L2TP/IPSec PSK

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
kaundere
Posts: 14
Joined: Wed Oct 28, 2015 11:52 pm

L2TP/IPSec PSK

Post by kaundere » Fri Mar 10, 2017 11:51 pm

I have been running my personal VPN server fine but i never could make my android device connect to it.
I have done everything by the setup tutorial both for the server and client side and i have tested it with multiple android devices.
Despite trying every variation in every menu with every possible combination i just cant connect to the vpn server through a mobile device (android only tested)

Do you guys have any ideas what might be wrong?

(my only idea is about the ports but i have no idea for what to look for or how to fix it)

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: L2TP/IPSec PSK

Post by thisjun » Thu Mar 23, 2017 6:54 am

Did you configure port forwarding settings on the router?

kaundere
Posts: 14
Joined: Wed Oct 28, 2015 11:52 pm

Re: L2TP/IPSec PSK

Post by kaundere » Sat Apr 01, 2017 4:05 pm

thisjun wrote:
> Did you configure port forwarding settings on the router?
Migrating the server from windows to Ubuntu at the moment
i have forwarded the usual ports but the problem was that i had to forward the port: 500 and 4500 for it to work with phones. BUT i cant test it now.

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: L2TP/IPSec PSK

Post by triwaves » Mon Apr 03, 2017 6:54 pm

I have same problem - all ports forwarded - tried every tutorial and setting - but never get Android client to connect. My work-around was to use an Android OpenVPN client and connect to Softether in OpenVPN mode (which you need to enable - and then download a configuration file) and this works reliably for me.

kaundere
Posts: 14
Joined: Wed Oct 28, 2015 11:52 pm

Re: L2TP/IPSec PSK

Post by kaundere » Mon Apr 03, 2017 7:54 pm

triwaves wrote:
> I have same problem - all ports forwarded - tried every tutorial and
> setting - but never get Android client to connect. My work-around was to
> use an Android OpenVPN client and connect to Softether in OpenVPN mode
> (which you need to enable - and then download a configuration file) and
> this works reliably for me.

Soo downloading OpenVPN app on android and connecting to the softether through it and getting the config it works?
Does this work in CHINA?
Has anyone worked with Shadowsocks or anything with a server on other os than Windows?
I am having some problems just setting things up on ubuntu and in general lack of knowledge of linux/ubuntu, and the use of python and other coding languages.

triwaves
Posts: 27
Joined: Mon May 16, 2016 3:11 pm

Re: L2TP/IPSec PSK

Post by triwaves » Tue Apr 04, 2017 3:31 pm

>
> Soo downloading OpenVPN app on android and connecting to the softether through it and
> getting the config it works?
> Does this work in CHINA?

I don't know about China - I imagine the differences you are concerned about are not related to server configs (which can be duplicated) but routing, filtering and port forwarding challenges.

I have used it on multiple servers running on Raspberry Pi and on Ubuntu so it seems the OpenVPN mode is functional, but my statement is far from a validation test over many different server configurations ... your mileage may vary. I mention it because it may be a quick way for you to get connectivity while you continue to work towards getting the built in Android client working...

kaundere
Posts: 14
Joined: Wed Oct 28, 2015 11:52 pm

Re: L2TP/IPSec PSK

Post by kaundere » Wed Apr 05, 2017 8:00 pm

triwaves wrote:
> >
> > Soo downloading OpenVPN app on android and connecting to the softether through
> it and
> > getting the config it works?
> > Does this work in CHINA?
>
> I don't know about China - I imagine the differences you are concerned about are not
> related to server configs (which can be duplicated) but routing, filtering and port
> forwarding challenges.
>
> I have used it on multiple servers running on Raspberry Pi and on Ubuntu so it seems
> the OpenVPN mode is functional, but my statement is far from a validation test over
> many different server configurations ... your mileage may vary. I mention it because
> it may be a quick way for you to get connectivity while you continue to work towards
> getting the built in Android client working...

The idea is quite good but i would like to ask why does it start working with the OpenVPN rather out of the box on the softether server. Trying to figure out the cause, but there are no logs on android what its doing etc. you might say root it etc but that is such a hassle.
ATM i am not in china but planing on going later this year, rather have a head start and not setting up the servers from there through teamviewer....
BTW did you install the server on ubuntu through the tutorial on the official site or did something totally different?

I have worked with backtrack and kali on linux and setting up the stuff there needed some general commands to get things going AND i was wondering was it the same general stuff for setting up the servers and getting the connectivity up, (the wall that i hit with the proxy stuff was exactly at that starting and connecting)
Also if i get em running would not mind to share a account or two (located in Bulgaria-Europe)

vlaryk
Posts: 9
Joined: Tue May 30, 2017 2:20 pm

Re: L2TP/IPSec PSK

Post by vlaryk » Tue May 30, 2017 4:21 pm

Yes, SoftEther L2TP/IPSec PSK connection from Android clients has some inborn defect.
I can connect from Windows client to SoftEther server on L2TP/IPSec PSK,
can connect from my Android 4.0.4 to other servers (Cisco, D-Link DFL, OpenSwan on Linux) L2TP/IPSec PSK,
but never sucseed connecting Android to SoftEther.
I saw many times in this forum reported problems, but never seen the solution.

Here is my log messages from server, when I connected from Android:

2017-05-30 18:05:34.435 IPsec Client 12 (81.14.14.14:500 -> 0.0.0.0:500): A new IPsec client is created.
2017-05-30 18:05:34.436 IPsec IKE Session (IKE SA) 12 (Client: 12) (81.14.14.14:500 -> 0.0.0.0:500):
A new IKE SA (Main Mode) is created. Initiator Cookie: 0xCA501C32F0E35745, Responder Cookie:
0x14CC4FBF1751130F, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm:
AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2017-05-30 18:05:34.541 IPsec Client 12 (81.14.14.14:4500 -> 0.0.0.0:4500):
The port number information of this client is updated.
2017-05-30 18:05:34.541 IPsec Client 12 (81.14.14.14:4500 -> 0.0.0.0:4500):
2017-05-30 18:05:34.541 IPsec IKE Session (IKE SA) 12 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
This IKE SA is established between the server and the client.
2017-05-30 18:05:35.562 IPsec IKE Session (IKE SA) 12 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
The client initiates a QuickMode negotiation.
2017-05-30 18:05:35.562 IPsec ESP Session (IPsec SA) 11 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x7467FC8F, DH Group: (null),
Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits,
Lifetime: 4294967295 Kbytes or 28800 seconds
2017-05-30 18:05:35.563 IPsec ESP Session (IPsec SA) 11 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x5D3346B, DH Group: (null),
Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits,
Lifetime: 4294967295 Kbytes or 28800 seconds
2017-05-30 18:05:35.570 IPsec ESP Session (IPsec SA) 11 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
This IPsec SA is established between the server and the client.
2017-05-30 18:05:36.431 IPsec Client 12 (81.14.14.14:4500 -> 0.0.0.0:4500):
The L2TP Server Module is started.
2017-05-30 18:05:36.504 L2TP PPP Session [81.14.14.14:1701]:
A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 81.14.14.14
(Hostname: "anonymous"), Port Number of PPP Client: 1701, IP Address of PPP Server: 0.0.0.0,
Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client", IPv4 TCP MSS
(Max Segment Size): 1314 bytes
2017-05-30 18:05:36.565 On the TCP Listener (Port 0), a Client (IP address 81.14.14.14,
Host name "14.14.14.81.runext.com", Port number 1701) has connected.
2017-05-30 18:05:36.565 For the client (IP address: 81.14.14.14, host name: "14.14.14.81.runext.com",
port number: 1701), connection "CID-17-53CAAC648B" has been created.
2017-05-30 18:05:36.566 SSL communication for connection "CID-17-53CAAC648B" has been started.
The encryption algorithm name is "(null)".
2017-05-30 18:05:36.570 [HUB "VPN1"] The connection "CID-17-53CAAC648B"
(IP address: 81.14.14.14, Host name: 142.140.94.81.runext.com, Port number: 1701,
Client name: "L2TP VPN Client", Version: 4.22, Build: 9634) is attempting to connect to the Virtual Hub.
The auth type provided is "External server authentication" and the user name is "vlad-pda".
2017-05-30 18:05:36.570 [HUB "VPN1"] Connection "CID-17-53CAAC648B":
Successfully authenticated as user "vlad-pda".
2017-05-30 18:05:36.571 [HUB "VPN1"] Connection "CID-17-53CAAC648B":
The new session "SID-VLAD-PDA-[L2TP]-16" has been created. (IP address: 81.14.14.14,
Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2017-05-30 18:05:36.571 [HUB "VPN1"] Session "SID-VLAD-PDA-[L2TP]-16":
The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes,
Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2017-05-30 18:05:36.573 [HUB "VPN1"] Session "SID-VLAD-PDA-[L2TP]-16": VPN Client details:
(Client product name: "L2TP VPN Client", Client version: 422, Client build number: 9634,
Server product name: "SoftEther VPN Server (32 bit)", Server version: 422, Server build number: 9634,
Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-",
Client host name: "anonymous", Client IP address: "81.14.14.14", Client port number: 1701,
Server host name: "0.0.0.0", Server IP address: "0.0.0.0", Server port number: 1701,
Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN1",
Client unique ID: "592FA8654D14724F5B47B1C10EC70F4A")
2017-05-30 18:06:33.449 L2TP PPP Session [81.14.14.14:1701]:
The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2017-05-30 18:06:33.450 L2TP PPP Session [81.14.14.14:1701]:
A PPP protocol error occurred, or the PPP session has been disconnected.
2017-05-30 18:06:33.493 [HUB "VPN1"] Session "SID-VLAD-PDA-[L2TP]-16":
The session has been terminated. The statistical information is as follows:
Total outgoing data size: 53646 bytes, Total incoming data size: 0 bytes.
2017-05-30 18:06:33.518 Connection "CID-17-53CAAC648B" terminated by the cause
"The VPN session has been deleted. It is possible that either the administrator disconnected
the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2017-05-30 18:06:33.518 Connection "CID-17-53CAAC648B" has been terminated.
2017-05-30 18:06:33.518 The connection with the client (IP address 81.14.14.14, Port number 1701)
has been disconnected.
2017-05-30 18:09:04.297 IPsec Client 12 (81.14.14.14:4500 -> 0.0.0.0:4500): This IPsec Client is deleted.
2017-05-30 18:09:04.297 IPsec IKE Session (IKE SA) 12 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
This IKE SA is deleted.
2017-05-30 18:09:04.297 IPsec ESP Session (IPsec SA) 11 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
This IPsec SA is deleted.
2017-05-30 18:09:04.297 IPsec ESP Session (IPsec SA) 11 (Client: 12) (81.14.14.14:4500 -> 0.0.0.0:4500):
This IPsec SA is deleted.

But on successfull connect with Windows client after line which contains "VPN Client details: " I see line
2017-05-28 21:02:05.332 L2TP PPP Session [19.25.68.122:1701]:
Trying to request an IP address from the DHCP server.
But in case of Android connection server never made attempt to request IP address for client. Why?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: L2TP/IPSec PSK

Post by thisjun » Thu Jun 08, 2017 7:48 am

Android 4.0.4 has bug.
Please try another version Android.

kaundere
Posts: 14
Joined: Wed Oct 28, 2015 11:52 pm

Re: L2TP/IPSec PSK

Post by kaundere » Mon Aug 14, 2017 3:53 pm

I have found the cause of the problem and it was that the Ports were NOT forwarded from the IPS.

Post Reply