] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found.
    <info> [1559053123.4216] end _init.
    <info> [1559053123.4216] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-settings-plugin-ifupdown.so)
    <info> [1559053123.4217] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
    May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': new request (1 scripts)
    <info> [1559053123.4217] (735157440) ... get_connections.
    May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': start running ordered scripts...
    <info> [1559053123.4217] (735157440) ... get_connections (managed=false): return empty list.
    <info> [1559053123.4218] get unmanaged devices count: 0
    <info> [1559053123.4218] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
    <info> [1559053123.4218] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
    <info> [1559053123.4218] manager: Networking is enabled by state file
    <info> [1559053123.4219] dhcp-init: Using DHCP client 'dhclient'
    <info> [1559053123.4220] Loaded device plugin: NMBondDeviceFactory (internal)
    <info> [1559053123.4220] Loaded device plugin: NMBridgeDeviceFactory (internal)
    <info> [1559053123.4220] Loaded device plugin: NMDummyDeviceFactory (internal)
    <info> [1559053123.4220] Loaded device plugin: NMEthernetDeviceFactory (internal)
    <info> [1559053123.4220] Loaded device plugin: NMInfinibandDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMMacsecDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMMacvlanDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMPppDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMTunDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMVethDeviceFactory (internal)
    <info> [1559053123.4221] Loaded device plugin: NMVlanDeviceFactory (internal)
    <info> [1559053123.4222] Loaded device plugin: NMVxlanDeviceFactory (internal)
    <info> [1559053123.4229] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wwan.so)
    <info> [1559053123.4234] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-bluetooth.so)
    <info> [1559053123.4236] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wifi.so)
    <info> [1559053123.4242] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-team.so)
    <info> [1559053123.4244] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adsl.so)
    <info> [1559053123.4252] device (lo): carrier: link connected
    <info> [1559053123.4258] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
    <info> [1559053123.4262] device (enp5s0): carrier: link connected
    <info> [1559053123.4285] manager: (enp5s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
    <info> [1559053123.4335] modem-manager: ModemManager available
    <info> [1559053123.4336] manager: startup complete


    ipsec up myvpn also seems successful:



    initiating Main Mode IKE_SA myvpn[1] to 82.161.237.247
    generating ID_PROT request 0 [ SA V V V V V ]
    sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (212 bytes)
    received packet: from 82.161.237.247[500] to 192.168.10.56[500] (136 bytes)
    parsed ID_PROT response 0 [ SA V V V ]
    received XAuth vendor ID
    received DPD vendor ID
    received NAT-T (RFC 3947) vendor ID
    generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
    sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (244 bytes)
    received packet: from 82.161.237.247[500] to 192.168.10.56[500] (244 bytes)
    parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
    local host is behind NAT, sending keep alives
    generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (108 bytes)
    received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (76 bytes)
    parsed ID_PROT response 0 [ ID HASH ]
    IKE_SA myvpn[1] established between 192.168.10.56[192.168.10.56]...82.161.237.247[82.161.237.247]
    scheduling reauthentication in 3420s
    maximum IKE_SA lifetime 3600s
    generating QUICK_MODE request 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
    sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (364 bytes)
    received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (332 bytes)
    parsed QUICK_MODE response 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
    CHILD_SA myvpn1 established with SPIs c970ab39_i cf32f312_o and TS 192.168.10.56/32[udp/l2f] === 82.161.237.247/32[udp/l2f]
    generating QUICK_MODE request 1511457566 [ HASH ]
    sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (60 bytes)
    connection 'myvpn' established successfully


    So in general it looks like there are no errors, but I am unable to verify whether I actually made the connection or not. The biggest issue is that no ppp0 device shows up when I execute ip link:



    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
     link/ether 6c:f0:49:70:55:16 brd ff:ff:ff:ff:ff:ff


    Because of that I am unable do define which traffic should go through the VPN server. How can I ensure that ppp0 device shows up and the IP address is assigned to it by the DHCP/VPN server?






