www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

l2tp/Ipsec VPN Help

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
ultimoblaze



Joined: 30 Oct 2013
Posts: 14

PostPosted: Wed Aug 12, 2015 1:37 am    Post subject: l2tp/Ipsec VPN Help Reply with quote

Hi,

I've been trying to set up a host-to-LAN VPN following these guides:
http://digilander.libero.it/smasherdevourer/schede/linux/Zeroshell%20VPN%20Host-to-LAN-EN.pdf
http://www.zeroshell.net/listing/l2tp.pdf

These guides are a few releases behind, I think, while I'm on the latest. I haven't had any luck connecting.

I suspect I need to open a port or create some sort of policy in the firewall to allow connections in. Currently I have DENY polices for input and forward chains with specific accept policies.

Does anybody know if this could be the issue?


Thanks,
Ultimoblaze
Back to top
View user's profile Send private message
ultimoblaze



Joined: 30 Oct 2013
Posts: 14

PostPosted: Tue Aug 18, 2015 12:56 am    Post subject: Reply with quote

I've been working on this some more and was able to rule out the firewall. I disabled the firewall on my Windows 7 machine and set the policies to accept on Zeroshell. I have been able to contact the Zeroshell machine, but receive a handful of failures and rejections in the Zeroshell log.

What I've tried:

Windows 7 VPN Security setting: Automatic
admin username and password
Zeroshell log:
Code:
20:46:55    INFO: respond new phase 1 negotiation: xx.xx.172.2[500]<=>xx.xx.70.89[500]
20:46:55    INFO: begin Identity Protection mode.
20:46:55    INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
20:46:55    INFO: received Vendor ID: RFC 3947
20:46:55    INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
20:46:55    INFO: received Vendor ID: FRAGMENTATION
20:46:55    INFO: Selected NAT-T version: RFC 3947
20:46:55    ERROR: invalid DH group 20.
20:46:55    ERROR: invalid DH group 19.
20:46:55    ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:7
20:46:55    ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
20:46:55    ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
20:46:55    ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
20:46:55    ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
20:46:55    ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = MD5:SHA
20:46:55    ERROR: no suitable proposal found.
20:46:55    ERROR: failed to get valid proposal.
20:46:55    ERROR: failed to process packet.


I tried forcing the security setting to L2TP/IPsec and received the same results.

Can anybody provide some help in this matter?


Thanks,
Ultimoblaze
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group