installing l2tp ipsec server on centos 6.8

robertkwild · 11-01-2016, 04:07 PM

hi all,

does anyone know any good guides in setting this up please, im following this guide but its for openswan and i have noticed they are now libreswan

https://raymii.org/s/tutorials/IPSEC...-_Linux_6.html

many thanks,

rob

robertkwild · 11-02-2016, 04:57 PM

stumbling into a problem

[root@l2tp ~]# ipsec verify
Verifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan U3.13/K(no kernel code presently loaded) on 2.6.32-642.el6.x86_64
Checking for IPsec support in kernel [FAILED]

The ipsec service should be started before running 'ipsec verify'

Pluto ipsec.conf syntax [PARSE ERROR]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error, unexpected STRING [<strong>virtual_private]

Hardware random device [N/A]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]
rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running [FAILED]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OBSOLETE KEYWORD]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error, unexpected STRING [<strong>virtual_private]
Opportunistic Encryption [DISABLED]

ipsec verify: encountered 11 errors - see 'man ipsec_verify' for help
[root@l2tp ~]#

if anyone could help would be much appreciated

cheers,

rob

robertkwild · 11-03-2016, 09:57 AM

figured it out -

i followed this other guide which i found better -

http://blog.earth-works.com/2013/02/...r-on-centos-6/

one thing tho to look out for when writing the "ipsec.cong" delete both strong commands in the brackets and make sure the line that reads "conn" isnt indented and also put an = inbetween the conn and l2tp ie "conn=l2tp-psk"

robertkwild · 11-07-2016, 11:00 AM

finally i have done it and it works, i connect straight away on iphones androids etc etc!!!

followed this guide -

http://blog.earth-works.com/2013/02/...r-on-centos-6/

but in the "ipsec.conf" file i deleted both "strong" commands

i didnt create a new host key for the server, i just added the new line for the PSK in the file "ipsec.secrets"

and the reason why it wasnt working for me is you need to NAT another port on your firewall not just the ports it mentions -

Ports 1701 UDP, 4500 UDP and 500 UDP and also not mentioned 50 UDP

thats it