    18.04 vpn ipsec







    share|improve this question




























      0












      0








      0


      1






      I set up my system according to a tutorial I found on the Internet.



      I basically installed the necessary dependencies:



      sudo apt install network-manager 
      sudo apt install network-manager-l2tp
      sudo apt install network-manager-strongswan


      And configured them by applying changes on the following files (VPN_SERVER_IP, VPN_IPSEC_PSK, VPN_USERNAME, VPN_PASSWORD are replaced by the real values; XXX.XXX.XXX.XXX in the logs down below is the IP address of the VPN server)



      /etc/ipsec.conf:



      conn %default
       ikelifetime=60m
       keylife=20m
       rekeymargin=3m
       keyingtries=1
       keyexchange=ikev1
       authby=secret
       ike=aes128-sha1-modp1024,3des-sha1-modp1024!
       esp=aes128-sha1-modp1024,3des-sha1-modp1024!

      conn myvpn
       keyexchange=ikev1
       left=%defaultroute
       auto=add
       authby=secret
       type=transport
       leftprotoport=17/1701
       rightprotoport=17/1701
       right=$VPN_SERVER_IP


      /etc/ipsec.secrets:



      : PSK "$VPN_IPSEC_PSK"


      /etc/xl2tpd/xl2tpd.conf:



      [lac myvpn]
      lns = $VPN_SERVER_IP
      ppp debug = yes
      pppoptfile = /etc/ppp/options.l2tpd.client
      length bit = yes


      /etc/ppp/options.l2tpd.client:



      ipcp-accept-local
      ipcp-accept-remote
      refuse-eap
      require-chap
      noccp
      noauth
      mtu 1280
      mru 1280
      noipdefault
      defaultroute
      usepeerdns
      debug
      lock
      connect-delay 5000
      name $VPN_USERNAME
      password $VPN_PASSWORD


      /etc/NetworkManager/NetworkManager.conf (default, nothing changed):



      [main]
      plugins=ifupdown,keyfile

      [ifupdown]
      managed=false

      [device]
      wifi.scan-rand-mac-address=no


      When I want to connect to VPN I do /etc/init.d/network-manager start, nothing extraordinary shows up in the logs:



      ifupdown configuration found.
      <info> [1559053123.4216] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
      <info> [1559053123.4216] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found.
      <info> [1559053123.4216] end _init.
      <info> [1559053123.4216] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-settings-plugin-ifupdown.so)
      <info> [1559053123.4217] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
      May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': new request (1 scripts)
      <info> [1559053123.4217] (735157440) ... get_connections.
      May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': start running ordered scripts...
      <info> [1559053123.4217] (735157440) ... get_connections (managed=false): return empty list.
      <info> [1559053123.4218] get unmanaged devices count: 0
      <info> [1559053123.4218] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
      <info> [1559053123.4218] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
      <info> [1559053123.4218] manager: Networking is enabled by state file
      <info> [1559053123.4219] dhcp-init: Using DHCP client 'dhclient'
      <info> [1559053123.4220] Loaded device plugin: NMBondDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMBridgeDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMDummyDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMEthernetDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMInfinibandDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMMacsecDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMMacvlanDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMPppDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMTunDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMVethDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMVlanDeviceFactory (internal)
      <info> [1559053123.4222] Loaded device plugin: NMVxlanDeviceFactory (internal)
      <info> [1559053123.4229] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wwan.so)
      <info> [1559053123.4234] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-bluetooth.so)
      <info> [1559053123.4236] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wifi.so)
      <info> [1559053123.4242] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-team.so)
      <info> [1559053123.4244] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adsl.so)
      <info> [1559053123.4252] device (lo): carrier: link connected
      <info> [1559053123.4258] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
      <info> [1559053123.4262] device (enp5s0): carrier: link connected
      <info> [1559053123.4285] manager: (enp5s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
      <info> [1559053123.4335] modem-manager: ModemManager available
      <info> [1559053123.4336] manager: startup complete


      ipsec up myvpn also seems successful:



