February 18, 2017

L2TP/IPSEC VPN on a Debian VPS

ipsec Segmentation Fault

root# invoke-rc.d ipsec start
Job for ipsec.service failed. See 'systemctl status ipsec.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript ipsec, action "start" failed.
root# systemctl status ipsec.service
ipsec.service - LSB: Start Openswan IPsec at boot time
Loaded: loaded (/etc/init.d/ipsec)
Active: failed (Result: exit-code) since Sat 2017-02-18 15:17:07 CET; 3s ago
Process: 844 ExecStart=/etc/init.d/ipsec start (code=exited, status=139)

Feb 18 15:17:07 vpn-example.com systemd[1]: Starting LSB: Start Openswan IPsec at boot time...
Feb 18 15:17:07 vpn-example.com ipsec[844]: Segmentation fault
Feb 18 15:17:07 vpn-example.com ipsec[844]: failed to start openswan IKE daemon - the following error occured:
Feb 18 15:17:07 vpn-example.com systemd[1]: ipsec.service: control process exited, code=exited status=139
Feb 18 15:17:07 vpn-example.com systemd[1]: Failed to start LSB: Start Openswan IPsec at boot time.
Feb 18 15:17:07 vpn-example.com systemd[1]: Unit ipsec.service entered failed state.
root# /etc/init.d/ipsec start
Segmentation fault
failed to start openswan IKE daemon - the following error occured:

Solution: make sure /etc/ipsec.conf has an empty line at the end of file.

source

Verify the configuration

ipsec verify

Using tcpdump to debug L2TP/IPSEC UDP packets

If you're getting the following error:
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer
You'll need to confirm if the packets are reaching the VPN server:
tcpdump -i any -n -nn icmp or \( udp and \( port 500 or port 1701 or port 4500 \) \)

source


https://www.elastichosts.com/blog/linux-l2tpipsec-vpn-server/
https://gist.github.com/mietek/4877cd74423bf6925b92
https://wiki.openwrt.org/inbox/openswanxl2tpvpn
https://github.com/xelerance/Openswan/wiki/L2tp-ipsec-configuration-using-openswan-and-xl2tpd
http://blog.jameskyle.org/2012/07/configuring-openswan-ipsec-server/
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_a_Raspberry_Pi_with_Arch_Linux.html
https://habrahabr.ru/company/FastVPS/blog/205162/
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)