Setting up an IPSec VPN

I am trying to set up an IPSec VPN for us to specifically use to allow our pepwaves to connect to. I was able to set up a libreswan instance on an ec2 instance and I am able to successfully connect to it from my laptop, however whenever the pepwave tries to connect to it the server throws a TS_UNACCEPTABLE error. Has anyone had success setting up and getting their pepwave to connect to an ipsec vpn? Below are my configurations. Thanks!

ipsec.conf
version 2.0
config setup
virtual-private=%v4:10.0.0.0/8,%v4:10.37.0.0/16,%v4:172.16.0.0/12,%v4:!10.37.74.0/24,%v4:!10.37.74.0/24
protostack=netkey
interfaces=%defaultroute
uniqueids=no
conn shared
left=%defaultroute
leftid={SERVER_PUBLIC_IP}
right=%any
encapsulation=yes
authby=secret
pfs=no
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
ikev2=insist
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
sha2-truncbug=no
conn l2tp-psk
auto=add
leftprotoport=17/1701
rightprotoport=17/%any
phase2=esp
also=shared
rightaddresspool=10.37.74.10-10.37.74.250
leftsubnet=0.0.0.0/0

libreswan is configured to be L2TP server (leftprotoport=17/1701) while Pepwave device’s IPsec is subnet-to-subnet. You need to change libreswan configuration to subnet-to-subnet.

And DH Group 14 is “modp2048” not “modp1024”.

1 Like