Using Openswan with xl2tp on archlinux (4.20) to connect to a vpn, I can create the tunnel and the ppp interface is created howerver it gets the wrong ip address:
enp4s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.0.10/24 brd 192.168.0.255 scope global enp4s0
ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet 192.168.0.10 peer 172.16.210.254/32 scope global ppp0
The ppp gets a local (client) ip address and not one provided by the vpn, so I can ping 172.16.210.254 but not any other address in the vpn.
These 2 errors I found in journalctl seem weird but I haven't found a reason for them online:
pppd[2485]: not replacing existing default route via 192.168.0.1
pppd[2485]: Cannot determine ethernet address for proxy ARP
and
connmand[593]: Inconsistent IP pool management (start not found)
Here is the result of route -n
:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp4s0
1.1.1.1 192.168.0.1 255.255.255.255 UGH 0 0 0 enp4s0
8.8.8.8 192.168.0.1 255.255.255.255 UGH 0 0 0 enp4s0
172.16.0.0 172.16.210.254 255.240.0.0 UG 0 0 0 ppp0
172.16.210.254 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp4s0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 enp4s0
I have tested the same exact configuration on a VM with debian 8 and it works.
Here is my configuration:
xl2tpd.conf
:
[lac vpn]
lns = x.x.x.x # VPN public ip
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
ppp options.l2tp
:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name *****
password *****
ipsec.conf
:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24
nat_traversal=yes
protostack=netkey
oe=off
plutoopts="--interface=enp4s0"
conn L2TP
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=192.168.0.10
leftnexthop=%defaultroute
leftprotoport=17/1701
right=x.x.x.x # VPN public IP
rightprotoport=17/1701