I'm trying to create a VPN server on my Linux From Scratch server using IPsec and L2TP. I would like to log-in using only a password, not using certificates.
I'm trying to make this work using ipsec-tools-0.8.0, xl2tpd-1.2.8 and ppp-2.4.5. I want to log in using Windows clients.
My racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
remote anonymous {
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
initial_contact on;
passive off;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes, 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
Almost independent of how you configure racoon, if you create a default VPN-connection under Windows 7, you'll find out that it will not work and that the log file ends with:
2011-04-23 11:41:49: ERROR: no suitable proposal found.
2011-04-23 11:41:49: [192.168.0.3] ERROR: failed to get valid proposal.
2011-04-23 11:41:49: [192.168.0.3] ERROR: failed to process ph1 packet (side: 1, status: 1).
Apparently, the VPN client of Windows 7 uses certificates by default. So if you want to use pre-shared keys for authentication for L2TP under Windows, you have to change this explicitly in the properties of your VPN client. (Under Security -> Advanced Settings -> L2TP -> Use preshared key for authentication) (which should, of course, be the same as the key that you have set in (/usr/local/)/etc/racoon/psk.txt.)
grt
ReplyDeleteCyber Monday Special Deal - Get Ivacy VPN this cyber week for Just $1.34/Month
ReplyDeleteBest VPN Deal
Use promo code icm10 for discount price.
Ivacy VPN will keep you safe from hackers, 3rd party intruders, identity thieves, while it unlocks websites and encrypts your connection on public Wi-Fi. It assures your online freedom while making sure you remain totally anonymous over the web at all times.
ReplyDeleteCheck out one of the best VPN Deal by Ivacy VPN.