i kindly ask you a hint on what is wrong with my config.
I am having connection problems from a Windows 10 VPN client ( built-in client from the control panel ),
to a Linux VPN server running on a Linux AWS EC2 instance.
The security group is configured to allow all traffic from my home external IP.
The logs at /var/log/accel-ppp/accel-ppp.log say:
Code: Select all
[2020-07-12 18:12:37]: info: l2tp: recv [L2TP tid=0 sid=0 Ns=0 Nr=0 <Message-Type Start-Ctrl-Conn-Request> <Protocol-Version 256> <Framing-Capabilities 1> <Bearer-Cap$
[2020-07-12 18:12:37]: info: l2tp: handling SCCRQ from 94.66.223.221
[2020-07-12 18:12:37]: info: l2tp: new tunnel 4246-12 created following reception of SCCRQ from 94.66.223.221:1701
[2020-07-12 18:12:37]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): sending SCCRP
[2020-07-12 18:12:37]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:37]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message sent from send queue
[2020-07-12 18:12:38]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #1
[2020-07-12 18:12:38]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:38]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:40]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #2
[2020-07-12 18:12:40]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:40]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:44]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #3
[2020-07-12 18:12:44]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:44]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:52]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #4
[2020-07-12 18:12:52]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:52]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:13:08]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #5
[2020-07-12 18:13:08]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:13:08]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message added to reception queue
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message acked by peer
[2020-07-12 18:13:22]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): recv [L2TP tid=4246 sid=0 Ns=1 Nr=1 <Message-Type Start-Ctrl-Conn-Connected>]
[2020-07-12 18:13:22]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): handling SCCCN
[2020-07-12 18:13:22]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): established at 172.31.8.169:1701
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message processed from reception queue
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 0 message sent from send queue
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): sending ZLB
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2]
[2020-07-12 18:14:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): sending HELLO
[2020-07-12 18:14:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message sent from send queue
[2020-07-12 18:14:23]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #1
[2020-07-12 18:14:23]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:23]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:25]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #2
[2020-07-12 18:14:25]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:25]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:29]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #3
[2020-07-12 18:14:29]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:29]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:37]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #4
[2020-07-12 18:14:37]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:37]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:53]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #5
[2020-07-12 18:14:53]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:53]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:15:09]: warn: l2tp tunnel 4246-12 (94.66.223.221:1701): no acknowledgement from peer after 5 retransmissions, deleting tunnel
[2020-07-12 18:15:09]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): deleting tunnel
[2020-07-12 18:15:09]: info: l2tp tunnel 4246-12 (94.66.223.221:1701): tunnel destroyed
My /etc/accel-ppp.conf :
Code: Select all
[modules]
log_file
pptp
l2tp
radius
ippool
pppd_compat
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[common]
[ppp]
verbose=3
min-mtu=1280
mtu=1400
mru=1400
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
lcp-echo-timeout=120
unit-cache=1
[auth]
[pptp]
verbose=3
bind=172.31.8.169
echo-interval=30
mppe=prefer
ip-pool=pool1
[pppoe]
verbose=1
called-sid=mac
interface=eth0
[l2tp]
verbose=3
bind=172.31.8.169
host-name=ec2-52-214-19-54.eu-west-1.compute.amazonaws.com
mppe=prefer
ip-pool=pool2
hello-interval=60
[sstp]
verbose=1
[ipoe]
verbose=1
username=ifname
lease-time=600
renew-time=300
max-lease-time=3600
shared=0
ifcfg=1
mode=L2
start=dhcpv4
interface=eth0
[dns]
dns1=8.8.8.8
dns2=8.8.4.4
[wins]
[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
gw-ip-address=172.31.0.1
server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1
dae-server=127.0.0.1:3799,testing123
verbose=1
interim-verbose=1
acct-on=1
acct-interim-interval=500
[client-ip-range]
0.0.0.0/0
[ip-pool]
gw-ip-address=172.31.0.1
attr=Framed-Pool
172.31.0.2-254,name=pool1
172.31.0.2-254,name=pool2
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=5
[log-pgsql]
conninfo=user=log
log-table=log
[pppd-compat]
verbose=1
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
radattr-prefix=/var/run/radattr
[chap-secrets]
gw-ip-address=192.168.100.1
[shaper]
up-limiter=police
down-limiter=tbf
verbose=1
[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
[ipv6-pool]
fc00:0:1::/48,64
fc00:0:2::/48,64,name=pool1
fc00:0:3::/48,64,name=pool2,next=pool1
delegate=fc00:1::/36,48
delegate=fc00:2::/36,48,name=pool3
delegate=fc00:3::/36,48,name=pool4,next=pool3
[ipv6-dns]
[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1
My /etc/ipsec.conf :
Code: Select all
config setup
plutodebug=none
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
dpdaction=clear
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
ike=aes256-sha1,aes128-sha1,3des-sha1
type=transport
#left=127.0.0.1
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=30
dpdtimeout=120