You are not logged in.

Pages: 1

#1 2024-07-08 01:59:15

alendra
Member
Registered: 2023-07-15
Posts: 14

Failed LT2P/IPSEC VPN Client Setup

I've followed this instruction https://wiki.archlinux.org/title/Opensw … ient_setup by trying with this network manager connection via nm-applet with this configuration:

[connection]
id=VPN1vpn
uuid=d6e71719-d464-49de-9de0-83c545491551
type=vpn
autoconnect=false

[vpn]
gateway=<gateway>
ipsec-enabled=yes
ipsec-psk=vpn
ipsec-psk-flags=0
password-flags=0
user=<user>
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
ipsec-psk=<preshared-key>
password=<password>

[ipv4]
method=auto

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

but i can't connect and got this error

     ~/share/services  journalctl -xeu NetworkManager.service                                                                                                                                   4    10s
Jul 08 08:52:28 archscribe charon[498969]: 04[NET] no socket implementation registered, receiving failed
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 10.10.10.37/32
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.17.0.0/16
Jul 08 08:52:28 archscribe ipsec_starter[498968]: charon (498969) started after 60 ms
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.18.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 09[CFG] received stroke: add connection 'd6e71719-d464-49de-9de0-83c545491551'
Jul 08 08:52:28 archscribe charon[498969]: 09[CFG] added configuration 'd6e71719-d464-49de-9de0-83c545491551'
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.19.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.20.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.21.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.22.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.23.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.24.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.25.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.26.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.27.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.28.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.29.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.30.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 172.31.0.0/16
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.0.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.1.0/24
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.16.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.32.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.48.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.64.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.80.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.103.0/24
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.112.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.160.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.176.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.192.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 192.168.224.0/20
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for 2407:0:3002:1095::/64
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] installed bypass policy for fe80::/64
Jul 08 08:52:28 archscribe charon[498969]: 05[IKE] interface change for bypass policy for fe80::/64 (from veth9754b4a to wlp0s20f3)
Jul 08 08:52:29 archscribe charon[498969]: 09[CFG] rereading secrets
Jul 08 08:52:29 archscribe charon[498969]: 09[CFG] loading secrets from '/etc/ipsec.secrets'
Jul 08 08:52:29 archscribe charon[498969]: 09[CFG]   loaded IKE secret for %any
Jul 08 08:52:29 archscribe charon[498969]: 09[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Jul 08 08:52:29 archscribe charon[498969]: 09[CFG]   loaded IKE secret for %any
Jul 08 08:52:29 archscribe charon[498969]: 03[CFG] received stroke: initiate 'd6e71719-d464-49de-9de0-83c545491551'
Jul 08 08:52:29 archscribe charon[498969]: 13[IKE] initiating Main Mode IKE_SA d6e71719-d464-49de-9de0-83c545491551[1] to <theip>
Jul 08 08:52:29 archscribe charon[498969]: 13[IKE] initiating Main Mode IKE_SA d6e71719-d464-49de-9de0-83c545491551[1] to <theip>
Jul 08 08:52:29 archscribe charon[498969]: 13[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Jul 08 08:52:29 archscribe charon[498969]: 13[NET] sending packet: from 192.168.1.182 to <theip>[500] (532 bytes)
Jul 08 08:52:29 archscribe charon[498969]: 04[NET] no socket implementation registered, sending failed
Jul 08 08:52:33 archscribe charon[498969]: 05[IKE] sending retransmit 1 of request message ID 0, seq 1
Jul 08 08:52:33 archscribe charon[498969]: 05[NET] sending packet: from 192.168.1.182 to <theip>[500] (532 bytes)
Jul 08 08:52:33 archscribe charon[498969]: 04[NET] no socket implementation registered, sending failed
Jul 08 08:52:36 archscribe NetworkManager[928]: <warn>  [1720403556.2814] vpn[0x59e26d5ecec0,d6e71719-d464-49de-9de0-83c545491551,"Huawei"]: failed to connect: 'Timeout was reached'

any idea? i've tried using nm-applet and network configuration from gnome but nothing's work. i've installed networkmanager-l2tp, strongswan, and xl2tpd.. but i can't install openswan, i got this error

