I have set up a VPN server using the project here: GitHub - hwdsl2/setup-ipsec-vpn: Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2 Which has made things very simple. The script installs LibreSWAN. My Nexus 6P has no issues connecting to my server, but using the exact same username, PSK, and password results in failure on the Chromebook. Whats strange is that I see the ISAKMP packet come through my router, but nothing shows up in the VPN logs, not even a refused connection. Im not sure what would be different about the way the Chromebook is connecting versus how my Nexus connects.
Does anyone know what encryption is proposed by the Chromebook? The update to Android 7.1.2 now proposes SHA2_512 to get around the truncation bug. All I see on the Chromebook is “internal error”. Is there any place to get logs on the attempted VPN connection from the Chromebook?
I can verify this is a ChromeOS issue. Since updating to ver. 57, I cannot connect to my VPN via L2TP.
I agree. Keep me posted if you hear of a solution please.
Thanks, not seeing anything useful here. Repeats the same “internal error” message.
I checked with the developer of the VPN install script I mentioned above and was told to file a possible bug report for libreswan. So I did that, and one of the devs of libreswan said it did look like a crash. Trying to figure it out currently.
I’ve started getting this also after my chromebook updated to version 57. I’ve been using that script for months with no problem. Still could be Libreswan though, I don’t know.
Yes, I’m on chrome 57 as well. I’ve checked the logs in libreswan and seems like there is some kind of crash taking place inside libreswan. I’ve moved on to a different script which uses softether and it worked perfectly the first time with the 6P and Chromebook. Here is the link to the softether script, running it on a pi and it works great: Raspberry Pi L2TP VPN Setup Scripts.md · GitHub
Thank you for the information. I’m certainly not an expert, but is this something I could run on a Digital Ocean droplet and use the droplet as the VPN server instead of a local pi?
Yes, I think that would work, although you might have to modify the script to download softether for the correct architecture for the droplet. *edit: found just the solution you were asking about: How to Setup a Multi-Protocol VPN Server Using SoftEther | DigitalOcean