      initiating Main Mode IKE_SA myvpn[1] to 82.161.237.247
      generating ID_PROT request 0 [ SA V V V V V ]
      sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (212 bytes)
      received packet: from 82.161.237.247[500] to 192.168.10.56[500] (136 bytes)
      parsed ID_PROT response 0 [ SA V V V ]
      received XAuth vendor ID
      received DPD vendor ID
      received NAT-T (RFC 3947) vendor ID
      generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
      sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (244 bytes)
      received packet: from 82.161.237.247[500] to 192.168.10.56[500] (244 bytes)
      parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      local host is behind NAT, sending keep alives
      generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (108 bytes)
      received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (76 bytes)
      parsed ID_PROT response 0 [ ID HASH ]
      IKE_SA myvpn[1] established between 192.168.10.56[192.168.10.56]...82.161.237.247[82.161.237.247]
      scheduling reauthentication in 3420s
      maximum IKE_SA lifetime 3600s
      generating QUICK_MODE request 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
      sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (364 bytes)
      received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (332 bytes)
      parsed QUICK_MODE response 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
      CHILD_SA myvpn1 established with SPIs c970ab39_i cf32f312_o and TS 192.168.10.56/32[udp/l2f] === 82.161.237.247/32[udp/l2f]
      generating QUICK_MODE request 1511457566 [ HASH ]
      sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (60 bytes)
      connection 'myvpn' established successfully


      So in general it looks like there are no errors, but I am unable to verify whether I actually made the connection or not. The biggest issue is that no ppp0 device shows up when I execute ip link:



      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
       link/ether 6c:f0:49:70:55:16 brd ff:ff:ff:ff:ff:ff


      Because of that I am unable do define which traffic should go through the VPN server. How can I ensure that ppp0 device shows up and the IP address is assigned to it by the DHCP/VPN server?






      18.04 vpn ipsec







      share|improve this question















      I set up my system according to a tutorial I found on the Internet.



      I basically installed the necessary dependencies:



      sudo apt install network-manager 
      sudo apt install network-manager-l2tp
      sudo apt install network-manager-strongswan


      And configured them by applying changes on the following files (VPN_SERVER_IP, VPN_IPSEC_PSK, VPN_USERNAME, VPN_PASSWORD are replaced by the real values; XXX.XXX.XXX.XXX in the logs down below is the IP address of the VPN server)



      /etc/ipsec.conf:



      conn %default
       ikelifetime=60m
       keylife=20m
       rekeymargin=3m
       keyingtries=1
       keyexchange=ikev1
       authby=secret
       ike=aes128-sha1-modp1024,3des-sha1-modp1024!
       esp=aes128-sha1-modp1024,3des-sha1-modp1024!

      conn myvpn
       keyexchange=ikev1
       left=%defaultroute
       auto=add
       authby=secret
       type=transport
       leftprotoport=17/1701
       rightprotoport=17/1701
       right=$VPN_SERVER_IP


      /etc/ipsec.secrets:



      : PSK "$VPN_IPSEC_PSK"


      /etc/xl2tpd/xl2tpd.conf:



      [lac myvpn]
      lns = $VPN_SERVER_IP
      ppp debug = yes
      pppoptfile = /etc/ppp/options.l2tpd.client
      length bit = yes


      /etc/ppp/options.l2tpd.client:



      ipcp-accept-local
      ipcp-accept-remote
      refuse-eap
      require-chap
      noccp
      noauth
      mtu 1280
      mru 1280
      noipdefault
      defaultroute
      usepeerdns
      debug
      lock
      connect-delay 5000
      name $VPN_USERNAME
      password $VPN_PASSWORD


      /etc/NetworkManager/NetworkManager.conf (default, nothing changed):