CC stubs.c
<command-line>: warning: "_FORTIFY_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
In file included from /home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/include/pluto/state.h:30,
                 from /home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/programs/pluto/stubs.c:49:
/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/include/pluto/ike_alg.h: In function ‘ike_alg_get_integ’:
/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/include/pluto/ike_alg.h:127:81: warning: implicit conversion from ‘enum ikev2_trans_type_integ’ to ‘enum ikev2_trans_type_encr’ [-Wenum-conversion]
  127 |     return (struct ike_integ_desc *) ike_alg_ikev2_find(IKEv2_TRANS_TYPE_INTEG, halg, 0);
      |                                                                                 ^~~~
/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/include/pluto/ike_alg.h: In function ‘ike_alg_get_prf’:
/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/include/pluto/ike_alg.h:131:81: warning: implicit conversion from ‘enum ikev2_trans_type_prf’ to ‘enum ikev2_trans_type_encr’ [-Wenum-conversion]
  131 |         return (struct ike_prf_desc *) ike_alg_ikev2_find(IKEv2_TRANS_TYPE_PRF, prfalg, 0);
      |                                                                                 ^~~~~~
CC adns.c
<command-line>: warning: "_FORTIFY_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
LD pluto
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14,
    inlined from ‘fill_rnd_chunk.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rndchunk.c:79:3:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘fill_rnd_chunk.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘SHA1Final’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:178:9:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 0 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘SHA1Final’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes.constprop’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes.constprop’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
In function ‘code_asn1_length’,
    inlined from ‘code_asn1_length’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:133:1,
    inlined from ‘atodn’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:489:3:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:158:15: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c: In function ‘atodn’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:406:12: note: at offset 3 into destination object ‘name_len_buf’ of size 3
In function ‘code_asn1_length’,
    inlined from ‘code_asn1_length’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:133:1,
    inlined from ‘atodn’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:494:3:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:158:15: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c: In function ‘atodn’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:407:12: note: at offset 3 into destination object ‘rdn_seq_len_buf’ of size 3
In function ‘code_asn1_length’,
    inlined from ‘code_asn1_length’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:133:1,
    inlined from ‘atodn’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:498:3:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:158:15: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c: In function ‘atodn’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:408:12: note: at offset 3 into destination object ‘rdn_set_len_buf’ of size 3
In function ‘code_asn1_length’,
    inlined from ‘code_asn1_length’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:133:1,
    inlined from ‘atodn’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:461:3:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:158:15: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c: In function ‘atodn’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:405:12: note: at offset 3 into destination object ‘oid_len_buf’ of size 3
In function ‘code_asn1_length’,
    inlined from ‘code_asn1_length’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:133:1,
    inlined from ‘atodn’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:538:5:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/asn1.c:158:15: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c: In function ‘atodn’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/liboswkeys/x509dn.c:409:12: note: at offset 3 into destination object ‘dn_seq_len_buf’ of size 3
In function ‘SHA1Update’,
    inlined from ‘mix_pool’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:130:5,
    inlined from ‘get_rnd_byte’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:142:5,
    inlined from ‘get_rnd_bytes’ at /usr/src/debug/openswan/Openswan-3.0.0/lib/libpluto/rnd.c:163:14:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: warning: ‘SHA1Transform’ reading 64 bytes from a region of size 20 [-Wstringop-overread]
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:152:13: note: referencing argument 2 of type ‘const unsigned char[64]’
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c: In function ‘get_rnd_bytes’:
/usr/src/debug/openswan/Openswan-3.0.0/lib/libcrypto/libsha1/sha1.c:56:6: note: in a call to function ‘SHA1Transform’
make[3]: Leaving directory '/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/OBJ.linux.x86_64/programs/pluto'
make[3]: Entering directory '/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/OBJ.linux.x86_64/programs/addconn'
info: addcon/Makefile: MAKECMDGOALS="programs"
/bin/bash: line 1: test: 14.1.1: integer expression expected
CC addconn.c
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
make[3]: *** [/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/Makefile.common:21: addconn.o] Error 1
make[3]: Leaving directory '/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/OBJ.linux.x86_64/programs/addconn'
make[2]: *** [/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/programs/Makefile:59: programs] Error 1
make[2]: Leaving directory '/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/OBJ.linux.x86_64/programs'
make[1]: *** [Makefile:10: programs] Error 1
make[1]: Leaving directory '/home/alendra/.cache/yay/openswan/src/Openswan-3.0.0/OBJ.linux.x86_64'
make: *** [Makefile:186: programs] Error 2
==> ERROR: A failure occurred in build().
/usr/share/makepkg/util/message.sh: line 51: QUIET: unbound variable
/usr/bin/makepkg: line 131: logpipe: unbound variable
 -> error making: openswan-exit status 1
 -> Failed to install the following packages. Manual intervention is required:
openswan - exit status 1

i've tried to connect via Windows settings, it works. nothing's wrong with the credential.

