Package: l2tp-ipsec-vpn Version: 1.0.9-1 Severity: important Dear Maintainer,
I cannot connect to our L2TP server using this package. I've tried a number of troubleshooting steps, including reinstalling the package, changing from Wicd to Network-Manager, putting my password in plain-text (!!) into the config file, setting 'Length Bit' in the GUI, removing the prefix in the shared key file, and more. This doesn't connect, there is no 'tun0' interface created, the IPSec isn't negotiated it seems, and from the VPN side that server doesn't see my computer even trying to connect. I have no local firewall for this computer; an Android phone on the same wireless network connects and stays up without issue, same user account etc. Ubuntu has a closed bug report about this which seems to just have been discarded, https://bugs.launchpad.net/ubuntu/+source/l2tp-ipsec-vpn/+bug/933139 * What led up to the situation At work we're moving from PPTP VPN to L2TP. We have this working rather easily for Android, OSX, and Windows clients, but our Debian clients cannot connect. I worked with two people who had successful connections (fedora and arch) and did set up the GUI/config files the same but no success on Debian. * What exactly did you do (or not do) that was effective (or ineffective)? We compaired my L2TP settings with another two employees (using Fedora and Arch) and they were able to connect using this package, same version (1.0.9). After installing these packages I rebooted to ensure the networking was reset and anything else as well. None of the following steps, or a combo of these, were effective: -In the GUI, I used 'Length Bit' and not -In the GUI, I set the 'Allow these protocols' to CHAP, MS-Chap, MS-CHAPv2 -Commented out "hide-password" in the config file (/etc/ppp/work-vpn.xl2tpd) -Added my password as plain-test (!!) in that config file (password "ABCd1234") -Tried to remove the prefix (0t) before the PSK in /etc/ipsec.secrets -Worked with VPN admin to view logs, which don't seem to show me even trying to connect -Recreated my config without capital letters or dots or dashes in the connection profile name -Changed IPSec from Netkey to Auto in /etc/ipsec.conf * What was the outcome of this action? No connections were made with Debian Stable machines. * What outcome did you expect instead? I expected the connection to be made and the VPN to function, but it does not. Here is my config file: # /etc/ppp/work-vpn.xl2tpd - Options used by PPP when a connection is made by an L2TP daemon # $Id$ # Manual: PPPD(8) # Created: Tue Sep 10 08:46:17 2013 # by: The L2TP IPsec VPN Manager application version 1.0.9 # # WARNING! All changes made in this file will be lost! debug #dump #record /var/log/pppd plugin passprompt.so ipcp-accept-local ipcp-accept-remote idle 72000 ktune noproxyarp asyncmap 0 noauth crtscts lock #hide-password modem noipx ipparam L2tpIPsecVpn-work-vpn promptprog "/usr/bin/L2tpIPsecVpn" refuse-eap refuse-pap remotename "" name "username" password "ABCd1234" Here are the errors I get (debug log in the GUI): Sep 12 07:41:03.424 ipsec_setup: Stopping Openswan IPsec... Sep 12 07:41:05.691 Stopping xl2tpd: xl2tpd. Sep 12 07:41:05.716 xl2tpd[10757]: death_handler: Fatal signal 15 received Sep 12 07:41:05.827 ipsec_setup: Starting Openswan IPsec 2.6.37... Sep 12 07:41:06.240 ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey Sep 12 07:41:06.307 ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY Sep 12 07:41:06.768 ipsec__plutorun: Starting Pluto subsystem... Sep 12 07:41:06.835 recvref[30]: Protocol not available Sep 12 07:41:06.835 xl2tpd[29403]: This binary does not support kernel L2TP. Sep 12 07:41:06.837 Starting xl2tpd: xl2tpd. Sep 12 07:41:06.837 xl2tpd[29404]: xl2tpd version xl2tpd-1.3.1 started on hbomb1500 PID:29404 Sep 12 07:41:06.839 xl2tpd[29404]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Sep 12 07:41:06.839 xl2tpd[29404]: Forked by Scott Balmos and David Stipp, (C) 2001 Sep 12 07:41:06.839 xl2tpd[29404]: Inherited by Jeff McAdams, (C) 2002 Sep 12 07:41:06.840 xl2tpd[29404]: Forked again by Xelerance (www.xelerance.com) (C) 2006 Sep 12 07:41:06.840 xl2tpd[29404]: Listening on IP address 0.0.0.0, port 1701 Sep 12 07:41:06.898 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Sep 12 07:41:07.056 ipsec__plutorun: 022 connection must specify host IP address for our side Sep 12 07:41:07.056 ipsec__plutorun: 037 attempt to load incomplete connection Sep 12 07:42:23.220 Last command timed out Sep 12 07:42:24.269 000 initiating all conns with alias='work-vpn' Sep 12 07:42:24.269 021 no connection named "work-vpn" Sep 12 07:42:24.272 [ERROR 300] 'IPsec' failed to negotiate or establish security associations -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages l2tp-ipsec-vpn depends on: ii gksu 2.0.2-6 ii l2tp-ipsec-vpn-daemon 0.9.9-1 ii libc6 2.13-38 ii libctemplate2 2.2-3 ii libgcc1 1:4.7.2-5 ii libltdl7 2.4.2-1.1 ii libqt4-network 4:4.8.2+dfsg-11 ii libqtcore4 4:4.8.2+dfsg-11 ii libqtgui4 4:4.8.2+dfsg-11 ii libssl1.0.0 1.0.1e-2 ii libstdc++6 4.7.2-5 Versions of packages l2tp-ipsec-vpn recommends: ii libengine-pkcs11-openssl 0.1.8-2+b2 l2tp-ipsec-vpn suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