      [main]
      plugins=ifupdown,keyfile

      [ifupdown]
      managed=false

      [device]
      wifi.scan-rand-mac-address=no


      When I want to connect to VPN I do /etc/init.d/network-manager start, nothing extraordinary shows up in the logs:



      ifupdown configuration found.
      <info> [1559053123.4216] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
      <info> [1559053123.4216] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found.
      <info> [1559053123.4216] end _init.
      <info> [1559053123.4216] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-settings-plugin-ifupdown.so)
      <info> [1559053123.4217] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
      May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': new request (1 scripts)
      <info> [1559053123.4217] (735157440) ... get_connections.
      May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': start running ordered scripts...
      <info> [1559053123.4217] (735157440) ... get_connections (managed=false): return empty list.
      <info> [1559053123.4218] get unmanaged devices count: 0
      <info> [1559053123.4218] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
      <info> [1559053123.4218] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
      <info> [1559053123.4218] manager: Networking is enabled by state file
      <info> [1559053123.4219] dhcp-init: Using DHCP client 'dhclient'
      <info> [1559053123.4220] Loaded device plugin: NMBondDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMBridgeDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMDummyDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMEthernetDeviceFactory (internal)
      <info> [1559053123.4220] Loaded device plugin: NMInfinibandDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMMacsecDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMMacvlanDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMPppDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMTunDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMVethDeviceFactory (internal)
      <info> [1559053123.4221] Loaded device plugin: NMVlanDeviceFactory (internal)
      <info> [1559053123.4222] Loaded device plugin: NMVxlanDeviceFactory (internal)
      <info> [1559053123.4229] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wwan.so)
      <info> [1559053123.4234] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-bluetooth.so)
      <info> [1559053123.4236] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wifi.so)
      <info> [1559053123.4242] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-team.so)
      <info> [1559053123.4244] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adsl.so)
      <info> [1559053123.4252] device (lo): carrier: link connected
      <info> [1559053123.4258] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
      <info> [1559053123.4262] device (enp5s0): carrier: link connected
      <info> [1559053123.4285] manager: (enp5s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
      <info> [1559053123.4335] modem-manager: ModemManager available
      <info> [1559053123.4336] manager: startup complete


      ipsec up myvpn also seems successful:



      initiating Main Mode IKE_SA myvpn[1] to 82.161.237.247
      generating ID_PROT request 0 [ SA V V V V V ]
      sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (212 bytes)
      received packet: from 82.161.237.247[500] to 192.168.10.56[500] (136 bytes)
      parsed ID_PROT response 0 [ SA V V V ]
      received XAuth vendor ID
      received DPD vendor ID
      received NAT-T (RFC 3947) vendor ID
      generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
      sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (244 bytes)
      received packet: from 82.161.237.247[500] to 192.168.10.56[500] (244 bytes)
      parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      local host is behind NAT, sending keep alives
      generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (108 bytes)
      received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (76 bytes)
      parsed ID_PROT response 0 [ ID HASH ]
      IKE_SA myvpn[1] established between 192.168.10.56[192.168.10.56]...82.161.237.247[82.161.237.247]
      scheduling reauthentication in 3420s
      maximum IKE_SA lifetime 3600s
      generating QUICK_MODE request 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
      sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (364 bytes)
      received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (332 bytes)
      parsed QUICK_MODE response 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
      CHILD_SA myvpn1 established with SPIs c970ab39_i cf32f312_o and TS 192.168.10.56/32[udp/l2f] === 82.161.237.247/32[udp/l2f]
      generating QUICK_MODE request 1511457566 [ HASH ]
      sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (60 bytes)
      connection 'myvpn' established successfully


      So in general it looks like there are no errors, but I am unable to verify whether I actually made the connection or not. The biggest issue is that no ppp0 device shows up when I execute ip link:



      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
       link/ether 6c:f0:49:70:55:16 brd ff:ff:ff:ff:ff:ff


      Because of that I am unable do define which traffic should go through the VPN server. How can I ensure that ppp0 device shows up and the IP address is assigned to it by the DHCP/VPN server?






      18.04 vpn ipsec




      18.04 vpn ipsec






      share|improve this question














      share|improve this question











      share|improve this question




      share|improve this question










      asked May 28 at 14:28









      Michal B.Michal B.

