I am struggling to connect and, more importantly, route traffic from an Ubuntu server (this means that Network-Manager and any GUI tools are out of the question) to an L2TP-IPSec VPN server running on another Ubuntu machine in a completely different network.
The VPN server is set up in this docker container and works well: I can easily connect to it from my Ubuntu desktop laptop with almost no additional config.
After reading through many articles, which all seemed to be missing something, I managed to get halfway to a result, basing my approach on this other docker container. The only difference being is that I took all the config files out of the container and ran everything directly on the host.
# ipsec status
Security Associations (1 up, 0 connecting):
L2TP-PSK[1]: ESTABLISHED 3 minutes ago, 192.168.234.5[192.168.234.5]...VPN-SERVER-IP[VPN-SERVER-IP]
L2TP-PSK{1}: INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: c36b6571_i ee9aeaf1_o
L2TP-PSK{1}: 192.168.234.5/32[udp/l2f] === VPN-SERVER-IP/32[udp/l2f]
So far so good.
After running the next pair of commands
(sleep 3 && echo "c strong-vpn" > /var/run/xl2tpd/l2tp-control) &
/usr/sbin/xl2tpd -p /var/run/xl2tpd.pid -c /etc/xl2tpd/xl2tpd.conf -C /var/run/xl2tpd/l2tp-control -D
I get the following output
xl2tpd[17164]: Not looking for kernel SAref support.
xl2tpd[17164]: Using l2tp kernel support.
xl2tpd[17164]: xl2tpd version xl2tpd-1.3.10 started on mn-hdap05 PID:17164
xl2tpd[17164]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17164]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17164]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17164]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[17164]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[17164]: Connecting to host VPN-SERVER-IP, port 1701
xl2tpd[17164]: Connection established to VPN-SERVER-IP, 1701. Local: 21439, Remote: 14830 (ref=0/0).
xl2tpd[17164]: Calling on tunnel 21439
xl2tpd[17164]: Call established with VPN-SERVER-IP, Local: 21474, Remote: 10460, Serial: 1 (ref=0/0)
xl2tpd[17164]: start_pppd: I'm running:
xl2tpd[17164]: "/usr/sbin/pppd"
xl2tpd[17164]: "plugin"
xl2tpd[17164]: "pppol2tp.so"
xl2tpd[17164]: "pppol2tp"
xl2tpd[17164]: "7"
xl2tpd[17164]: "passive"
xl2tpd[17164]: "nodetach"
xl2tpd[17164]: ":"
xl2tpd[17164]: "debug"
xl2tpd[17164]: "file"
xl2tpd[17164]: "/etc/ppp/options.l2tpd.client"
Also, a new network interface, ppp0 appears. The routing table also gets some changes, from being initially this
0.0.0.0 192.168.234.1 0.0.0.0 UG 0 0 0 bond0
192.168.234.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
to this
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
VPN-SERVER-IP 192.168.234.1 255.255.255.255 UGH 0 0 0 bond0
192.168.42.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.234.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
By comparison, on my laptop, when I connect to the same VPN, the routing table changes like so:
BEFORE
0.0.0.0 172.22.44.1 0.0.0.0 UG 600 0 0 wlp59s0
172.22.44.0 0.0.0.0 255.255.252.0 U 600 0 0 wlp59s0
AFTER
0.0.0.0 0.0.0.0 0.0.0.0 U 50 0 0 ppp0
0.0.0.0 172.22.44.1 0.0.0.0 UG 600 0 0 wlp59s0
VPN-SERVER-IP 172.22.44.1 255.255.255.255 UGH 600 0 0 wlp59s0
172.22.44.0 0.0.0.0 255.255.252.0 U 600 0 0 wlp59s0
172.22.44.1 0.0.0.0 255.255.255.255 UH 600 0 0 wlp59s0
192.168.42.1 0.0.0.0 255.255.255.255 UH 50 0 0 ppp0
I somehow suspect, that my problem is indeed related to the routing tables, but trying to manually replicate the structure of the routing table on my laptop on the server did not help. If on my laptop a curl ifconfig.me returns VPN-SERVER-IP, on the server I normally cannot reach any host at all. The best I can do, is to ping or curl the IP 192.168.42.1 and get an expected result, confirming, that I am at least connected to my VPN server, however my general outgoing internet traffic is certainly not going through it. What could be the problem?
