Open adamgajzlerowicz opened 4 years ago
I am also getting this error. What does it mean?
After days of struggle I ended up installing gnome which contains NetworkManager and nmcli.
I used gnome to configure the connection. I also needed to tweak the connectoin file in /etc/NetworkManager/system-connections/xxx
to store password.
After that I was able to use terminal to start and stop vpn connction with nmcli c up xxx
I don't know what Adam did, but it appears that he setup an XL2TP server rather than a client at the beginning.
This is still an issue for me, I keep getting this error and I dont know what it means or how to debug it. Should I open another issue or post to the mailing list?
031 "foo": cannot initiate connection with ID wildcards (kind=CK_TEMPLATE)
Any updates?
Hello there.
Sorry for the necrobump. I have stumble upon a similar problem and here is what made it work for me. Hopefully it can be of some use to someone else. I am using Arch Linux, with openswan 3.0.0 This is based on this article.
For the VPN, I am given:
Regarding the wildcard ID, here is what I think makes it work: in the /etc/ipsec.conf
, one needs to specificy the rightid
such that righit = <vpn server private ip address on the local network>
Also, this might not be necessary, but unlike original poster, I used ipsec auto --up L2TP-PSK
.
Here are the config files for reference and the overall procedure I followed for further reference:
config setup
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
nat_traversal=yes
protostack=netkey # default is auto, which will try netkey first
plutoopts="--interface=eth0" # Replace eth0 with your network interface. Using %defaultroute did not work for me.
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute # Replace with your local IP address (private, behind NAT IP is okay as well)
leftprotoport=17/1701
right=
- /etc/ipsec.secrets
0.0.0.0
- /etc/xl2tpd/xl2tpd.conf
[lac my-vpn]
; set this to the ip address of your vpn server
lns =
- /etc/ppp/options.xl2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
logfile /var/log/xl2tpd.log
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name
- start or restart the required services (restart is important in case any change happened to the config files above)
systemctl start openswan && systemctl start xl2tpd ipsec auto --up L2TP-PSK # This ipsec usage depend on which version: Openswan 3.0.0 in this case.
- Connect to the vpn using
echo "c my-vpn" > /var/run/xl2tpd/l2tpd-control
- At this point, calling `ip a` or `ifconfig` should show a new interface `ppp0` forthe VPN tunnel. Also note the IP address of this interface, which we denote XXX.XXX.XXX.XXX which will be used later for routing.
- We can further make sure of the tunnel working by pinging the `rightid` address that was passed in the /etc/ipsec.conf file. There should be no response in case one tries to ping any other address on the local network the VPN leads to.
- Add routing of queries to the subnet on the other side of the VPN to pass through the tunnel:
ip route add XXX.XXX.XXX.XXX via YYY.YYY.YYY.YYY
- Disconnecting the VPN and shutting down the related services
echo "d my-vpn" > /var/run/xl2tpd/l2tpd-control systemctl xl2tpd; systemctl openswan
Best regards.
I spent several days now trying to connect to a vpn server. I am running openswan
2.6.51.5-1
on arch linux. I followed arch linux documentation and tried various resources on the internet.I don't understand what this error means.
Apr 18 12:56:16 archtop pluto[85545]: "foo": cannot initiate connection with ID wildcards (kind=CK_TEMPLATE)
my
ipsec.conf
isipsec.secrets
xl2tpd.conf
options.l2tpd.client
I then run this command to initiate the connection
Which returns
Any help will be appreciated. Thank you.