Hi, I'm trying to connect my FreeBsd 12.2 workstation to an IPSec/L2tp VPN serverd by a Mikrotik router, the IPsec part apparently is working, but I cannot make mpd5 to assign an IP to the generated ng0 interface.
Note: I replaced the real external IP with
That looks good to me.
Now let's see the /usr/local/etc/mpd5/mpd.conf file:
Now, when I run
If instead of running
Please help me!
ipsec status all
Code:
Status of IKE charon daemon (strongSwan 5.9.1, FreeBSD 12.2-RELEASE-p1, amd64):
uptime: 67 minutes, since Feb 02 06:54:01 2021
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 7
loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac drbg curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock counters
Listening IP addresses:
192.168.100.111
192.168.1.101
192.168.100.203
192.168.100.200
Connections:
cemet: %any...<EXTERNAL IP> IKEv1
cemet: local: uses pre-shared key authentication
cemet: remote: [192.168.10.2] uses pre-shared key authentication
cemet: child: dynamic[udp/l2f] === dynamic[udp/l2f] TRANSPORT
Security Associations (1 up, 0 connecting):
cemet[4]: ESTABLISHED 34 minutes ago, 192.168.100.111[192.168.100.111]...<EXTERNAL IP>[192.168.10.2]
cemet[4]: IKEv1 SPIs: 0626d29e027d79f6_i* 951abc3e26950480_r, pre-shared key reauthentication in 22 minutes
cemet[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
cemet{7}: REKEYED, TRANSPORT, reqid 1, expires in 20 seconds
cemet{7}: 192.168.100.111/32[udp/l2f] === <EXTERNAL IP>/32[udp/l2f]
cemet{8}: INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: c68f402f_i 0e5a2f8a_o
cemet{8}: AES_CBC_128/HMAC_SHA1_96/MODP_1024, 0 bytes_i, 0 bytes_o (0 pkts, 2081s ago), rekeying in 9 minutes
cemet{8}: 192.168.100.111/32[udp/l2f] === <EXTERNAL IP>/32[udp/l2f]
Note: I replaced the real external IP with
<EXTERNAL IP>
.That looks good to me.
Now let's see the /usr/local/etc/mpd5/mpd.conf file:
Code:
startup:
log +ALL +EVENTS -FRAME -ECHO
default:
load vpnconn
vpnconn:
create bundle static B1
create link static L1 l2tp
set link action bundle B1
set auth authname "<USER>"
set auth password "<PASSWORD>"
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set l2tp peer <EXTERNAL IP>
open
Now, when I run
sudo mpd5 vpnconn
y get this:
Code:
Multi-link PPP daemon for FreeBSD
process 47365 started, version 5.9
EVENT: Registering event EVENT_READ MsgEvent() at msg.c:77
EVENT: Registering event EVENT_READ MsgEvent() done at msg.c:77
[B1] Bundle: Interface ng0 created
EVENT: Message 1 to LinkMsg() sent
[L1] EVENT: Processing event EVENT_TIMEOUT ConfigRead() done
EVENT: Processing event EVENT_READ MsgEvent()
EVENT: Message 1 to LinkMsg() received
[L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
EVENT: Message 1 to PhysMsg() sent
EVENT: Message 1 to LinkMsg() processed
EVENT: Message 1 to PhysMsg() received
[L1] device: OPEN event
L2TP: ppp_l2tp_ctrl_create invoked
L2TP: Initiating control connection 0x800cea310 0.0.0.0 0 <-> <EXTERNAL IP> 1701
L2TP: Control connection 0x800cea310 192.168.100.111 43847 <-> <EXTERNAL IP> 1701 initiated
L2TP: ppp_l2tp_ctrl_initiate invoked
L2TP: XMIT [MESSAGE_TYPE SCCRQ] [HOST_NAME "ws1.local.domain"] [VENDOR_NAME "FreeBSD MPD"] [BEARER_CAPABILITIES digital=1 analog=1] [RECEIVE_WINDOW_SIZE 8] [PROTOCOL_VERSION 1.0] [FRAMING_CAPABILITIES sync=1 async=1] [ASSIGNED_TUNNEL_ID 0x6156]
EVENT: Message 1 to PhysMsg() processed
EVENT: Processing event EVENT_READ MsgEvent() done
EVENT: Processing event EVENT_READ MsgEvent()
EVENT: Processing event EVENT_READ MsgEvent() done
L2TP: RECV [MESSAGE_TYPE SCCRP] [PROTOCOL_VERSION 1.0] [FRAMING_CAPABILITIES sync=1 async=0] [BEARER_CAPABILITIES digital=0 analog=0] [FIRMWARE_REVISION 0x0001] [HOST_NAME "CT-RTH-MTK-01"] [VENDOR_NAME "MikroTik"] [ASSIGNED_TUNNEL_ID 0x0040] [RECEIVE_WINDOW_SIZE 4]
L2TP: rec'd SCCRP in state wait-ctl-reply
L2TP: connected to "CT-RTH-MTK-01", version=1.0
L2TP: XMIT [MESSAGE_TYPE SCCCN] [HOST_NAME "ws1.local.domain"] [VENDOR_NAME "FreeBSD MPD"] [BEARER_CAPABILITIES digital=1 analog=1] [RECEIVE_WINDOW_SIZE 8] [PROTOCOL_VERSION 1.0] [FRAMING_CAPABILITIES sync=1 async=1] [ASSIGNED_TUNNEL_ID 0x6156]
L2TP: Control connection 0x800cea310 192.168.100.111 43847 <-> <EXTERNAL IP> 1701 connected
L2TP: ppp_l2tp_initiate invoked, ctrl=0x800cea310 out=0
L2TP: created new session #1030000 id 0x2616 orig=local side=LAC state=wait-cs-reply
L2TP: XMIT [MESSAGE_TYPE ICRQ] [ASSIGNED_SESSION_ID 0x2616] [CALL_SERIAL_NUMBER 1030000]
[L1] L2TP: Incoming call #1030000 via control connection 0x800cea310 initiated
L2TP: ppp_l2tp_connected invoked, sess=0x800d040d0
L2TP: RECV(0x1626) [MESSAGE_TYPE ICRP] [ASSIGNED_SESSION_ID 0x0001]
L2TP: rec'd ICRP in state wait-cs-reply
L2TP: XMIT(0x0001) [MESSAGE_TYPE ICCN] [TX_CONNECT_SPEED 10000000] [FRAMING_TYPE sync=1 async=0]
[L1] L2TP: Call #1030000 connected
[L1] device: UP event
[L1] Link: UP event
[L1] Link: origination is local
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: phase shift DEAD --> ESTABLISH
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] MRU 1500
[L1] MAGICNUM 0x147df29d
EVENT: Starting timer "LCP" FsmTimeout() for 2000 ms at fsm.c:426
EVENT: Registering event EVENT_TIMEOUT TimerExpires() at timer.c:50
EVENT: Registering event EVENT_TIMEOUT TimerExpires() done at timer.c:50
L2TP: RECV(0x1626) [MESSAGE_TYPE CDN] [RESULT_CODE result=1 error=0 errmsg=""] [ASSIGNED_SESSION_ID 0x0001]
L2TP: rec'd CDN in state established
[L1] L2TP: call #1030000 terminated: result=1 error=0 errmsg=""
[L1] device: DOWN event
[L1] Link: DOWN event
...
If instead of running
mpd5
directly I call with service mpd5 onestart
and do an ifconfig
I can see the ng0 interface without an assigned IP:
Code:
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Please help me!