Last edited by alendra (2024-07-08 04:25:59)

Offline

#2 2024-07-08 10:27:14

alendra
Member
Registered: 2023-07-15
Posts: 14

Re: Failed LT2P/IPSEC VPN Client Setup

$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug                                                                                                                  
nm-l2tp[238158] <debug> nm-l2tp-service (version 1.20.16) starting...
nm-l2tp[238158] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[238158] <info>  ipsec enable flag: yes
** Message: 16:32:58.802: Check port 1701
connection
  autoconnect : false
  autoconnect-ports : -1
  id : 'VPN connection 1'
  permissions : []
  type : 'vpn'
  uuid : 'ea1af6ef-3ebd-4093-b056-7893512b4a0e'

vpn
  data : {'gateway': '<hidden-ip>', 'ipsec-enabled': 'yes', 'ipsec-psk-flags': '1', 'machine-auth-type': 'psk', 'mru': '1400', 'mtu': '1400', 'password-flags': '1', 'refuse-mschapv2': 'yes', 'user': 'alexander.adam', 'user-auth-type': 'password'}
  secrets : {'ipsec-psk': '<hidden>', 'password': '<hidden>'}
  service-type : 'org.freedesktop.NetworkManager.l2tp'
  user-name : 'alendra'

ipv4
  address-data : []
  method : 'auto'
  route-data : []

ipv6
  addr-gen-mode : 1
  address-data : []
  method : 'auto'
  route-data : []

proxy

nm-l2tp[238158] <info>  starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.9.13 IPsec [starter]...
Loading config setup
Loading conn 'ea1af6ef-3ebd-4093-b056-7893512b4a0e'
nm-l2tp[238158] <info>  Spawned ipsec up script with PID 238349.
initiating Main Mode IKE_SA ea1af6ef-3ebd-4093-b056-7893512b4a0e[1] to <hidden-ip>
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.100.251 to <hidden-ip>[500] (532 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.100.251 to <hidden-ip>[500] (532 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 192.168.100.251 to <hidden-ip>[500] (532 bytes)
nm-l2tp[238158] <warn>  Timeout trying to establish IPsec connection
nm-l2tp[238158] <info>  Terminating ipsec script with PID 238349.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection 'ea1af6ef-3ebd-4093-b056-7893512b4a0e' failed
** Message: 16:33:18.002: Could not establish IPsec connection.

(nm-l2tp-service:238158): GLib-GIO-CRITICAL **: 16:33:18.002: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
 $ ip a
ip r
ip -6 r
sudo iptables -L
cat /etc/ipsec.conf
cat /etc/ipsec.secrets

