I want to setup a VPN betwen remote clients and an EdgeRouter POE. I have followed the instructions from an amalgam of references including the UBNT Help Info and third party tutorials including this and this. In short, I think I've done the following steps:
- Created a CA on teh edgerouter.
- Created the server certs and keys adn moved then to /config/auth
- Moved the CA files to /config/auth
- Reformatted the server key to DER
- Made a client certificate into .p12 with the client .pem, the key and the CA Cert.
- Moved the client file to the mac client and installed into Keychain Access.
- Setup the VPN settings on the router including a static IP, local user auth mode, local users, authentication mode x509, and pointed the file settings to /config/auth.
- Opened ports ESP 50, 1701, 500 and 4500.
- On the client, I created a new VPN connection using the local user and the machine certificate.
And yet, after all this, I get no where.
The mac client console is reporting
racoon[17139]: Connecting.
racoon[17139]: IPSec Phase 1 started (Initiated by me).
racoon[17139]: IPSec Phase 1 started (Initiated by me).
racoon[17139]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
racoon[17139]: >>>>> phase change status = Phase 1 started by us
racoon[17139]: >>>>> phase change status = Phase 1 started by us
racoon[17139]: >>>>> phase change status = Phase 1 started by peer
racoon[17139]: >>>>> phase change status = Phase 1 started by peer
racoon[17139]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
racoon[17139]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
racoon[17139]: none message must be encrypted, status 0x1463, side 0
racoon[17139]: none message must be encrypted, status 0x1463, side 0
racoon[17139]: IKE Packet: transmit success. (Phase 1 Retransmit).
racoon[17139]: IKE Packet: transmit success. (Phase 1 Retransmit).
racoon[17139]: IKE Packet: transmit success. (Phase 1 Retransmit).
racoon[17139]: IKE Packet: transmit success. (Phase 1 Retransmit).
racoon[17139]: IPSec disconnecting from server x.x.x.x
racoon[17139]: IPSec disconnecting from server x.x.x.x
I'm getting these errors on the router, but I don't see much activity in the logs or the webgui tcpdump tool while I'm trying to connect.
router xl2tpd[15620]: death_handler: Fatal signal 15 received
router xl2tpd[16375]: setsockopt recvref[30]: Protocol not available
I've clearly missed something. I've attached relevant portions of my configuration.
I would be extremely greatful for any thoughts or suggestions on how to correct the problem(s) and get this working.
vpn {
ipsec {
auto-firewall-nat-exclude disable
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username xxxxxxxx {
password xxxxxxxxx
}
}
mode local
}
client-ip-pool {
start 10.0.10.181
stop 10.0.10.185
}
dns-servers {
server-1 10.0.10.254
}
ipsec-settings {
authentication {
mode x509
x509 {
ca-cert-file /config/auth/cacert.pem
server-cert-file /config/auth/server.pem
server-key-file /config/auth/server.key
}
}
ike-lifetime 3600
}
outside-address x.x.x.x
outside-nexthop x.x.x.x
}
}
}