      1012 bronze badges




      1012 bronze badges























          1 Answer
          1






          active

          oldest

          votes


















          0


















          echo "c myvpn" > /var/run/xl2tpd/l2tp-control executed as root should create ppp0 interface. I did some changes to config files and when I issued this command I found out logs complaining about lock option in /etc/ppp/options.l2tpd.client being unknown (in /var/log/syslog). I removed lock from the config file and now it works.



          My current configuration is pasted below.



          /etc/ipsec.conf:



          config setup

          conn %default
           ikelifetime=60m
           keylife=20m
           rekeymargin=3m
           keyingtries=1
           keyexchange=ikev1
           authby=secret
           ike=aes128-sha1-modp1024,3des-sha1-modp1024!
           esp=aes128-sha1-modp1024,3des-sha1-modp1024!

          conn myvpn
           keyexchange=ikev1
           left=%defaultroute
           auto=add
           authby=secret
           rekey=no
           type=transport
           left=%any
           leftprotoport=17/1701
           rightprotoport=17/1701
           right=VPN_SERVER
           rightid=%any
           dpdaction=clear


          /etc/xl2tpd/xl2tpd.conf:



          [lac myvpn]
          lns = VPN_SERVER
          require chap = yes
          refuse pap = yes
          require authentication = yes
          name = VPN_USER
          ppp debug = yes
          pppoptfile = /etc/ppp/options.l2tpd.client
          length bit = yes


          /etc/ppp/options.l2tpd.client:



          ipcp-accept-local
          ipcp-accept-remote
          require-chap
          #refuse-chap
          refuse-eap
          refuse-pap
          require-mschap
          require-mschap-v2
          noccp
          noauth
          idle 1800
          mtu 1410
          mru 1410
          nodefaultroute
          usepeerdns
          debug
          connect-delay 5000
          name VPN_USER
          password VPN_USER_PASSWORD
          remotename myvpn
          ipparam myvpn


          /etc/network/interfaces:



          iface tunnel inet ppp
          provider myvpn


          Result:



          ~# ifconfig
          enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
           inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
           inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
           ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
           RX packets 822593 bytes 135972174 (135.9 MB)
           RX errors 0 dropped 31185 overruns 0 frame 0
           TX packets 854688 bytes 150862324 (150.8 MB)
           TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

          lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
           inet 127.0.0.1 netmask 255.0.0.0
           inet6 ::1 prefixlen 128 scopeid 0x10<host>
           loop txqueuelen 1000 (Local Loopback)
           RX packets 70050 bytes 5703649 (5.7 MB)
           RX errors 0 dropped 0 overruns 0 frame 0
           TX packets 70050 bytes 5703649 (5.7 MB)
           TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

          ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
           inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
           ppp txqueuelen 3 (Point-to-Point Protocol)
           RX packets 3 bytes 54 (54.0 B)
           RX errors 0 dropped 0 overruns 0 frame 0
           TX packets 3 bytes 54 (54.0 B)
           TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0





          share|improve this answer



























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );














            draft saved

            draft discarded
















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1146861%2fhow-to-set-up-l2tp-client-on-ubuntu-18-04%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown


























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0


















            echo "c myvpn" > /var/run/xl2tpd/l2tp-control executed as root should create ppp0 interface. I did some changes to config files and when I issued this command I found out logs complaining about lock option in /etc/ppp/options.l2tpd.client being unknown (in /var/log/syslog). I removed lock from the config file and now it works.



            My current configuration is pasted below.



            /etc/ipsec.conf:



            config setup

            conn %default
             ikelifetime=60m
             keylife=20m
             rekeymargin=3m
             keyingtries=1
             keyexchange=ikev1
             authby=secret
             ike=aes128-sha1-modp1024,3des-sha1-modp1024!
             esp=aes128-sha1-modp1024,3des-sha1-modp1024!

            conn myvpn
             keyexchange=ikev1
             left=%defaultroute
             auto=add
             authby=secret
             rekey=no
             type=transport
             left=%any
             leftprotoport=17/1701
             rightprotoport=17/1701
             right=VPN_SERVER
             rightid=%any
             dpdaction=clear


