These are my notes for connecting to a meraki client vpn from ubuntu 16.04. This configuration assumes you are using a psk for the ipsec auth.
Install the following packages:
apt-get install -y strongswan xl2tpd
Configure strong swan
cat > /etc/ipsec.conf <<EOF
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn meraki-vpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
# set this to the ip address of your meraki vpn
right=XXX.XXX.XXX.XXX
EOF
cat > /etc/ipsec.secrets <<EOF
: PSK "YOUR_PSK_GOES_HERE"
EOF
Configure xl2tp:
cat > /etc/xl2tpd/xl2tpd.conf <<EOF
[lac meraki]
# your meraki vpn ip goes here
lns = XXX.XXX.XXX.XXX
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
EOF
cat > /etc/ppp/options.l2tpd.client <<EOF
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
connect-delay 5000
EOF
mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
Restart your services:
service strongswan restart
service xl2tpd restart
Start the ipsec connection:
ipsec auto --up meraki
Start the l2tp connection (with your username and password)
echo "c meraki <user> <pass>" > /var/run/xl2tpd/l2tp-control
Add a route for your internal network:
ip route add 10.0.0.1/24 dev ppp0
To disconnect:
echo "d meraki" > /var/run/xl2tpd/l2tp-control
ipsec down meraki
conn %default
ikelifetime=1440m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn usa
left=xxx.xxx.xxx.xxx
leftsubnet=0.0.0.0/0
right=xxx.xxx.xxx.xxx
rightsubnet=10.201.21.0/20
keyexchange=ikev1
auto=route
authby=secret
here is my setting.but I can't connect successfully.It show me this message :
initiating Main Mode IKE_SA usa[1] to B
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from A[500] to B[500] (220 bytes)
received packet: from B[500] to A[500] (160 bytes)
parsed ID_PROT response 0 [ SA V V V V ]
received XAuth vendor ID
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received FRAGMENTATION vendor ID
selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from A[500] to B[500] (244 bytes)
received packet: from B[500] to A[500] (228 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from A[500] to B[500] (100 bytes)
received packet: from B[500] to A[500] (92 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA usa[1] established between A[A]...B[B]
scheduling reauthentication in 86173s
maximum IKE_SA lifetime 86353s
generating QUICK_MODE request 2161754081 [ HASH SA No KE ID ID ]
sending packet: from A[500] to B[500] (340 bytes)
sending retransmit 1 of request message ID 2161754081, seq 4
sending packet: from A[500] to B[500] (340 bytes)
received packet: from B[500] to A[500] (92 bytes)
parsed INFORMATIONAL_V1 request 2262587242 [ HASH N(DPD) ]
sending retransmit 2 of request message ID 2161754081, seq 4
sending packet: from A[500] to B[500] (340 bytes)
received packet: from B[500] to A[500] (92 bytes)
parsed INFORMATIONAL_V1 request 2583933086 [ HASH N(DPD) ]
received packet: from B[500] to A[500] (92 bytes)
parsed INFORMATIONAL_V1 request 3182138456 [ HASH N(DPD) ]
sending retransmit 3 of request message ID 2161754081, seq 4
sending packet: from A[500] to B[500] (340 bytes)
received packet: from B[500] to A[500] (92 bytes)
parsed INFORMATIONAL_V1 request 2987448349 [ HASH N(DPD) ]
received packet: from B[500] to A[500] (92 bytes)
parsed INFORMATIONAL_V1 request 2818422143 [ HASH N(DPD) ]
sending retransmit 4 of request message ID 2161754081, seq 4
sending packet: from A[500] to B[500] (340 bytes)
sending retransmit 5 of request message ID 2161754081, seq 4
sending packet: from A[500] to B[500] (340 bytes)
giving up after 5 retransmits
initiating Main Mode IKE_SA usa[2] to B
establishing connection 'usa' failed
it's anything wrong?