• 13

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I have a virtual appliance running Ubuntu 14 that I would like to connect to a remote network via Meraki Client VPN.

I have found instructions for installing and configuring strongswan and xl2tpd on Ubuntu 16 which get me most of the way there, but after establishing the VPN I cannot seem to establish a route.

The goal is allow traffic from this single Ubuntu VM to a subnet on the remote LAN via the VPN.

(Ubuntu =VPN> (Meraki appliance => (Subnet

https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn-on-ubuntu-16-04/


# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default

conn meraki-vpn
     # set this to the ip address of your meraki vpn

/etc/xl2tpd/xl2tpd.conf :

[lac meraki]
lns =
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

I can bring up the VPN:

root@zzz:~# ipsec up meraki-vpn
connection 'meraki-vpn' established successfully


echo "c meraki me@mydomain.com mypassword" > /var/run/xl2tpd/l2tp-control

But I cannot get a route setup. Attempting to follow the magic recipes result errors. I can't figure if this is some xl2tpd config problem, or if I just can't figure the correct syntax to add the route. Any insight would be appreciated.

root@zzz:~# ip route add dev ppp0
Cannot find device "ppp0"

ipsec statusall :

Status of IKE charon daemon (strongSwan 5.1.2, Linux 4.2.0-42-generic, x86_64):
  uptime: 20 hours, since Oct 19 19:30:38 2016
  malloc: sbrk 2433024, mmap 0, used 352240, free 2080784
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4
  loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
Listening IP addresses:
  meraki-vpn:  %any...  IKEv1
  meraki-vpn:   local:  [] uses pre-shared key authentication
  meraki-vpn:   remote: [] uses pre-shared key authentication
  meraki-vpn:   child:  dynamic[udp/l2f] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
  meraki-vpn[4]: ESTABLISHED 8 minutes ago,[]...[]
  meraki-vpn[4]: IKEv1 SPIs: 2121ded4dc4dc94e_i* 3d5d1cc8bf935f19_r, pre-shared key reauthentication in 48 minutes
  meraki-vpn[4]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  meraki-vpn{5}:  INSTALLED, TRANSPORT, ESP in UDP SPIs: c330d0b3_i 06749ffa_o
  meraki-vpn{5}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 8 minutes
  meraki-vpn{5}:[udp/l2f] ===[udp/l2f]

ifconfig :

eth0      Link encap:Ethernet  HWaddr 00:0c:29:5f:9c:73  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::20c:29ff:fe5f:9c73/64 Scope:Link
          RX packets:459939 errors:0 dropped:0 overruns:0 frame:0
          TX packets:362145 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:78969068 (78.9 MB)  TX bytes:52179997 (52.1 MB)

lo        Link encap:Local Loopback  
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:427152 errors:0 dropped:0 overruns:0 frame:0
          TX packets:427152 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:25278435 (25.2 MB)  TX bytes:25278435 (25.2 MB) 


      • 1
    • Guess I'm just SOL here. Why doesn't the ppp0 interface appear? Should this be created automatically by OpenSwan or xl2tpd, or is this some other mechanism? I am without a compass... anyone got a direction?
    • the layer cake of client vpn is: , so you need to be spawning a ppp process. PPP is also where the user/pass authentication is done, so I'm not sure how writing the credentials to l2tp is supposed to work (I've never used xl2tpd, though)

You need to disable xl2tpd sometimes as it runs and hogs port 1701 while the VPN client will normally start a service on 1701 only as needed.

I discovered this while I followed this answer quoted below and the blog post mentioned in it to get a connection working to Meraki from Ubuntu 16.04.

A PPA exists for network-manager-l2tp:

You can use

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp  
sudo apt-get update  
sudo apt-get install network-manager-l2tp

To install the network manager l2tp that supports L2TP for Ubuntu 16.04

Walkthrough for building from source: http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags