L2TP reconnect

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
kovacsadam07
Posts: 10
Joined: Tue Sep 12, 2017 10:28 am

L2TP reconnect

Post by kovacsadam07 » Wed May 23, 2018 5:07 pm

Hi,

I have a fully functional Softether VPN install on an Ubuntu 17.10 (physical machine)
I created a new installation on a virtual Debian 9.4 and configured the same as the other.
For some reason I can't connect with my Android phone to the new one from the internet while I could to the old one. I set the VM as DMZ in the router.
It seems the client can connect to the VPN server but then it reconnects. On the working one the client creates a connection through UDP 500 after that on UDP 4500. On the non-working the client does connect through 500 but not through 4500. The VM is DMZ so all the ports are redirected.

Log from the WORKING installation:
2018-05-23 18:10:55.792 IPsec Client 1 (176.77.143.112:2586 -> 192.168.0.2:500): A new IPsec client is created.
2018-05-23 18:10:55.792 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2586 -> 192.168.0.2:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x4BD2CBBB50199C17, Responder Cookie: 0x9B6A2BEA55DD418F, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:10:55.905 IPsec Client 1 (176.77.143.112:2564 -> 192.168.0.2:4500): The port number information of this client is updated.
2018-05-23 18:10:55.905 IPsec Client 1 (176.77.143.112:2564 -> 192.168.0.2:4500):
2018-05-23 18:10:55.905 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): This IKE SA is established between the server and the client.
2018-05-23 18:10:56.966 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): The client initiates a QuickMode negotiation.
2018-05-23 18:10:56.966 IPsec ESP Session (IPsec SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xB3E8C377, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:10:56.966 IPsec ESP Session (IPsec SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x85AA2B9, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:10:57.007 IPsec ESP Session (IPsec SA) 1 (Client: 1) (176.77.143.112:2564 -> 192.168.0.2:4500): This IPsec SA is established between the server and the client.
...

Log from the not working:
2018-05-23 18:53:15.127 IPsec Client 1 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:15.127 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0x9AA4EF953E217A9C, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:18.130 IPsec Client 2 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:18.130 IPsec IKE Session (IKE SA) 2 (Client: 2) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0xACF302996ADE2CC5, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:21.149 IPsec Client 3 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:21.149 IPsec IKE Session (IKE SA) 3 (Client: 3) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0xFBD4468EA3EFCB43, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:24.151 IPsec Client 4 (176.77.143.112:2562 -> 0.0.0.0:500): A new IPsec client is created.
2018-05-23 18:53:24.151 IPsec IKE Session (IKE SA) 4 (Client: 4) (176.77.143.112:2562 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD6858B5DB5237991, Responder Cookie: 0xAE5F10511856DB16, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-05-23 18:53:25.130 IPsec IKE Session (IKE SA) 1 (Client: 1) (176.77.143.112:2562 -> 0.0.0.0:500): This IKE SA is deleted.
2018-05-23 18:53:25.130 IPsec Client 1 (176.77.143.112:2562 -> 0.0.0.0:500): This IPsec Client is deleted.
...
Last edited by kovacsadam07 on Wed Nov 28, 2018 3:01 pm, edited 1 time in total.

kovacsadam07
Posts: 10
Joined: Tue Sep 12, 2017 10:28 am

Re: L2TP reconnect

Post by kovacsadam07 » Wed May 23, 2018 7:32 pm

I found it. On the new server I use never version (9657 instead of 9652). In this there is a string ListenIP in the config. If I leave it on 0.0.0.0 it does not work but if I set it to a specific address it works.

martinindevon
Posts: 1
Joined: Tue Nov 27, 2018 12:20 pm

Re: L2TP reconnect

Post by martinindevon » Wed Nov 28, 2018 11:30 am

I am trying to find the ListenIP setting. If I look in the vpn_server.config (Ver 4.28, Build 9669, beta) I don't see it. If I stop the vpnserver then add it like this:

declare ServerConfiguration
{
string ListenIP 10.0.2.251
bool AcceptOnlyTls true
....

When I start the vpn server again it hasn't worked, and if I view the vpn_server.config again the ListenIP line I added has been removed.

How do I set ListenIP?

kovacsadam07
Posts: 10
Joined: Tue Sep 12, 2017 10:28 am

Re: L2TP reconnect

Post by kovacsadam07 » Wed Nov 28, 2018 1:14 pm

The keys are in alphabetic order. Try find it instead of manually adding to the ServerConfiguration section.

Post Reply