Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Linux client connect with IPSec - how? (Need instruction)
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
Hello!
A few users running Ubuntu Linux from home and need to connect using IPSec.
I installed l2tp-ipsec-vpn , but when I try to connect I get error:
[ERROR 300] 'IPsec' failed to negotiate or establish security associations

Please, tell how Linux clients can use Kerio IPSec VPN right way.

Thank's!

[Updated on: Sat, 01 March 2014 22:42]


Best regards.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
1. Type in Ubuntu terminal: gsettings set com.canonical.Unity.Panel systray-whitelist "['all']"

- Requires a relog/reboot. Enables the L2TP IPsec VPN Manager panel icon. GUI to configuring your L2TP/IPsec connections.

2. Configure Kerio IPsec server to use Pre-shared keys. Use this key when configuring Ubuntu.

3. Using the L2TP IPsec VPN manager, configure a new connection using Pre-shared keys for IPsec. Enter the PSK you used earlier. In the PPP tab, select "Allow these protocols". Select all protocols (default). Enter Username and Password.

4. Connect.

https://my.hostvpn.com/knowledgebase/11/L2TPorIPSec-Connecti on-from-Ubuntu-Desktop-1204.html

Use that URL as a guideline. It won't be exact since it is for HostVPN.com.
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
I do all of this, but can't connect.
Here is logs:
./fa/3334/0/


Best regards.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
How did you install l2tp-ipsec-vpn? I used aptitude. I've heard of issues with apt-get missing dependencies with certain packages.

Here are my log messages for a successful connection [just the section that matches your pic. No site specific information]:

Mar 03 17:05:56.656 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-59-generic...
Mar 03 17:05:56.807 ipsec__plutorun: Starting Pluto subsystem...
Mar 03 17:05:56.813 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Mar 03 17:05:56.825 recvref[30]: Protocol not available
Mar 03 17:05:56.826 xl2tpd[3492]: This binary does not support kernel L2TP.
Mar 03 17:05:56.827 Starting xl2tpd: xl2tpd.
Mar 03 17:05:56.828 xl2tpd[3496]: xl2tpd version xl2tpd-1.3.1 started on ubuntu PID:3496
Mar 03 17:05:56.828 xl2tpd[3496]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Mar 03 17:05:56.828 xl2tpd[3496]: Forked by Scott Balmos and David Stipp, (C) 2001
Mar 03 17:05:56.828 xl2tpd[3496]: Inherited by Jeff McAdams, (C) 2002
Mar 03 17:05:56.828 xl2tpd[3496]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Mar 03 17:05:56.829 xl2tpd[3496]: Listening on IP address 0.0.0.0, port 1701

It looks very similar except for the Pluto messages. Did you try a full reboot?
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
silars , I installed with command:
sudo apt-get install l2tp-ipsec-vpn

After full reboot situation absolutely same.
I tried to connect to another Kerio IPSec VPN server, situation same again.
Pluto seems to be ok:
./fa/3336/0/

[Updated on: Sun, 02 March 2014 18:22]


Best regards.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
Have you been able to connect any IPsec client to Control? I used Windows for testing before trying Ubuntu.
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
Yes, Windows, OS X, iOS, Android connect very well...

Best regards.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
So, the only way I've been able to duplicate your issue is to check "Disable IPSEC Encryption". I don't believe you are doing that, but thought it was worth stating it.

However, the other issue I'm having right now is that I can only get PAP to work, which is far from optimal. Fortunately, I'm doing this in a test environment.

Selecting only the CHAP options results in a failure to negotiate during PPP.
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
Hm, I deleted configuration and created a new one, only with PAP - and it's work now!

Best regards.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
Excellent!

I'm not super excited about being limited to PAP. However, if the IPsec encryption is established before the PPP session is attempted, then the username/password should be protected. I would certainly attempt a packet capture of your VPN session to confirm you aren't exposing highly sensitive information.
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
On Windows client I select only MS-CHAP v2, and it's work ok.
By the way, maybe you know, iOS and Android use PAP or MS-CHAP v2?

Best regards.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
I also have no problems with MS-CHAPv2 with Windows.

I'm not sure what Android or iOS uses. Good question.
  •  
d.kagarlickij

Messages: 22
Karma: 1
Send a private message to this user
Interesting, can we disable PAP?

Best regards.
Previous Topic: how to get Top Visited Websites for user with api
Next Topic: Pages sometime cannot be opened.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Aug 18 22:00:14 CEST 2017

Total time taken to generate the page: 0.00505 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.