my l2tp connection stopped
I was bought a Xen vps and wanna let my friends use l2tp to
connect it. Here is it info.
Linux XXXX 2.6.32-5-amd64 #1 SMP Wed Jan 12 03:40:32 UTC 2011 x86_64 GNU/Linux
Debian GNU/Linux 6.0
My problem is when I use an android to connect with server,
sometime (not more then 1/10) will be successed, others will failure.
server stop response after "STATE_QUICK_R2: IPsec SA established
transport mode {ESP=>0x07d49ece <0x2291ef79 xfrm=3DES_0-HMAC_SHA1
NATOA=none NATD=IP:4500 DPD=none}" in /var/log/auth.log.
I followed this guide(https://humou.net/blog/201102061326.html),
it's written by Chinese so you don't have to read it. Here is my
configure file.
--------------ipsec.conf---------------
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/17,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=MY IP ADDR
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
--------------end of file---------------
--------------ipsec.secrets---------------
216.24.204.70 %any: PSK "My PSK"
--------------end of file---------------
------/etc/xl2tpd/xl2tpd.conf-----
[global] ; Global parameters:
ipsec saref = yes
[lns default] ; Our fallthrough LNS definition
exclusive = no ; * Only permit one tunnel per host
ip range = 192.168.235.10-192.168.235.254 ; * Allocate from this IP range
local ip = 192.168.235.1 ; * Our local IP to use
length bit = yes ; * Use length bit in payload?
refuse pap = yes ; * Refuse PAP authentication
refuse chap = yes ; * Refuse CHAP authentication
require authentication = yes ; * Require peer to authenticate
ppp debug = yes ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.xl2tpd
--------------end of file---------------
------/etc/ppp/options.xl2tpd-----
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
mtu 1410
mru 1410
nodefaultroute
lcp-echo-interval 30
lcp-echo-failure 6
#idle 1800
connect-delay 10000
--------------end of file---------------
-------------IPTABLES--------------
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT udp -- anywhere anywhere udp dpt:l2f
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
ACCEPT udp -- anywhere anywhere udp dpt:4500
--------------end of file---------------
-------------sysctl---------------------
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
--------------end of file---------------
My problem is similar with this
one(http://ubuntuforums.org/archive/index.php/t-1317361.html), but all
suggestion not work in my server.
Did anybody seen this problem before? Any suggestion will be appreciated.
Reply to: