Ok I’ve been trying this for 2 days now and not getting anywhere. I’ve tried l2tp, pptp, and openvpn. I just can’t seem to get them to work. I’ve now gone back to l2tp and my windows 8.1 comes back with a error of 789 . When I look at the /var/logs/messages I see
Oct 31 15:55:25 bryrouter xl2tpd[6559]: death_handler: Fatal signal 15 received
Oct 31 15:55:26 bryrouter xl2tpd[7968]: setsockopt recvref[22]: Protocol not available
You should provide the standard that you would like to the encryption proposals (aes128, aes256 or 3des), and the hashing function preferred (md5, sha1, sha256, sha384 and the newest sha512).
You should use what you would like as the encryption standard, now VyOS
And I forgot the firewall rules for the incoming traffic that allow IPSEC VPN connections:
rule 4000 {
action accept
description "Internet Key Exchange (IKE) for incoming VPNs connections"
destination {
port 500
}
protocol udp
}
rule 4010 {
action accept
description "NAT Traversal for incoming VPN connections"
destination {
port 4500
}
protocol udp
}
rule 4020 {
action accept
description "IPSEC for incoming VPN connections"
destination {
port 1701
}
ipsec {
match-ipsec
}
protocol udp
}
rule 4030 {
action accept
description "Incoming ESP Protocol for VPN connections"
protocol esp
state {
established enable
new enable
related enable
}
Obviously, use your own rule numbers… Hope this helps…
I got it working! I have a firewall rule set named FROM-EXTERNAL and that’s where I was putting all the rules. I forgot I had a rule set name TO-ROUTER which is really where the rules need to be!
I also noticed that my original pre-shared-key had the symbols of @ and ^ in it. If you don’t put quotes around keys with those symbols it seems to want to do some sort of linux command?
Do you have any remote users on Windows 7 or 8, connecting over l2tp from typical home systems, where their home workstation ip address is natted to a public ip address, and where they can remain connected for more than about two hours? I seem to be hitting a problem with key lifetime, where the Windows machine cannot re-key.
The connection works fine for two hours, then drops.