Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1067
Views
0
Helpful
1
Replies

VPN server and client on same network

mohammedrashid459
Level 1
Level 1

‎07-13-2016 01:37 PM

Dear Experts,

Is it possible to form a VPN connection when the client and server is on same subnet/network.

I have been told to setup a VPN server on a UBUNTU and the VPN types should be like PPTP, L2TP (psk&rsa) and IPsec xauth psk & IPsec xauth rsa. All these VPNs are in build vpn options available in android and IOS.

And for this I have been using openswan VPN. I read many post where people managed to establish the connection , but I'm couldn't.

Below is the link for the sample open swan VPN configuration

https://help.ubuntu.com/community/L2TPServer

So if a user tries to connect the VPN server he/she should be able to do so.

I have a wireless router through which I pulled a cable and connected to the ubuntu server and it has a IP address of 192.168.0.100 and on this server I configured a L2TP vpn with PSK and I have a android mobile which is connected to the same wireless network as my ubuntu server is.

Android mobile has a IP address of 192.168.0.103, UBUNTU server has a IP address of 192.168.0.100 and my router's IP address is 192.168.0.1.

As both client and server is on same network, is it possible for me to establish a VPN connection. 

Both my client and server is in inside LAN. when  I tried to form a VPN the connection is not getting established.

One of my friend told me that it's not possible to form a VPN when both client and server is on same network or it may be the problem of routing.

I know this is not related to any cisco product or device, but I'm posting my question with lots of hope.. because  I have been struggling since 3 weeks to troubleshoot this... I tried asking many people but I didn't find any success till now...

My last hope is the VPN experts and gurus available here in this forum.

I would really appreciate if anyone could look into this and help me out please

below are the logs generated and the sample diagram attached with this

root@ubuntu:/home/rashid# sudo tail -f /var/log/auth.log
Jun 28 22:55:52 ubuntu pluto[3031]: adding interface lo/lo 127.0.0.1:500
Jun 28 22:55:52 ubuntu pluto[3031]: adding interface lo/lo 127.0.0.1:4500
Jun 28 22:55:52 ubuntu pluto[3031]: adding interface lo/lo ::1:500
Jun 28 22:55:52 ubuntu pluto[3031]: loading secrets from "/etc/ipsec.secrets"
Jun 28 22:55:52 ubuntu pluto[3031]: loading secrets from "/var/lib/openswan/ipsec.secrets.inc"
Jun 28 22:56:56 ubuntu sudo: root : TTY=pts/12 ; PWD=/home/rashid ; USER=root ; COMMAND=/usr/sbin/tcpdump -i ppp0
Jun 28 22:56:56 ubuntu sudo: pam_unix(sudo:session): session opened for user root by rashid(uid=0)
Jun 28 22:56:56 ubuntu sudo: pam_unix(sudo:session): session closed for user root
Jun 28 22:56:56 ubuntu sudo: root : TTY=pts/12 ; PWD=/home/rashid ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/auth.log
Jun 28 22:56:56 ubuntu sudo: pam_unix(sudo:session): session opened for user root by rashid(uid=0)
Jun 28 22:57:31 ubuntu pluto[3031]: packet from 192.168.0.101:500: received Vendor ID payload [RFC 3947] method set to=115
Jun 28 22:57:31 ubuntu pluto[3031]: packet from 192.168.0.101:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Jun 28 22:57:31 ubuntu pluto[3031]: packet from 192.168.0.101:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Jun 28 22:57:31 ubuntu pluto[3031]: packet from 192.168.0.101:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jun 28 22:57:31 ubuntu pluto[3031]: packet from 192.168.0.101:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Jun 28 22:57:31 ubuntu pluto[3031]: packet from 192.168.0.101:500: received Vendor ID payload [Dead Peer Detection]
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: responding to Main Mode from unknown peer 192.168.0.101
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.101'
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: new NAT mapping for #1, was 192.168.0.101:500, now 192.168.0.101:4500
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp1024}
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: Dead Peer Detection (RFC 3706): enabled
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jun 28 22:57:31 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: received and ignored informational message
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #1: the peer proposed: 192.168.0.111/32:17/0 -> 192.168.0.101/32:17/0
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: responding to Quick Mode proposal {msgid:4be47d98}
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: us: 192.168.0.111/32===192.168.0.111<192.168.0.111>:17/%any
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: them: 192.168.0.101:17/0
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: Dead Peer Detection (RFC 3706): enabled
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 28 22:57:32 ubuntu pluto[3031]: "L2TP-PSK-NAT"[1] 192.168.0.101 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x000272f6 <0x44ddcc40 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=192.168.0.101:4500 DPD=enabled}

Labels:
Preview file
86 KB
Preview file
1986 KB
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-13-2016 02:24 PM

In short - no - it wont work when the client and VPN server are on the same network.

0 Helpful
Customers Also Viewed These Support Documents