All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Got a problem with L2TP VPN on BuyVM OpenVZ VPS
I am using the installer script to auto-install the L2TP on centos 6 VPS. It was working last year in BuyVM, but it doesn't work now. During the installation, I don't see other errors except the "ipsec verify". I did google search, not find any luck. When I restart the ipsec service, it shows "multiple ip addresses, using 127.0.0.1 on venet0", is this the problem? Thanks for any advice.
ipsec verify
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.41/K2.6.32-openvz-042stab090.5-amd64 (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/all/rp_filter [ENABLED]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [IP XFRM BROKEN]
Checking 'iptables' command [OK]ipsec verify: encountered errors
the message after restart the ipsec
Jul 14 00:38:46 lv01 ipsec_setup: ...Openswan IPsec stopped
Jul 14 00:38:46 lv01 ipsec_setup: Starting Openswan IPsec U2.6.41/K2.6.32-openvz-042stab090.5-amd64...
Jul 14 00:38:46 lv01 ipsec_setup: Using NETKEY(XFRM) stack
Jul 14 00:38:47 lv01 ipsec_setup: multiple ip addresses, using 127.0.0.1 on venet0
Jul 14 00:38:47 lv01 ipsec_setup: ...Openswan IPsec started
Jul 14 00:38:47 lv01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jul 14 00:38:47 lv01 pluto: adjusting ipsec.d to /etc/ipsec.d
Jul 14 00:38:47 lv01 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Jul 14 00:38:47 lv01 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
Jul 14 00:38:53 lv01 kernel: [1665490.842215] netlink: 220 bytes leftover after parsing attributes.
the message when connect the VPN from iphone
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [RFC 3947] method set to=115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Jul 14 00:38:52 lv01 pluto[7273]: packet from iphone_ip:500: received Vendor ID payload [Dead Peer Detection]
Jul 14 00:38:52 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: responding to Main Mode from unknown peer iphone_ip
Jul 14 00:38:52 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 14 00:38:52 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.7'
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[1] iphone_ip #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: deleting connection "L2TP-PSK-NAT" instance with peer iphone_ip {isakmp=#0/ipsec=#0}
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: new NAT mapping for #1, was iphone_ip:500, now iphone_ip:4500
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: the peer proposed: server_ip/32:17/1701 -> 192.168.1.7/32:17/0
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: ERROR: netlink_get_spi for esp.0@server_ip failed with errno 22: Invalid argument
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: responding to Quick Mode proposal {msgid:26bbbd32}
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: us: server_ip:17/1701
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: them: iphone_ip[192.168.1.7]:17/49387===192.168.1.7/32
Jul 14 00:38:53 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: ERROR: netlink response for Add SA esp.595a1a3@iphone_ip included errno 22: Invalid argument
Jul 14 00:38:53 lv01 pluto[7273]: | setup_half_ipsec_sa() hit fail:
Jul 14 00:38:53 lv01 pluto[7273]: | failed to install outgoing SA: 0
Jul 14 00:38:57 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 14 00:39:00 lv01 pluto[7273]: "L2TP-PSK-NAT"[2] iphone_ip #2: discarding duplicate packet; already STATE_QUICK_R0
^C
Comments
Does l2tp works on openvz? I would suggest softether
Contact BuyVM support?
Works fine if you configure it.
Sounds like the best idea
Are you doing raw IPSEC? Are you using xl2tpd at all? There was a version of xl2tpd that didn't work that I know shipped in some builds of Ubuntu.
As 0xdragon said, log a ticket and we can help you out. We'll need permission to access your VPS so be sure to provide us that if you can.
Francisco
Thanks for all your comments. I am surprise so many replies and views in such short time, better than asking in serverfault :lol. I will submit a ticket.