Join Log in
Score:0
Siamak S avatar Ubuntu

Connect to a VPN via another VPN

de flag
Siamak S

Based on the situation, I need to connect to a VPN via/through another VPN. Both of them are running on my Ubuntu machine. I connected to the first VPN . tun0 interface created and my routing table with ip r as follows:

0.0.0.0/1 via 100.64.100.5 dev tun0 
default via 192.168.1.1 dev wlp2s0 proto dhcp metric 600 
10.0.0.0/8 via 192.168.1.1 dev wlp2s0 
100.64.100.1 via 100.64.100.5 dev tun0 
100.64.100.5 dev tun0 proto kernel scope link src 100.64.100.6 
128.0.0.0/1 via 100.64.100.5 dev tun0 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
172.16.0.0/12 via 192.168.1.1 dev wlp2s0 
185.208.9.98 via 192.168.1.1 dev wlp2s0 
192.168.0.0/16 via 192.168.1.1 dev wlp2s0 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.68 metric 600

I removed the first and 6th rule to prevent transfer traffic to tun0 by default:

default via 192.168.1.1 dev wlp2s0 proto dhcp metric 600 
10.0.0.0/8 via 192.168.1.1 dev wlp2s0 
100.64.100.1 via 100.64.100.5 dev tun0 
100.64.100.5 dev tun0 proto kernel scope link src 100.64.100.6 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
172.16.0.0/12 via 192.168.1.1 dev wlp2s0 
185.208.9.98 via 192.168.1.1 dev wlp2s0 
192.168.0.0/16 via 192.168.1.1 dev wlp2s0 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.68 metric 600

Then I added the second VPN server's IP to go through the first VPN. Consider the second VPN server's IP is 200.200.200.200

ip r add 200.200.200.200 via 100.64.100.5 dev tun0

Then I tried to connect the second VPN - which is an L2TP type, but it was not successful. I tried to debug the L2TP connection with the following command:

/usr/lib/NetworkManager/nm-l2tp-service --debug

I found these lines in the log:

** Message: 17:29:56.476: Check port 1701
** Message: 17:29:56.476: Can't bind to port 1701
nm-l2tp[81418] <warn>  L2TP port 1701 is busy, using ephemeral.
nm-l2tp[81418] <info>  starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.9.5 IPsec [starter]...
Loading config setup
Loading conn '3cf99dbd-577c-4c5b-85f7-b081483bd849'
nm-l2tp[81418] <info>  Spawned ipsec up script with PID 81797.
initiating IKE_SA 3cf99dbd-577c-4c5b-85f7-b081483bd849[1] to 200.200.200.200
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 100.64.100.6[500] to 200.200.200.200[500] (904 bytes)
retransmit 1 of request with message ID 0
sending packet: from 100.64.100.6[500] to 200.200.200.200[500] (904 bytes)
nm-l2tp[81418] <warn>  Timeout trying to establish IPsec connection
nm-l2tp[81418] <info>  Terminating ipsec script with PID 81797.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection '3cf99dbd-577c-4c5b-85f7-b081483bd849' failed
** Message: 17:30:09.608: Could not establish IPsec connection.
42
0 + 2
vpn
mchid avatar
bo flag
mchid
Your original VPN probably has non essential ports like 1701 blocked. Is it possible to use a 2nd VPN that connects over a regular port like 80 or preferably 443 (443 traffic is already expected to be encrypted so it doesn't raise suspicion so this makes 443 preferable compared to port 80 although both will probably work the same).
0
Reply
Siamak S avatar
de flag
Siamak S
There is no way to change the second VPN's port. Is there any way to proxying 1701 port?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.