IPsec L2TP VPN server issues / dynamip IP address

[user755]

Hi,

I have Zentyal 3.2 host. Internet connection is pppoe with dynamic IP
Configured IPsec V2TP VPN server

Code: [Select]

root@gw:/# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.37/K3.8.0-34-generic (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

        [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

        [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

errors fixed by adding in /etc/sysctl.conf

Code: [Select]

net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0


Code: [Select]

Jan 16 07:43:24 gw ipsec_setup: Starting Openswan IPsec U2.6.37/K3.8.0-34-generic...
Jan 16 07:43:24 gw ipsec_setup: Using NETKEY(XFRM) stack
Jan 16 07:43:24 gw kernel: [290542.524020] Initializing XFRM netlink socket
Jan 16 07:43:24 gw ipsec_setup: ...Openswan IPsec started
Jan 16 07:43:24 gw pluto: adjusting ipsec.d to /etc/ipsec.d
Jan 16 07:43:24 gw ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan 16 07:43:25 gw ipsec__plutorun: 002 added connection description "vpn"
Jan 16 07:43:25 gw ipsec__plutorun: 025 "vpn": cannot route template policy of PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
Jan 16 07:43:25 gw ipsec__plutorun: 025 "vpn": could not route
Jan 16 07:43:25 gw ipsec__plutorun: 029 "vpn": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)

fix: ipsec.conf.mas

Code: [Select]

#auto=start
auto=add

Now VPN works, but after restart ppp0 VPN server will not work.
After save ipsec module it works. Any workaround for this?

[omarruman]

Can you solve the problem? I have the same issues with 3.5 version, and i don´t know how to fixit.
You are modifing /etc/ipsec.conf auto=start by auto=add? I dont understen why you call file "ipsec.conf.mas", thaks! Regards

[jbahillo]

Just add a custom stub for such file if you want to do a customization:


https://wiki.zentyal.org/wiki/En/3.5/Development_and_advanced_configuration#Advanced_Service_Customization

[josegar]

https://tracker.zentyal.org/issues/1289