The requirements were:

• Ubuntu 8.04(.1), kernel 2.6.24-19
• Build an ipsec/l2tp connection
• Astaro Firewall as remote gateway

Software needed for kvpnc:

• xl2tp
• racoon
• ipsec-tools

Except for some odds and ends it is straightforward to install it:

kvpnsc claims that it cannot read the store key (psk) in resp. cannot read the file resp. access rights are weack

• make sure the file exists
• make sure it is readable for root
• restrict rights to read the file to root: chmod ga-r psk.xxx.key

racoon complains the the port is already in use
[racoon err] ERROR: failed to bind to address 192.168.178.20[500] (Address already in use)

• For some reasons kvpnc crashes sometimes, restart or kill hanging processes
• or there ist another ipec daemon running

xl2tp complains
[l2tpd] xl2tpd[8188]: open_controlfd: Unable to open /var/run/xl2tpd/l2tp-control for reading

• simply create the directory xl2tpd, make sure it cannot be removed anymore
• ubuntu erases this file system everytime it shuts down, so you have to create it each time
• this bug is known and probably already fixed according to this thread, but there is no new version available for ubuntu so far.

kvpnc shuts connection down because it can’t ping the gateway anymore
Some Gateways/Firewalls react with timeouts to multiple pings or multiple connections from one ip.

• Simply turn off the keep alive mechanism in the kvpnc setup

kvpnc cannot setup routes properly
Unfortunately I was not ables to set up kvpnc to set my additional routes properly.
There are to possibilities: additional routes, commands to start after the connection is established
I had to set my routes manually using rouote add …

Bokkmark this Entry