Billion UK Forum

Any guides available in setting up the L2TP over IPsec VPN server on the 7800DX's latest firmware?

Same issues here, just installed the latest firmware and followed the L2TP configuration section of the manual, but am getting errors around IPSEC.

Anyone managed to get the L2TP Server (over IPSEC) working?

jas_nz wrote:Same issues here, just installed the latest firmware and followed the L2TP configuration section of the manual, but am getting errors around IPSEC.

Anyone managed to get the L2TP Server (over IPSEC) working?

Tested working here, see the attached screen shots with a win 7 machine as client

Thanks, tried both Android and Windows 8.1 L2TP VPN.

Your config is basically the same as what is in the manual and I have tried using identical settings.

PPTP VPN works fine, but L2TP does not (I even made sure the PPTP server was disabled)

Log file below - error seems to indicate an issue with the Preshared Key

Feb 4 11:21:30 daemon err ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...
Feb 4 11:21:31 daemon err ipsec_setup: Using NETKEY(XFRM) stack
Feb 4 11:21:32 authpriv err ipsec__plutorun: Starting Pluto subsystem...
Feb 4 11:21:32 user warn syslog: adjusting ipsec.d to /var/ipsec.d
Feb 4 11:21:32 authpriv warn pluto[29097]: WARNING: 1DES is enabled
Feb 4 11:21:32 authpriv warn pluto[29097]: LEAK_DETECTIVE support [disabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: OCF support for IKE [disabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: NSS support [disabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: HAVE_STATSD notification support not compiled in
Feb 4 11:21:32 authpriv warn pluto[29097]: Setting NAT-Traversal port-4500 floating to on
Feb 4 11:21:32 authpriv warn pluto[29097]: port floating activation criteria nat_t=1/port_float=1
Feb 4 11:21:32 authpriv warn pluto[29097]: NAT-Traversal support [enabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: using /dev/urandom as source of random entropy
Feb 4 11:21:32 daemon err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d
Feb 4 11:21:32 authpriv warn pluto[29097]: starting up 1 cryptographic helpers
Feb 4 11:21:32 authpriv warn pluto[29097]: started helper pid=29102 (fd:6)
Feb 4 11:21:32 authpriv warn pluto[29102]: using /dev/urandom as source of random entropy
Feb 4 11:21:32 daemon err ipsec_setup: ...Openswan IPsec started
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: added connection description "home"
Feb 4 11:21:35 daemon err ipsec__plutorun: 002 added connection description "home"
Feb 4 11:21:35 authpriv warn pluto[29097]: listening for IKE messages
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface ppp0.1/ppp0.1 58.166.16.218:500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface ppp0.1/ppp0.1 58.166.16.218:4500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface br0/br0 10.0.0.254:500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface br0/br0 10.0.0.254:4500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface lo/lo 127.0.0.1:500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface lo/lo 127.0.0.1:4500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface lo/lo ::1:500
Feb 4 11:21:35 authpriv warn pluto[29097]: loading secrets from "/var/ipsec.secrets"
Feb 4 11:21:37 authpriv warn pluto[29097]: "home": deleting connection
Feb 4 11:21:37 authpriv warn pluto[29097]: added connection description "home"
Feb 4 11:21:37 daemon info xl2tpd[29546]: Enabling IPsec SAref processing for L2TP transport mode SAs
Feb 4 11:21:37 daemon warn xl2tpd[29546]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
Feb 4 11:21:37 daemon crit xl2tpd[29546]: setsockopt recvref[30]: Protocol not available
Feb 4 11:21:37 daemon info xl2tpd[29546]: This binary does not support kernel L2TP.
Feb 4 11:21:37 daemon info xl2tpd[29547]: xl2tpd version xl2tpd-1.3.1 started on home.gateway PID:29547
Feb 4 11:21:37 daemon info xl2tpd[29547]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 4 11:21:37 daemon info xl2tpd[29547]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 4 11:21:37 daemon info xl2tpd[29547]: Inherited by Jeff McAdams, (C) 2002
Feb 4 11:21:37 daemon info xl2tpd[29547]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 4 11:21:37 daemon info xl2tpd[29547]: Listening on IP address 58.166.16.218, port 1701
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG

jas_nz wrote:Thanks, tried both Android and Windows 8.1 L2TP VPN.

Your config is basically the same as what is in the manual and I have tried using identical settings.

