# Strongswan, Instant D/C...

## ShiroiKuma

I've followed the guide at http://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server and opted for Strongswan and xl2tpd.

I'm just trying to create a fairly simple VPN solution (one that doesn't require GRE passthrough) for my homenetwork. However to test it first I thought I should try it from an internal machine. The following is the output when attempting to connect to the VPN server from a Windows 2012 Server. The VPN server is 192.168.11.10 and the Windows Server is 192.168.11.101.

 *Quote:*   

> Mar 10 23:29:25 pi1 charon: 06[NET] received packet: from 192.168.11.101[500] to 192.168.11.10[500] (408 bytes)
> 
> Mar 10 23:29:25 pi1 charon: 06[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
> 
> Mar 10 23:29:25 pi1 charon: 06[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
> ...

 

I'm not running iptables at all on the VPN server, minimizing points of failure for now.

The following files may be relevant

/etc/ipsec.conf

```
conn vpnserver

        type=transport

        authby=secret

        rekey=no

        keyingtries=1

        left=%any

        leftprotoport=udp/l2tp

        leftid=@vpn.sk.co.uk

        right=%any

        rightprotoport=udp/%any

        auto=add
```

/etc/ppp/options.xl2tpd

```
noccp

noauth

crtscts

mtu 1410

mru 1410

nodefaultroute

lock

proxyarp

silent
```

and lastly

/etc/xl2tpd/xl2tpd.conf

```
[global]

port = 1701

access control = no

[lns default]

ip range = 192.168.10.200-192.168.10.205

local ip = 192.168.11.10

require authentication = yes

name = LinuxVPN

pppoptfile = /etc/ppp/options.xl2tpd
```

I'm not sure where to start looking into this problem, would any other files assist at all? Any help is appreciated.

I tried PPTP first but my ISP blocks GRE. So now I'm trying L2TP.

----------

## ShiroiKuma

With a bit of luck I got it working slightly.

I altered /etc/ppp/options.xl2tpd and swapped noauth for auth. I thought noauth would be better for getting it tested, but apparently not. Once I did that I started getting Error 850 regarding unsupported encryption in the Windows Server.

For that, I just had to explicitly allow MS-CHAP v2 as it's disabled by default. Now my VPN clients can connect to my network okay and even my iPhone can VPN in.

The only missing feature now, is allowing my VPN clients to access the internet through the VPN.

----------

