DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th August 2019
rdikarlus rdikarlus is offline
Real Name: Carlosn
Port Guard
 
Join Date: Nov 2018
Location: IBZ ISLAND
Posts: 28
Default L2TP-IPSec VPN on OpenBSD

Hi all,

I am trying to connect my OpenBSD home laptop to my office VPN that's a L2TP-IPSec VPN. I followed the following guide I found by googling with no success:

https://www.findelabs.com/post/conne...2tp-ipsec-vpn/

The mail reason is:

# ipsecctl -f /etc/ipsec.conf
no IP address found for xxx.xxx.x.xx
/etc/ipsec.conf: 1: could not parse host specification
ipsecctl: Syntax error in config file: ipsec rules not loaded


Can you please me show a good place where to find a how-to?

Thanks
Reply With Quote
  #2   (View Single Post)  
Old 18th August 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,788
Default

You have a syntax error in your ipsec.conf(5) file. Please refer to the man page. If you have further questions, please post the contents of the file, redacting private information.
Reply With Quote
  #3   (View Single Post)  
Old 25th August 2019
rdikarlus rdikarlus is offline
Real Name: Carlosn
Port Guard
 
Join Date: Nov 2018
Location: IBZ ISLAND
Posts: 28
Default

I want to connect to my office L2TP based VPN. Here's my configuration:

/etc/xl2tpd/xl2tpd.conf
[global]
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
port = 1701

[lac l2tp]
lns = VPN server IP HERE
ppp debug = yes


/etc/ppp/chap.secrets




client * VPN PASSWORD HERE *


/etc/ppp/options.l2tp

ipcp-accept-local
ipcp-accept-remote
noccp
noauth
mtu 1456
mru 1456
debug
lock
user VPN USER HERE
netmask 255.255.255.255

/etc/ipsec.conf

ike dynamic esp transport proto udp from egress to VPN SERVER IP port 1701 \
main auth "hmac-sha" enc "aes" group modp2048 \
quick auth "hmac-sha" enc "aes" \
psk VPN USER PASSWD HERE

I enable the following services:

rcctl enable ipsec isakmpd xl2tpd
rcctl set isakmpd flags -K
rcctl start isakmpd xlt2pd

I do this:

route add -priority 2 <vpn ip> <my ip>
ifconfig ppp0 up


ipsecctl -f /etc/ipsec.conf

No more error messages now with my updated configuration


But when executing:
ipsecctl -sa


There is no traffic, the VPN CONNECTION DOES NOT ESTABLISH. An Ubuntu linux machine connects great.

What am I doing wrong ? any idea?

Thanks,
Reply With Quote
  #4   (View Single Post)  
Old 25th August 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,788
Default

Review your PF configuration. You must pass:
  • Encapsulating IPSec traffic when PF is enabled. See enc(4).
  • ESP/AH protocol traffic. See ipsec(4).
  • UDP key management traffic on port 500 (and 4500 for NAT traversal) to establish and maintain the SAs. See isakmpd(8).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
L2TP IPSEC VPN connectivity toprank OpenBSD Security 2 30th March 2018 04:03 PM
IPSEC/L2TP VPN with Android joker72 OpenBSD General 1 13th August 2017 11:27 AM
IPSEC,CARP,sasyncd -- IPSEC failover is weird da1 OpenBSD Security 4 24th June 2017 12:09 PM
L2TP/IPSEC configuration error chigurh OpenBSD Security 8 1st December 2016 02:41 PM
OpenBSD L2TP/IPSec VPN for road warriors / mobiles bsdnut82 Guides 0 12th August 2015 09:48 PM


All times are GMT. The time now is 09:53 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick