Hi,
I have a fully functional Softether VPN install on an Ubuntu 17.10 (physical machine)
I created a new installation on a virtual Debian 9.4 and configured the same as the other.
For some reason I can't connect with my Android phone to the new one from the internet while I could to the old one. I set the VM as DMZ in the router.
It seems the client can connect to the VPN server but then it reconnects. On the working one the client creates a connection through UDP 500 after that on UDP 4500. On the non-working the client does connect through 500 but not through 4500. The VM is DMZ so all the ports are redirected.
Log from the WORKING installation:
2018-05-23 18:10:55.792 IPsec Client 1 (176.77.143.112:2586 -> 192.168.0.2:500): A new IPsec client is created.
2018-05-23 18:10:55.792 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2586 -> 192.168.0.2:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x4BD2CBBB50199C17, Responder Cookie: 0x9B6A2BEA55DD418F, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:10:55.905 IPsec Client 1 (176.77.143.112:2564 -> 192.168.0.2:4500): The port number information of this client is updated.
2018-05-23 18:10:55.905 IPsec Client 1 (176.77.143.112:2564 -> 192.168.0.2:4500):
2018-05-23 18:10:55.905 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): This IKE SA is established between the server and the client.
2018-05-23 18:10:56.966 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): The client initiates a QuickMode negotiation.
2018-05-23 18:10:56.966 IPsec ESP Session (IPsec SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xB3E8C377, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:10:56.966 IPsec ESP Session (IPsec SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x85AA2B9, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:10:57.007 IPsec ESP Session (IPsec SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): This IPsec SA is established between the server and the client.
...
Log from the not working:
2018-05-23 18:53:15.127 IPsec Client 1 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:15.127 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0x9AA4EF953E217A9C, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:18.130 IPsec Client 2 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:18.130 IPsec IKE Session (IKE SA) 2 (Client: 2) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0xACF302996ADE2CC5, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:21.149 IPsec Client 3 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:21.149 IPsec IKE Session (IKE SA) 3 (Client: 3) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0xFBD4468EA3EFCB43, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:24.151 IPsec Client 4 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:24.151 IPsec IKE Session (IKE SA) 4 (Client: 4) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0xAE5F10511856DB16, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:25.130 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2562 -> 0.0.0.0:500): This IKE SA is deleted.
2018-05-23 18:53:25.130 IPsec Client 1 (176.77.143.112:2562 -> 0.0.0.0:500): This IPsec Client is deleted.
...
L2TP reconnect
-
- Posts: 10
- Joined: Tue Sep 12, 2017 10:28 am
L2TP reconnect
Last edited by kovacsadam07 on Wed Nov 28, 2018 3:01 pm, edited 1 time in total.
-
- Posts: 10
- Joined: Tue Sep 12, 2017 10:28 am
Re: L2TP reconnect
I found it. On the new server I use never version (9657 instead of 9652). In this there is a string ListenIP in the config. If I leave it on 0.0.0.0 it does not work but if I set it to a specific address it works.
-
- Posts: 1
- Joined: Tue Nov 27, 2018 12:20 pm
Re: L2TP reconnect
I am trying to find the ListenIP setting. If I look in the vpn_server.config (Ver 4.28, Build 9669, beta) I don't see it. If I stop the vpnserver then add it like this:
declare ServerConfiguration
{
string ListenIP 10.0.2.251
bool AcceptOnlyTls true
....
When I start the vpn server again it hasn't worked, and if I view the vpn_server.config again the ListenIP line I added has been removed.
How do I set ListenIP?
declare ServerConfiguration
{
string ListenIP 10.0.2.251
bool AcceptOnlyTls true
....
When I start the vpn server again it hasn't worked, and if I view the vpn_server.config again the ListenIP line I added has been removed.
How do I set ListenIP?
-
- Posts: 10
- Joined: Tue Sep 12, 2017 10:28 am
Re: L2TP reconnect
The keys are in alphabetic order. Try find it instead of manually adding to the ServerConfiguration section.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: L2TP reconnect
For martinindevon.
The ListenIP feature is only in GitHub version.
The ListenIP feature is only in GitHub version.
-
- Posts: 10
- Joined: Tue Feb 02, 2021 7:29 am
Re: L2TP reconnect
It doesn't seem to exist in the SoftetherVPNsoftetherStable
https://github.com/SoftEtherVPN/SoftEtherVPN_Stable
Thisone seems to have it: https://github.com/SoftEtherVPN/SoftEth ... q=listenip