            /etc/xl2tpd/xl2tpd.conf:



            [lac myvpn]
            lns = VPN_SERVER
            require chap = yes
            refuse pap = yes
            require authentication = yes
            name = VPN_USER
            ppp debug = yes
            pppoptfile = /etc/ppp/options.l2tpd.client
            length bit = yes


            /etc/ppp/options.l2tpd.client:



            ipcp-accept-local
            ipcp-accept-remote
            require-chap
            #refuse-chap
            refuse-eap
            refuse-pap
            require-mschap
            require-mschap-v2
            noccp
            noauth
            idle 1800
            mtu 1410
            mru 1410
            nodefaultroute
            usepeerdns
            debug
            connect-delay 5000
            name VPN_USER
            password VPN_USER_PASSWORD
            remotename myvpn
            ipparam myvpn


            /etc/network/interfaces:



            iface tunnel inet ppp
            provider myvpn


            Result:



            ~# ifconfig
            enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
             inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
             inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
             ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
             RX packets 822593 bytes 135972174 (135.9 MB)
             RX errors 0 dropped 31185 overruns 0 frame 0
             TX packets 854688 bytes 150862324 (150.8 MB)
             TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

            lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
             inet 127.0.0.1 netmask 255.0.0.0
             inet6 ::1 prefixlen 128 scopeid 0x10<host>
             loop txqueuelen 1000 (Local Loopback)
             RX packets 70050 bytes 5703649 (5.7 MB)
             RX errors 0 dropped 0 overruns 0 frame 0
             TX packets 70050 bytes 5703649 (5.7 MB)
             TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

            ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
             inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
             ppp txqueuelen 3 (Point-to-Point Protocol)
             RX packets 3 bytes 54 (54.0 B)
             RX errors 0 dropped 0 overruns 0 frame 0
             TX packets 3 bytes 54 (54.0 B)
             TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0





            share|improve this answer






























              0


















              echo "c myvpn" > /var/run/xl2tpd/l2tp-control executed as root should create ppp0 interface. I did some changes to config files and when I issued this command I found out logs complaining about lock option in /etc/ppp/options.l2tpd.client being unknown (in /var/log/syslog). I removed lock from the config file and now it works.



              My current configuration is pasted below.



              /etc/ipsec.conf:



              config setup

              conn %default
               ikelifetime=60m
               keylife=20m
               rekeymargin=3m
               keyingtries=1
               keyexchange=ikev1
               authby=secret
               ike=aes128-sha1-modp1024,3des-sha1-modp1024!
               esp=aes128-sha1-modp1024,3des-sha1-modp1024!

              conn myvpn
               keyexchange=ikev1
               left=%defaultroute
               auto=add
               authby=secret
               rekey=no
               type=transport
               left=%any
               leftprotoport=17/1701
               rightprotoport=17/1701
               right=VPN_SERVER
               rightid=%any
               dpdaction=clear


              /etc/xl2tpd/xl2tpd.conf:



              [lac myvpn]
              lns = VPN_SERVER
              require chap = yes
              refuse pap = yes
              require authentication = yes
              name = VPN_USER
              ppp debug = yes
              pppoptfile = /etc/ppp/options.l2tpd.client
              length bit = yes


              /etc/ppp/options.l2tpd.client:



              ipcp-accept-local
              ipcp-accept-remote
              require-chap
              #refuse-chap
              refuse-eap
              refuse-pap
              require-mschap
              require-mschap-v2
              noccp
              noauth
              idle 1800
              mtu 1410
              mru 1410
              nodefaultroute
              usepeerdns
              debug
              connect-delay 5000
              name VPN_USER
              password VPN_USER_PASSWORD
              remotename myvpn
              ipparam myvpn


              /etc/network/interfaces:



              iface tunnel inet ppp
              provider myvpn


              Result:



