L2TP VPN client
debian-user:
I have an L2TP VPN server that allows incoming connections from clients
who have the following four (4) items:
1. IP address or DNS name of the L2TP VPN server.
2. Pre-shared key.
3. User name.
4. User password.
I am able to connect to the L2TP VPN server using macOS.
I would like to connect to the L2TP VPN server using Debian:
2019-06-22 19:01:05 root@tinkywinky ~
# cat /etc/debian_version ; uname -a
9.9
Linux tinkywinky 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2
(2019-05-13) x86_64 GNU/Linux
2019-06-22 19:04:04 root@tinkywinky ~
# dpkg-query --show xfce4
xfce4 4.12.3
STFW I see:
https://www.bestvpnz.com/tutorials/how-to-set-up-l2tp-ipsec-vpn-on-linux-networkmanager-strongswan/
I have installed:
2019-06-22 19:04:11 root@tinkywinky ~
# dpkg-query --show xl2tpd strongswan network-manager-strongswan
network-manager-strongswan 1.4.1-1
strongswan 5.5.1-4+deb9u4
xl2tpd 1.3.8+dfsg-1
The Network Manager GUI does not have a field for the pre-shared key, so
I have put the key into a file:
2019-06-22 19:08:24 root@tinkywinky ~
# vi l2tp-key
2019-06-22 19:12:08 root@tinkywinky ~
# mv l2tp-key /home/dpchrist/.
2019-06-22 19:13:05 root@tinkywinky ~
# chown dpchrist.dpchrist /home/dpchrist/l2tp-key
2019-06-22 19:13:20 root@tinkywinky ~
# chmod 0400 /home/dpchrist/l2tp-key
I created a network connection using the Network Manager GUI applet:
Xfce Applications Menu -> Settings -> Network Connections ->
Add -> IPsec/IKEv2 (strongswan) -> Create...:
Connection name l2tp
-> VPN
Gateway
Address <IP address of server>
Certificate l2tp-key
Client
Authentication Pre-shared key
Username dpchrist
Password Store the password only for this user
<20 characters)
Options
Request an inner IP address checked
Enforce UDP encapsulation checked
Use IP compression checked
Save
When I attempt to connect:
Xfce panel -> Notification Area -> network -> VPN Connections -> l2tp:
Nothing happens -- no visible change to network icon, no connection
shown by ifconfig(8), ping to inner LAN times out, etc.. But there are
clues in the logs:
2019-06-22 19:25:22 root@tinkywinky ~
# tail -n 4 /var/log/messages
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <info>
[1561256696.6007] audit: op="connection-activate"
uuid="a11a27a6-11c9-4906-998a-3471e8f68500" name="192.168.1.133" pid=993
uid=13250 result="success"
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <info>
[1561256696.6029]
vpn-connection[0x558a8bffe810,a11a27a6-11c9-4906-998a-3471e8f68500,"192.168.1.133",0]:
Saw the service appear; activating connection
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <info>
[1561256696.7092]
vpn-connection[0x558a8bffe810,a11a27a6-11c9-4906-998a-3471e8f68500,"192.168.1.133",0]:
VPN connection: (ConnectInteractive) reply received
Jun 22 19:24:56 tinkywinky NetworkManager[547]: <warn>
[1561256696.7146]
vpn-connection[0x558a8bffe810,a11a27a6-11c9-4906-998a-3471e8f68500,"192.168.1.133",0]:
VPN connection: failed to connect: 'Loading gateway certificate failed.'
STFW the problem seems to be the lack of an edit box for the pre-shared
key in the Network Manager GUI applet for such connections:
https://askubuntu.com/questions/586751/where-to-add-the-pre-shared-key-for-the-server-authentication-with-network-manag
Has anyone found a solution or work-around for Debian?
David
Reply to: