Manual IPSec / L2TP setup

[cnfer]

Hi,

I am trying to get my EdgeRouter Lite to connect to my SoftEther VPN

I can not, however, figure out the settings I need to manually set up an IPSec / L2TP tunnel... The IPSec part seems to work fine, but I do not know how to set up the l2tp tunnel over it. what IP to I connect to with the l2tp? what port? what tunnel_id etc?

Any help would be appreciated!

[cnfer]

Is there no one that has any hints on this? I can't figure out how to get it to work.

[thisjun]

L2TP/IPSec is not separated.
Your client should support L2TP/IPSec instead of pure IPSec.

[cnfer]

thisjun wrote:
> L2TP/IPSec is not separated.
> Your client should support L2TP/IPSec instead of pure IPSec.

They are two separate protocols, as such they each need a configuration. Most places you are used to might have a nice UI to do it for you, but in the end they are two different parts

It is the getting them to work together part I do not know how to do. My client doesn't have this nice UI to do it for me.

So if anyone could help me with the l2tp configuration, that would be appreciated.

[thisjun]

I read a EdgeRouter manual.
It seems EdgeRouter can't be L2TP VPN initiator.
I think EdgeRouter can use OpenVPN. Please try.

[cnfer]

thisjun wrote:
> I read a EdgeRouter manual.
> It seems EdgeRouter can't be L2TP VPN initiator.
> I think EdgeRouter can use OpenVPN. Please try.

Openvpn is NOT accelerated, which means speeds are abismal.

I just need to know what settings soft ether expects for the l2tp part...

[thisjun]

SoftEther VPN server can't be a L2TP client.
These can't connect each other with L2TP.

[cnfer]

That was NOT the question...

I need it to be a server.

[BoredAus]

You need to elaborate further on your issues.

cnfer wrote:
> I can not, however, figure out the settings I need to manually set up an
> IPSec / L2TP tunnel... The IPSec part seems to work fine, but I do not know
> how to set up the l2tp tunnel over it. what IP to I connect to with the
> l2tp? what port? what tunnel_id etc?
>

Where are you seeing tunnel_id? Which software are you using that requires tunnel_id? Have you consulted relevant documentation from the appropriate software? Have you tried using other devices to establish L2TP connection with a node hosting SoftEther VPN server software?

I briefly glossed over EdgeRouter manual and could not find anything about 'tunnel_id'. Furthermore, there was nothing in EdgeRouter manual detailed anything about L2TP configuration apart from revealing clients and which protocols they are using.

As for IP and port, they should be pointing at the node that is hosting the SoftEther VPN server.

[cnfer]

BoredAus wrote:
> You need to elaborate further on your issues.

> Where are you seeing tunnel_id? Which software are you using that requires tunnel_id?
> Have you consulted relevant documentation from the appropriate software? Have you
> tried using other devices to establish L2TP connection with a node hosting SoftEther
> VPN server software?

http://en.wikipedia.org/wiki/Layer_2_Tu ... _structure this is part of the L2TP protocol. And yes, I have connected plenty of clients to it.

>
> I briefly glossed over EdgeRouter manual and could not find anything about
> 'tunnel_id'. Furthermore, there was nothing in EdgeRouter manual detailed anything
> about L2TP configuration apart from revealing clients and which protocols they are
> using.

You need to manually set this up, it's not in the manual.

>
> As for IP and port, they should be pointing at the node that is hosting the SoftEther
> VPN server.

This is for the IPSec part. As I have said, this part works.

I am asking about the L2TP part of the setup...

IPSec/L2TP is a two part protocol.

You have an IPSec tunnel which does the encryption, and over that tunnel you start an L2TP tunnel which handles the transport. This is done because L2TP doesn't have encryption of itself.

Now as I have said, the IPSec part connects fine. I just need to find the settings needed to get the L2TP part working.

[BoredAus]

cnfer wrote:
> BoredAus wrote:
> > You need to elaborate further on your issues.
>
> > Where are you seeing tunnel_id? Which software are you using that requires
> tunnel_id?
> > Have you consulted relevant documentation from the appropriate software? Have
> you
> > tried using other devices to establish L2TP connection with a node hosting
> SoftEther
> > VPN server software?
>
> http://en.wikipedia.org/wiki/Layer_2_Tu ... _structure this is
> part of the L2TP protocol. And yes, I have connected plenty of clients to it.
>

There was NOTHING about 'tunnel_id'. I was also referring to the latter phrase about using other L2TP/IPSec clients to connect directly with the node hosting SoftEther VPN Server, not through EdgeRouter.

> >
> > I briefly glossed over EdgeRouter manual and could not find anything about
> > 'tunnel_id'. Furthermore, there was nothing in EdgeRouter manual detailed
> anything
> > about L2TP configuration apart from revealing clients and which protocols they
> are
> > using.
>
> You need to manually set this up, it's not in the manual.
>

Then I suggest contacting ubiquiti networks, if it is not covered in the manual it definitely requires explanation as nobody understands the issues you are facing.

> >
> > As for IP and port, they should be pointing at the node that is hosting the
> SoftEther
> > VPN server.
>
> This is for the IPSec part. As I have said, this part works.
>
> I am asking about the L2TP part of the setup...
>
> IPSec/L2TP is a two part protocol.
>
> You have an IPSec tunnel which does the encryption, and over that tunnel you start an
> L2TP tunnel which handles the transport. This is done because L2TP doesn't have
> encryption of itself.
>
> Now as I have said, the IPSec part connects fine. I just need to find the settings
> needed to get the L2TP part working.

I know that L2TP/IPSec is a two part setup, that is why it is noted as L2TP/IPSec and not L2TP and IPSec as individual words. The problem is that nobody knows what tunnel_id is, if it is not even noted in the manual that is where you should consult with the relevant vendors - in which this case it is ubiquiti.

[cnfer]

BoredAus wrote:
> There was NOTHING about 'tunnel_id'. I was also referring to the latter phrase about
> using other L2TP/IPSec clients to connect directly with the node hosting SoftEther
> VPN Server, not through EdgeRouter.

I have connected plenty of clients through various OSes to my softether server. It runs and is reasonably active. and the tunnel ID is clearly referenced in that link.

> Then I suggest contacting ubiquiti networks, if it is not covered in the manual it
> definitely requires explanation as nobody understands the issues you are facing.
>
I Have contacted them, and their response is as expected. Contact the softether people and ask them about the details.

A EdgeRouter is just a linux box. Imagine I am trying to get this working on linux with the need for hardware encryption acceleration... That is all... Strongswan/x2ltpd on a linux box. Ubiquity is absolutely irrelevant here.

> I know that L2TP/IPSec is a two part setup, that is why it is noted as L2TP/IPSec and
> not L2TP and IPSec as individual words. The problem is that nobody knows what
> tunnel_id is, if it is not even noted in the manual that is where you should consult
> with the relevant vendors - in which this case it is ubiquiti.

Forgetting the tunnel ID, no one seems to even know what IP / port to connect to. I am asking for VERY basic details here...

So once again, imagine I am trying to connect to a SoftEther server with StrongSwan / xl2tpd (which I am), the vendor of the hardware is irrelevant beyond the fact that the supplied ipsec binary has hardware acceleration and things like OpenVPN do not.