Setting up an L2TP/IPSec client

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Setting up an L2TP/IPSec client

Postby chris » Wed Jun 18, 2014 2:45 pm

Hi,

I am trying unsuccessfully to set up an L2TP?IPSec client on Ubuntu 13.04 but have fallen at the first hurdle. I have downloaded the appropriate files - 'l2tp-ipsec-vpn', 'l2tp-ipsec-vpn-daemon' and 'openswan'. and have configured network manager, and used the command 'ipsec verify'. The output from that command follows:

chris@chris-PC2:~$ ipsec verify
To check this machine, you need to run "ipsec verify" as root.
chris@chris-PC2:~$ sudo ipsec verify
[sudo] password for chris:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.38/K(no kernel code presently loaded)
Checking for IPsec support in kernel [FAILED]
SAref kernel support [N/A]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]


It appears from this (to me, anyway) that the current kernel does not support L2TP/IPSec. Is there anything I can do about it?

Also, I was expecting to need a configuration file like the file 'client.conf' for OpenVpn but have not found one..

Any help would be greatly appreciated as I had never heard of L2TP/IOSec until this week
chris
 
Posts: 22
Joined: Thu Jul 11, 2013 4:14 pm
Location: Kent

Postby Dutch_Master » Wed Jun 18, 2014 3:14 pm

This is where it goes wrong:
Checking for IPsec support in kernel [FAILED]

It means that the kernel cannot support IPSec, as it hasn't been told to do so. You'd need to either rebuild your existing kernel with IPSec enabled, or build a new kernel with that option. In either case, you need the build-essential package installed (more: its dependencies ;) ) as well as the appropriate kernel source.

A more accurate way of determining if the kernel supports IPSec is reading the .config file. Locate the .config file for your kernel, then:
Code: Select all
cat /full//path/to/.config | grep ipsec
If nothing comes up, or the indication contains "false" or "0" (zero, Boolean notation) the kernel is NOT configured for IPSec.
Dutch_Master
LXF regular
 
Posts: 2445
Joined: Tue Mar 27, 2007 1:49 am

Postby chris » Thu Jun 19, 2014 9:15 am

Thanks Dutch_Master,

Unfortunately I made a typo and it is not Ubuntu 13.04 that I am using but Ubuntu 14.04 64-bit.

I have made some progress in that it now tries to connect whereas before it refused at startup to even attempt to connect.

I now the the following:

Jun 19 09:32:24.412 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-29-generic...
Jun 19 09:32:24.664 ipsec__plutorun: Starting Pluto subsystem...
Jun 19 09:32:24.670 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jun 19 09:32:24.673 recvref[30]: Protocol not available
Jun 19 09:32:24.674 xl2tpd[3142]: This binary does not support kernel L2TP.
Jun 19 09:32:24.674 Starting xl2tpd: xl2tpd.
Jun 19 09:32:24.675 xl2tpd[3144]: xl2tpd version xl2tpd-1.3.6 started on chris-PC2 PID:3144
Jun 19 09:32:24.676 xl2tpd[3144]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 19 09:32:24.676 xl2tpd[3144]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 19 09:32:24.677 xl2tpd[3144]: Inherited by Jeff McAdams, (C) 2002
Jun 19 09:32:24.677 xl2tpd[3144]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Jun 19 09:32:24.677 xl2tpd[3144]: Listening on IP address 0.0.0.0, port 1701
Jun 19 09:32:24.786 ipsec__plutorun: 002 added connection description "IDC"
Jun 19 09:33:44.388 Last command timed out
Jun 19 09:33:44.398 xl2tpd[3144]: death_handler: Fatal signal 15 received
Jun 19 09:33:44.399 Stopping xl2tpd: xl2tpd.
Jun 19 09:33:44.404 ipsec_setup: Stopping Openswan IPsec...

I don't know the significance, if any, of 'recvref[30]: Protocol not available'

or

what to do about: 'xl2tpd[3142]: This binary does not support kernel L2TP'

Any help available, please?
chris
 
Posts: 22
Joined: Thu Jul 11, 2013 4:14 pm
Location: Kent


Return to Help!

Who is online

Users browsing this forum: No registered users and 0 guests