              ~# ifconfig
              enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
               inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
               inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
               ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
               RX packets 822593 bytes 135972174 (135.9 MB)
               RX errors 0 dropped 31185 overruns 0 frame 0
               TX packets 854688 bytes 150862324 (150.8 MB)
               TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

              lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
               inet 127.0.0.1 netmask 255.0.0.0
               inet6 ::1 prefixlen 128 scopeid 0x10<host>
               loop txqueuelen 1000 (Local Loopback)
               RX packets 70050 bytes 5703649 (5.7 MB)
               RX errors 0 dropped 0 overruns 0 frame 0
               TX packets 70050 bytes 5703649 (5.7 MB)
               TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

              ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
               inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
               ppp txqueuelen 3 (Point-to-Point Protocol)
               RX packets 3 bytes 54 (54.0 B)
               RX errors 0 dropped 0 overruns 0 frame 0
               TX packets 3 bytes 54 (54.0 B)
               TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0





              share|improve this answer




























                0














                0










                0









                echo "c myvpn" > /var/run/xl2tpd/l2tp-control executed as root should create ppp0 interface. I did some changes to config files and when I issued this command I found out logs complaining about lock option in /etc/ppp/options.l2tpd.client being unknown (in /var/log/syslog). I removed lock from the config file and now it works.



                My current configuration is pasted below.



                /etc/ipsec.conf:



                config setup

                conn %default
                 ikelifetime=60m
                 keylife=20m
                 rekeymargin=3m
                 keyingtries=1
                 keyexchange=ikev1
                 authby=secret
                 ike=aes128-sha1-modp1024,3des-sha1-modp1024!
                 esp=aes128-sha1-modp1024,3des-sha1-modp1024!

                conn myvpn
                 keyexchange=ikev1
                 left=%defaultroute
                 auto=add
                 authby=secret
                 rekey=no
                 type=transport
                 left=%any
                 leftprotoport=17/1701
                 rightprotoport=17/1701
                 right=VPN_SERVER
                 rightid=%any
                 dpdaction=clear


                /etc/xl2tpd/xl2tpd.conf:



                [lac myvpn]
                lns = VPN_SERVER
                require chap = yes
                refuse pap = yes
                require authentication = yes
                name = VPN_USER
                ppp debug = yes
                pppoptfile = /etc/ppp/options.l2tpd.client
                length bit = yes


                /etc/ppp/options.l2tpd.client:



                ipcp-accept-local
                ipcp-accept-remote
                require-chap
                #refuse-chap
                refuse-eap
                refuse-pap
                require-mschap
                require-mschap-v2
                noccp
                noauth
                idle 1800
                mtu 1410
                mru 1410
                nodefaultroute
                usepeerdns
                debug
                connect-delay 5000
                name VPN_USER
                password VPN_USER_PASSWORD
                remotename myvpn
                ipparam myvpn


                /etc/network/interfaces:



                iface tunnel inet ppp
                provider myvpn


                Result:



                ~# ifconfig
                enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
                 inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
                 inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
                 ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
                 RX packets 822593 bytes 135972174 (135.9 MB)
                 RX errors 0 dropped 31185 overruns 0 frame 0
                 TX packets 854688 bytes 150862324 (150.8 MB)
                 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

                lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
                 inet 127.0.0.1 netmask 255.0.0.0
                 inet6 ::1 prefixlen 128 scopeid 0x10<host>
                 loop txqueuelen 1000 (Local Loopback)
                 RX packets 70050 bytes 5703649 (5.7 MB)
                 RX errors 0 dropped 0 overruns 0 frame 0
                 TX packets 70050 bytes 5703649 (5.7 MB)
                 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

                ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
                 inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
                 ppp txqueuelen 3 (Point-to-Point Protocol)
                 RX packets 3 bytes 54 (54.0 B)
                 RX errors 0 dropped 0 overruns 0 frame 0
                 TX packets 3 bytes 54 (54.0 B)
                 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0





                share|improve this answer














                echo "c myvpn" > /var/run/xl2tpd/l2tp-control executed as root should create ppp0 interface. I did some changes to config files and when I issued this command I found out logs complaining about lock option in /etc/ppp/options.l2tpd.client being unknown (in /var/log/syslog). I removed lock from the config file and now it works.