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:c9:86:62:4b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:c9ff:fe86:624b/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
7: br-45a4efb97586: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:47:26:96:c0 brd ff:ff:ff:ff:ff:ff
    inet 172.28.0.1/16 brd 172.28.255.255 scope global br-45a4efb97586
       valid_lft forever preferred_lft forever
8: br-52f8b8b09570: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ad:fc:96:d1 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-52f8b8b09570
       valid_lft forever preferred_lft forever
9: br-547d5ecf98cc: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:a4:45:10:1e brd ff:ff:ff:ff:ff:ff
    inet 192.168.224.1/20 brd 192.168.239.255 scope global br-547d5ecf98cc
       valid_lft forever preferred_lft forever
10: br-026fdaedd13c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:41:c3:b6:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.32.1/20 brd 192.168.47.255 scope global br-026fdaedd13c
       valid_lft forever preferred_lft forever
11: br-11e17282661b: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:7d:51:b8:69 brd ff:ff:ff:ff:ff:ff
    inet 192.168.16.1/20 brd 192.168.31.255 scope global br-11e17282661b
       valid_lft forever preferred_lft forever
12: br-25143a702370: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:de:6c:65:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.48.1/20 brd 192.168.63.255 scope global br-25143a702370
       valid_lft forever preferred_lft forever
13: br-b8bdfc1133c5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:73:5e:92:19 brd ff:ff:ff:ff:ff:ff
    inet 172.25.0.1/16 brd 172.25.255.255 scope global br-b8bdfc1133c5
       valid_lft forever preferred_lft forever
14: br-fcf290db6a0a: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:32:1c:61:c5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.176.1/20 brd 192.168.191.255 scope global br-fcf290db6a0a
       valid_lft forever preferred_lft forever
15: br-5aece0f85b52: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:1b:f7:12:4e brd ff:ff:ff:ff:ff:ff
    inet 192.168.103.1/24 brd 192.168.103.255 scope global br-5aece0f85b52
       valid_lft forever preferred_lft forever
16: br-6c2daf93912b: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:e0:c3:52:5a brd ff:ff:ff:ff:ff:ff
    inet 192.168.64.1/20 brd 192.168.79.255 scope global br-6c2daf93912b
       valid_lft forever preferred_lft forever
17: br-8589d33d52bf: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ac:66:a0:c8 brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.1/16 brd 172.23.255.255 scope global br-8589d33d52bf
       valid_lft forever preferred_lft forever
18: br-995a9fcdd0e5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:70:dc:8a:e1 brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.1/16 brd 172.21.255.255 scope global br-995a9fcdd0e5
       valid_lft forever preferred_lft forever
19: br-a6a0bf6c082f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:bb:74:1d:3a brd ff:ff:ff:ff:ff:ff
    inet 172.26.0.1/16 brd 172.26.255.255 scope global br-a6a0bf6c082f
       valid_lft forever preferred_lft forever
20: br-34137c07cf94: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:5d:a1:fe:3d brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-34137c07cf94
       valid_lft forever preferred_lft forever
21: br-56a5376cfa6e: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:4f:09:3d:a8 brd ff:ff:ff:ff:ff:ff
    inet 172.29.0.1/16 brd 172.29.255.255 scope global br-56a5376cfa6e
       valid_lft forever preferred_lft forever
22: br-8831a3aab4e5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:c5:ac:7b:43 brd ff:ff:ff:ff:ff:ff
    inet 192.168.112.1/20 brd 192.168.127.255 scope global br-8831a3aab4e5
       valid_lft forever preferred_lft forever
23: br-886d1467cf85: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:8b:85:4d:55 brd ff:ff:ff:ff:ff:ff
    inet 172.30.0.1/16 brd 172.30.255.255 scope global br-886d1467cf85
       valid_lft forever preferred_lft forever
24: br-adfd10f32026: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:70:c2:16:8e brd ff:ff:ff:ff:ff:ff
    inet 192.168.192.1/20 brd 192.168.207.255 scope global br-adfd10f32026
       valid_lft forever preferred_lft forever
25: br-1543756ada66: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:2b:ea:36:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/20 brd 192.168.15.255 scope global br-1543756ada66
       valid_lft forever preferred_lft forever
26: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:75:38:e1:41 brd ff:ff:ff:ff:ff:ff
    inet 172.27.0.1/16 brd 172.27.255.255 scope global docker_gwbridge
       valid_lft forever preferred_lft forever
27: br-8de3b8a622ce: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:d8:d2:a9:66 brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.1/16 brd 172.31.255.255 scope global br-8de3b8a622ce
       valid_lft forever preferred_lft forever
28: br-b80876ab5b5f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:b9:bd:7a:8e brd ff:ff:ff:ff:ff:ff
    inet 192.168.160.1/20 brd 192.168.175.255 scope global br-b80876ab5b5f
