So first time on this forum, I hope I don't break some kind of rule by asking the question directly.
This is my scenario, in the main offices we have as a gateway/firewall a Ubiquiti USG-4PRO device configured with 2 VPN interfaces.
The first one an OpenVPN site-to-site interface with another Ubiquiti USG-3P device on a remote office.
The second, an L2TP interface for users from outside to connect to the internal network.
Due to this configuration, I do not want to enter custom configurations in the USG, more than configurations made through its UI because I don't want to break any of the services and provoke a commit error on the USG that ends on a complete config clean and restart of the device.
I investigated with SSH on all types of configuration regarding the OpenVPN or L2TP interfaces within the USG to get its configuration methods.
On OpenVPN I couldn't find any config file, besides, I think the service could be started without it because it could be started with all the parameters on the command that starts the service itself (it is difficult but it can be done).
So next, Ive proceeded with the config files for the L2TP PSK VPN and I was able to find them, because of Ubiquiti uses StrongSwan for the LT2P service it makes OpenWrt the number one candidate because its also able to do so.
So far, what has been obtained by those files, these are the lines they use:
ipsec.conf: conn $default keyexchange=ikev1 conn remote-access authby=secret type=transport keyexchange=ikev1 left=<VPN SERVER IP> leftprotoport=17/1701 right=%any rightprotoport=17/1701 auto=add ike=aes128-sha1-modp2048,aes256-sha1-modp4096,aes128-sha1-modp1536,aes256-sha1-modp2048,aes128-sha1-modp1024,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-sha1,3des-sha1-modp1024,3des-sha1! dpddelay=15 dpdtimeout=45 dpdaction=clear esp=aes128-sha1-modp2048,aes256-sha1-modp4096,aes128-sha1-modp1536,aes256-sha1-modp2048,aes128-sha1-modp1024,aes256-sha1-modp1536,aes256-sha1-modp1024,aes128-sha1,aes256-sha1,3des-sha1! rekey=no ikelifetime=3600 keylife=3600 ipsec.secrets: <VPN SERVER IP> %any : PSK "<PreShared Key>" xl2tpd.conf: [global] listen-add = <VPN SERVER IP> [lns default] ip range = <VPN IP POOL SET> local ip = <LOCAL LAN BRODCAST IP> refuse pap = yes require authentication = yes name = (for security reasons I hide this) ppp debug = yes pppoptfile = ../options.xl2tpd length bit = yes options.xl2tpd: name (for security reasons I hide this) linkname (for security reasons I hide this) ipcp-accept-local ipcp-accept-remote ms-dns <VPN SET DNS IP 1 SERVER> ms-dns <VPN SET DNS IP 2 SERVER> ms-wins <VPN SET WINS IP SERVER> auth nodefaultroute debug proxyarp connect-delay 5000 require-mschap-v2 idle 1800 plugin radius.so radius-config-file .../radiusclient-l2tp.conf plugin radar.so
After this, Ive created on the OpenWrt device this config:
opkg update opkg install strongswan-default xl2tpd ipsec.conf: config setup # strictcrlpolicy=yes # uniqueids = no charondebug=all conn %default ikelifetime=3600 keylife=3600 keyexchange=ikev1 conn <NAME OF VPN> authby=secret ike=aes256-sha1-modp1024 esp=aes256-sha1-modp1024 auto=add dpddelay=15 dpdtimeout=45 dpdaction=clear ikelifetime=3600 keylife=3600 type=transport left=%defaultroute leftprotoport=17/1701 right=<VPN SERVER IP> rightprotoport=17/1701 auto=start ipsec.secrets: : PSK "<PreShared Key>" xl2tpd.conf: [global] port = 1701 auth file = /etc/xl2tpd/xl2tpd-secrets acces control = no [lac <NAME OF VPN>] lns = <VPN SERVER IP> ;ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes options.l2tpd.client: ipcp-accept-local ipcp-accpet-remote require-mschap-v2 noauth defaultroute replacedefaultroute usepeerdns #debug connect-delay 5000 idle 1800 name <VPN USER> password <VPN USER PASS> /etc/init.d/ipsec enable /etc/init.d/xl2tpd enable /etc/init.d/ipsec restart /etc/init.d/xl2tpd restart ipsec restart ipsec up <NAME OF VPN>
So far connection is established, ok, lets continue. First time I did this I thought that ppp0 interfaces would show up but it was missing on ifconfig, then it hit me:
echo "c <NAME OF VPN>" > /var/run/xl2tpd/l2tp-control
After that it showed up the ppp0 interface with an VPN IP, the connection only lasts for some minutes and then its gone and ppp0 its no longer on ifconfig.
During the ppp0 when its up Ive tried to ping an IP on the local network that its behind the USG but there isn't a response. Also I know that there are more steps to be done but ppp0 doesn't lasts that long to establish that config, and even if I proceed with them, then there is no more internet connection (not even for bringing up the VPN up again).
The next command should be something like this:
route add <VPN SERVER IP> gw <OPENWRT LOCAL IP> route add default dev ppp0
What Im doing wrong? Whats missing?