                My current configuration is pasted below.



                /etc/ipsec.conf:



                config setup

                conn %default
                 ikelifetime=60m
                 keylife=20m
                 rekeymargin=3m
                 keyingtries=1
                 keyexchange=ikev1
                 authby=secret
                 ike=aes128-sha1-modp1024,3des-sha1-modp1024!
                 esp=aes128-sha1-modp1024,3des-sha1-modp1024!

                conn myvpn
                 keyexchange=ikev1
                 left=%defaultroute
                 auto=add
                 authby=secret
                 rekey=no
                 type=transport
                 left=%any
                 leftprotoport=17/1701
                 rightprotoport=17/1701
                 right=VPN_SERVER
                 rightid=%any
                 dpdaction=clear


                /etc/xl2tpd/xl2tpd.conf:



                [lac myvpn]
                lns = VPN_SERVER
                require chap = yes
                refuse pap = yes
                require authentication = yes
                name = VPN_USER
                ppp debug = yes
                pppoptfile = /etc/ppp/options.l2tpd.client
                length bit = yes


                /etc/ppp/options.l2tpd.client:



                ipcp-accept-local
                ipcp-accept-remote
                require-chap
                #refuse-chap
                refuse-eap
                refuse-pap
                require-mschap
                require-mschap-v2
                noccp
                noauth
                idle 1800
                mtu 1410
                mru 1410
                nodefaultroute
                usepeerdns
                debug
                connect-delay 5000
                name VPN_USER
                password VPN_USER_PASSWORD
                remotename myvpn
                ipparam myvpn


                /etc/network/interfaces:



                iface tunnel inet ppp
                provider myvpn


                Result:



                ~# ifconfig
                enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
                 inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
                 inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
                 ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
                 RX packets 822593 bytes 135972174 (135.9 MB)
                 RX errors 0 dropped 31185 overruns 0 frame 0
                 TX packets 854688 bytes 150862324 (150.8 MB)
                 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

                lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
                 inet 127.0.0.1 netmask 255.0.0.0
                 inet6 ::1 prefixlen 128 scopeid 0x10<host>
                 loop txqueuelen 1000 (Local Loopback)
                 RX packets 70050 bytes 5703649 (5.7 MB)
                 RX errors 0 dropped 0 overruns 0 frame 0
                 TX packets 70050 bytes 5703649 (5.7 MB)
                 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

                ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
                 inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
                 ppp txqueuelen 3 (Point-to-Point Protocol)
                 RX packets 3 bytes 54 (54.0 B)
                 RX errors 0 dropped 0 overruns 0 frame 0
                 TX packets 3 bytes 54 (54.0 B)
                 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0






                share|improve this answer













                share|improve this answer




                share|improve this answer










                answered May 29 at 7:11









                Michal B.Michal B.

                1012 bronze badges




                1012 bronze badges































                    draft saved

                    draft discarded















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1146861%2fhow-to-set-up-l2tp-client-on-ubuntu-18-04%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown









                    -

                    Popular posts from this blog

                    Tamil (spriik) Luke uk diar | Nawigatjuun

                    Image
                    Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
                    Read more

                    Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

                    Image
                    Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
                    Read more

                    Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?

                    Image
                    Extremely casual way to make requests to very close friends Why are Gatwick's runways too close together? AsyncDictionary - Can you break thread safety? Different inverter (logic gate) symbols Y2K... in 2019? Withdrew when Jimmy met up with Heath Christian apologetics regarding the killing of innocent children during the Genesis flood How does 'AND' distribute over 'OR' (Set Theory)? Ex-contractor published company source code and secrets online how to differentiate when a child lwc component is called twice in parent component? Infeasibility in mathematical optimization models How is this kind of structure made? Plausibility of Ice Eaters in the Arctic Tikzpicture - finish drawing a curved line for a cake slice Why is transplanting a specific intact brain impossible if it is generally possible? How to create all combinations from a nested list while preserving the structure using R? What should I call bands of armed men in Medieval T
                    Read more