Hello, Thanks for the reply,
It turns out this was caused by a bad switch configuration (VLAN). I configured the switch according this guide: http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.6/network_setup.html Best regards, Emil On Thu, Apr 21, 2022 at 6:02 PM Ricardo Pertuz <ricardo.per...@kuasar.co> wrote: > Hi, > > Try only using MSCHAPv2, > > Regards, > > Ricardo > > From: Emil Karlsson <emi...@kth.se> > Reply-To: "users@cloudstack.apache.org" <users@cloudstack.apache.org> > Date: Thursday, 21 April 2022, 9:51 AM > To: "users@cloudstack.apache.org" <users@cloudstack.apache.org> > Subject: Problem connecting to VPN > > Hi all, > > I am experiencing issues with VPN. > I have set up an isolated network with a VPN, but can't connect to it. > > On my own device I setup a L2TP/IPsec VPN with the preshared key from > CloudStack. > > The server is located behind a NAT, so the ports 500, 1701 and 4500 UDP > are forwarded to the isolated network's public ip in CloudStack. > > It seems as if the initial setup is done by reading the tail of journalctl > on my local machine, but right after that an error code is received which > kills the VPN connection. > > Error message: > Apr 21 13:55:50 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: Listening on IP address 0.0.0.0, port > 36337 > Apr 21 13:55:50 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: Connecting to host 130.237.83.249, > port 1701 > Apr 21 13:55:50 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: Connection established to > 130.237.83.249, 1701. Local: 56329, Remote: 37074 (ref=0/0). > Apr 21 13:55:50 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: Calling on tunnel 56329 > Apr 21 13:55:50 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: Call established with 130.237.83.249, > Local: 60132, Remote: 14169, Serial: 1 (ref=0/0) > Apr 21 13:55:50 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: control_finish: Connection closed to > 130.237.83.249, serial 1 () > Apr 21 13:56:04 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12295]: xl2tpd[12295]: death_handler: Fatal signal 15 > received > Apr 21 13:56:04 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[910]: <warn> [1650542164.6400] > vpn-connection[0x5592c68440c0,eb332772-87fc-4d85-a0f5-d7f15c797487,"VPN > 1",0]: VPN plugin: failed: connect-failed (1) > Apr 21 13:56:04 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[910]: <warn> [1650542164.6402] > vpn-connection[0x5592c68440c0,eb332772-87fc-4d85-a0f5-d7f15c797487,"VPN > 1",0]: VPN plugin: failed: connect-failed (1) > Apr 21 13:56:04 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[910]: <info> [1650542164.6404] > vpn-connection[0x5592c68440c0,eb332772-87fc-4d85-a0f5-d7f15c797487,"VPN > 1",0]: VPN plugin: state changed: stopping (5) > Apr 21 13:56:04 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > NetworkManager[12302]: Stopping strongSwan IPsec... > Apr 21 13:56:04 n177-p213.eduroam.kth.se<http://n177-p213.eduroam.kth.se> > charon[12262]: 00[DMN] SIGINT received, shutting down > > > To access the server-side I used ssh to access the virtual router for the > Isolated network. When reading the tail of journalctl I find the following > error message, which appears every time a VPN-connection is attempted. > Error message: > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: Connection established to <hidden > client ip>, 52956. Local: 32408, Remote: 36988 (ref=0/0). LNS session is > 'default' > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: start_pppd: I'm running: > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "/usr/sbin/pppd" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "plugin" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp.so" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "7" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp_lns_mode" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp_tunnel_id" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "32408" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp_session_id" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "54146" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "passive" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "nodetach" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "10.1.2.1:10.1.2.2" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "refuse-pap" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "file" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "/etc/ppp/options.xl2tpd" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: Call established with <hidden client > ip>, PID: 120925, Local: 54146, Remote: 64867, Serial: 1 > Apr 21 11:58:51 r-5-VM pppd[120925]: Plugin pppol2tp.so loaded. > Apr 21 11:58:51 r-5-VM pppd[120925]: The remote system is required to > authenticate itself > Apr 21 11:58:51 r-5-VM pppd[120925]: but I couldn't find any suitable > secret (password) for it to use to do so. > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: write_packet: tty is not open yet. > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: write_packet: tty is not open yet. > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: child_handler : pppd exited for call > 64867 with code 1 > > > The client VPN is 'default'-configured on a Fedora 35 using packages > Networkmanager-l2tp and networkmanager-l2tp-gnome . It is set up to accept > any authentication protocol (PEP, CHAP, MSCHAP, MSCHAPv2, EAP). We use > credentials from a VPN-user in CloudStack (created under Manage VPN User). > See image below: > > [cid:ii_l28ys9us2] > > [cid:ii_l28ysdzu3] > > Thanks in advance, > > Best regards, > Emil >