       valid_lft forever preferred_lft forever
29: br-6d6127d579e4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:46:0f:3f:2b brd ff:ff:ff:ff:ff:ff
    inet 172.22.0.1/16 brd 172.22.255.255 scope global br-6d6127d579e4
       valid_lft forever preferred_lft forever
30: br-72c44904496b: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:4a:8f:2d:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.80.1/20 brd 192.168.95.255 scope global br-72c44904496b
       valid_lft forever preferred_lft forever
31: br-7e1b14428df3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:72:e1:ee:60 brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.1/16 brd 172.20.255.255 scope global br-7e1b14428df3
       valid_lft forever preferred_lft forever
32: br-f2f6192857c3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ea:6c:e7:a0 brd ff:ff:ff:ff:ff:ff
    inet 172.24.0.1/16 brd 172.24.255.255 scope global br-f2f6192857c3
       valid_lft forever preferred_lft forever
79: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:46:28:d4:bc:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.251/24 brd 192.168.100.255 scope global dynamic noprefixroute wlp0s20f3
       valid_lft 86312sec preferred_lft 86312sec
    inet6 fe80::1a2c:1621:466:adbe/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
default via 192.168.100.1 dev wlp0s20f3 proto dhcp src 192.168.100.251 metric 600
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-34137c07cf94 proto kernel scope link src 172.18.0.1 linkdown
172.19.0.0/16 dev br-52f8b8b09570 proto kernel scope link src 172.19.0.1 linkdown
172.20.0.0/16 dev br-7e1b14428df3 proto kernel scope link src 172.20.0.1 linkdown
172.21.0.0/16 dev br-995a9fcdd0e5 proto kernel scope link src 172.21.0.1 linkdown
172.22.0.0/16 dev br-6d6127d579e4 proto kernel scope link src 172.22.0.1 linkdown
172.23.0.0/16 dev br-8589d33d52bf proto kernel scope link src 172.23.0.1 linkdown
172.24.0.0/16 dev br-f2f6192857c3 proto kernel scope link src 172.24.0.1 linkdown
172.25.0.0/16 dev br-b8bdfc1133c5 proto kernel scope link src 172.25.0.1 linkdown
172.26.0.0/16 dev br-a6a0bf6c082f proto kernel scope link src 172.26.0.1 linkdown
172.27.0.0/16 dev docker_gwbridge proto kernel scope link src 172.27.0.1 linkdown
172.28.0.0/16 dev br-45a4efb97586 proto kernel scope link src 172.28.0.1 linkdown
172.29.0.0/16 dev br-56a5376cfa6e proto kernel scope link src 172.29.0.1 linkdown
172.30.0.0/16 dev br-886d1467cf85 proto kernel scope link src 172.30.0.1 linkdown
172.31.0.0/16 dev br-8de3b8a622ce proto kernel scope link src 172.31.0.1 linkdown
192.168.0.0/20 dev br-1543756ada66 proto kernel scope link src 192.168.0.1 linkdown
192.168.16.0/20 dev br-11e17282661b proto kernel scope link src 192.168.16.1 linkdown
192.168.32.0/20 dev br-026fdaedd13c proto kernel scope link src 192.168.32.1 linkdown
192.168.48.0/20 dev br-25143a702370 proto kernel scope link src 192.168.48.1 linkdown
192.168.64.0/20 dev br-6c2daf93912b proto kernel scope link src 192.168.64.1 linkdown
192.168.80.0/20 dev br-72c44904496b proto kernel scope link src 192.168.80.1 linkdown
192.168.100.0/24 dev wlp0s20f3 proto kernel scope link src 192.168.100.251 metric 600
192.168.103.0/24 dev br-5aece0f85b52 proto kernel scope link src 192.168.103.1 linkdown
192.168.112.0/20 dev br-8831a3aab4e5 proto kernel scope link src 192.168.112.1 linkdown
192.168.160.0/20 dev br-b80876ab5b5f proto kernel scope link src 192.168.160.1 linkdown
192.168.176.0/20 dev br-fcf290db6a0a proto kernel scope link src 192.168.176.1 linkdown
192.168.192.0/20 dev br-adfd10f32026 proto kernel scope link src 192.168.192.1 linkdown
192.168.224.0/20 dev br-547d5ecf98cc proto kernel scope link src 192.168.224.1 linkdown
fe80::/64 dev docker0 proto kernel metric 256 linkdown pref medium
fe80::/64 dev wlp0s20f3 proto kernel metric 1024 pref medium
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:isakmp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipsec-nat-t
ACCEPT     udp  --  anywhere             anywhere             udp dpt:l2f
ACCEPT     udp  --  anywhere             anywhere             udp dpt:l2f

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (27 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (27 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
config setup
    charondebug="ike 2, knl 2, cfg 2"

conn %default
    keyexchange=ikev1
    authby=secret
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    ikelifetime=8h
    lifetime=1h
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    rekey=no
    keyingtries=1

conn L2TP-PSK
    keyexchange=ikev1
    left=%defaultroute
    leftprotoport=17/1701
    right=<hidden-ip>
    rightprotoport=17/1701
    auto=add

# /etc/ipsec.secrets - strongSwan IPsec secrets file

# The syntax is: 
# [ipsec gateway address] : PSK "[pre-shared key]"
# 
# Replace 'your_vpn_server' with the IP address or hostname of your VPN server.
# Replace 'your_psk' with your pre-shared key (PSK).


%any %any : PSK "<hidden>"


# include ipsec.d/ipsec.nm-l2tp.secrets


include ipsec.d/ipsec.nm-l2tp.secrets

Offline

Pages: 1

Board footer

Powered by FluxBB