Closed smoebody closed 5 years ago
@smoebody Hello! There is no need to open UDP port 1701. If you followed the instructions to enable Libreswan logs in the README, and there is no new log after connecting your VPN client(s), then traffic did not reach your VPN server.
Are you using a Raspberry Pi? If so, it is recommended to reserve a static IP for it in your router’s DHCP configuration, so that it does not change on reboot. Some ISPs use carrier-grade NAT for which it is not possible to connect to your IP from the Internet (hence this use case does not work).
Let us know if you are able to troubleshoot further.
@hwdsl2 no I have a docker-host with several containers providing nextcloud, blogs, dnsmasq, ... stuff like this. It has a static IP and all other portforwardings are working. could it be a client-problem? I use fedora 29. Do you know any commandline tool suitable for testing connection to a server?
@smoebody For the VPN you may test connection to your server’s UDP port 500, using nc
perhaps.
@smoebody I tested using Docker on Ubuntu 18.04/16.04 and the VPN works just fine. I think it is a client problem rather than an issue with the VPN server. Fedora Linux is known to have some bugs related to network manager and l2tp (search the web for more info). You may use VPN clients on other OS to test the server if needed. Some additional troubleshooting info can be found in [1].
[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#troubleshooting
Just to clarify, what was the problem:
in my /etc/hosts
on the client was a line
127.0.0.1 localhost.localdomain localhost test.localhost
this leaded to an error in libunbound:
libunbound[19476:0] error: local-data in redirect zone must reside at top of zone, not at test.localhost A 127.0.0.1
I changed the /etc/hosts
-line to
127.0.0.1 localhost.localdomain localhost test.localdomain
and it worked.
The test.localhost
entry was made by myself for proper name-resolution on a test-project.
Hi. thanks for your effort to build this image. Very much appreciated.
However i struggle making it work though. I followed your documentation on creating the server. The output is
I configured port-forwarding for UDP ports 500 and 4500, even 1701 although you didn't mentioned it.
I setup the client with ipsec IKEv1/xauth and L2TP on Linux and Android.
I tried connectivity from linux to server with netcat (nc -u -l 500 / nc -u 500) and it worked
I am out of ideas. There seems to be nothing logged in the container. I followed your instructions to install rsyslogd and it logs pluto-logs - but nothing else comes when i try to connect.
My Docker-host is Ubuntu 18.04