L2TP VPN client

Sat, 22 Jun 2019 19:31:43 -0700 

debian-user:
I have an L2TP VPN server that allows incoming connections from clients who have the following four (4) items: 

1.  IP address or DNS name of the L2TP VPN server.

2.  Pre-shared key.

3.  User name.

4.  User password.


I am able to connect to the L2TP VPN server using macOS.


I would like to connect to the L2TP VPN server using Debian:

2019-06-22 19:01:05 root@tinkywinky ~
# cat /etc/debian_version ; uname -a
9.9

Linux tinkywinky 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 
(2019-05-13) x86_64 GNU/Linux


2019-06-22 19:04:04 root@tinkywinky ~
# dpkg-query --show xfce4
xfce4   4.12.3


STFW I see:

https://www.bestvpnz.com/tutorials/how-to-set-up-l2tp-ipsec-vpn-on-linux-networkmanager-strongswan/


I have installed:

2019-06-22 19:04:11 root@tinkywinky ~
# dpkg-query --show xl2tpd strongswan network-manager-strongswan
network-manager-strongswan      1.4.1-1
strongswan      5.5.1-4+deb9u4
xl2tpd  1.3.8+dfsg-1



The Network Manager GUI does not have a field for the pre-shared key, so 
I have put the key into a file:


2019-06-22 19:08:24 root@tinkywinky ~
# vi l2tp-key

2019-06-22 19:12:08 root@tinkywinky ~
# mv l2tp-key /home/dpchrist/.

2019-06-22 19:13:05 root@tinkywinky ~
# chown dpchrist.dpchrist /home/dpchrist/l2tp-key

2019-06-22 19:13:20 root@tinkywinky ~
# chmod 0400 /home/dpchrist/l2tp-key


I created a network connection using the Network Manager GUI applet:

        Xfce Applications Menu -> Settings -> Network Connections ->
        Add -> IPsec/IKEv2 (strongswan) -> Create...:

            Connection name                 l2tp

        -> VPN

            Gateway
            Address                         <IP address of server>
            Certificate                     l2tp-key

            Client
            Authentication                  Pre-shared key
            Username                        dpchrist
            Password                        Store the password only for this 
user
                                            <20 characters)

            Options
            Request an inner IP address     checked
            Enforce UDP encapsulation       checked
            Use IP compression              checked

            Save

When I attempt to connect:

Xfce panel -> Notification Area -> network -> VPN Connections -> l2tp:



Nothing happens -- no visible change to network icon, no connection 
shown by ifconfig(8), ping to inner LAN times out, etc..  But there are 
clues in the logs:


2019-06-22 19:25:22 root@tinkywinky ~
# tail -n 4 /var/log/messages

Jun 22 19:24:56 tinkywinky NetworkManager[547]: <info> 
[1561256696.6007] audit: op="connection-activate" 
uuid="a11a27a6-11c9-4906-998a-3471e8f68500" name="192.168.1.133" pid=993 
uid=13250 result="success"
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <info> 
[1561256696.6029] 
vpn-connection[0x558a8bffe810,a11a27a6-11c9-4906-998a-3471e8f68500,"192.168.1.133",0]: 
Saw the service appear; activating connection
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <info> 
[1561256696.7092] 
vpn-connection[0x558a8bffe810,a11a27a6-11c9-4906-998a-3471e8f68500,"192.168.1.133",0]: 
VPN connection: (ConnectInteractive) reply received
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <warn> 
[1561256696.7146] 
vpn-connection[0x558a8bffe810,a11a27a6-11c9-4906-998a-3471e8f68500,"192.168.1.133",0]: 
VPN connection: failed to connect: 'Loading gateway certificate failed.'




STFW the problem seems to be the lack of an edit box for the pre-shared 
key in the Network Manager GUI applet for such connections:


https://askubuntu.com/questions/586751/where-to-add-the-pre-shared-key-for-the-server-authentication-with-network-manag


Has anyone found a solution or work-around for Debian?


David























					Reply via email to