PPTP VPN works fine, but L2TP does not (I even made sure the PPTP server was disabled)

Log file below - error seems to indicate an issue with the Preshared Key

Feb 4 11:21:30 daemon err ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...
Feb 4 11:21:31 daemon err ipsec_setup: Using NETKEY(XFRM) stack
Feb 4 11:21:32 authpriv err ipsec__plutorun: Starting Pluto subsystem...
Feb 4 11:21:32 user warn syslog: adjusting ipsec.d to /var/ipsec.d
Feb 4 11:21:32 authpriv warn pluto[29097]: WARNING: 1DES is enabled
Feb 4 11:21:32 authpriv warn pluto[29097]: LEAK_DETECTIVE support [disabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: OCF support for IKE [disabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: NSS support [disabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: HAVE_STATSD notification support not compiled in
Feb 4 11:21:32 authpriv warn pluto[29097]: Setting NAT-Traversal port-4500 floating to on
Feb 4 11:21:32 authpriv warn pluto[29097]: port floating activation criteria nat_t=1/port_float=1
Feb 4 11:21:32 authpriv warn pluto[29097]: NAT-Traversal support [enabled]
Feb 4 11:21:32 authpriv warn pluto[29097]: using /dev/urandom as source of random entropy
Feb 4 11:21:32 daemon err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d
Feb 4 11:21:32 authpriv warn pluto[29097]: starting up 1 cryptographic helpers
Feb 4 11:21:32 authpriv warn pluto[29097]: started helper pid=29102 (fd:6)
Feb 4 11:21:32 authpriv warn pluto[29102]: using /dev/urandom as source of random entropy
Feb 4 11:21:32 daemon err ipsec_setup: ...Openswan IPsec started
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
Feb 4 11:21:35 authpriv warn pluto[29097]: added connection description "home"
Feb 4 11:21:35 daemon err ipsec__plutorun: 002 added connection description "home"
Feb 4 11:21:35 authpriv warn pluto[29097]: listening for IKE messages
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface ppp0.1/ppp0.1 58.166.16.218:500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface ppp0.1/ppp0.1 58.166.16.218:4500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface br0/br0 10.0.0.254:500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface br0/br0 10.0.0.254:4500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface lo/lo 127.0.0.1:500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface lo/lo 127.0.0.1:4500
Feb 4 11:21:35 authpriv warn pluto[29097]: adding interface lo/lo ::1:500
Feb 4 11:21:35 authpriv warn pluto[29097]: loading secrets from "/var/ipsec.secrets"
Feb 4 11:21:37 authpriv warn pluto[29097]: "home": deleting connection
Feb 4 11:21:37 authpriv warn pluto[29097]: added connection description "home"
Feb 4 11:21:37 daemon info xl2tpd[29546]: Enabling IPsec SAref processing for L2TP transport mode SAs
Feb 4 11:21:37 daemon warn xl2tpd[29546]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
Feb 4 11:21:37 daemon crit xl2tpd[29546]: setsockopt recvref[30]: Protocol not available
Feb 4 11:21:37 daemon info xl2tpd[29546]: This binary does not support kernel L2TP.
Feb 4 11:21:37 daemon info xl2tpd[29547]: xl2tpd version xl2tpd-1.3.1 started on home.gateway PID:29547
Feb 4 11:21:37 daemon info xl2tpd[29547]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 4 11:21:37 daemon info xl2tpd[29547]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 4 11:21:37 daemon info xl2tpd[29547]: Inherited by Jeff McAdams, (C) 2002
Feb 4 11:21:37 daemon info xl2tpd[29547]: Forked again by Xelerance (http://www.xelerance.com) (C) 2006
Feb 4 11:21:37 daemon info xl2tpd[29547]: Listening on IP address 58.166.16.218, port 1701
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:18 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:20 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:23 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [RFC 3947] method set to=115
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: ignoring Vendor ID payload [IKE CGA version 1]
Feb 4 11:32:27 authpriv warn pluto[29097]: packet from 110.141.44.71:500: initial Main Mode message received on 58.166.16.218:500 but no connection has been authorized with policy=RSASIG

Working here, just tested it with my samsung note 3 running andriod and everything was fine.

See the attached screen shots, when I google whats my ip, its shows the routers WAN IP so its working

I can only assume it must a setup issue