Set up a L2TP/IPSec VPN connection on Ubuntu desktop

Context:

The VPN server runs on a Vyatta firewall (version 6.5). This has been tested on Ubuntu 13.10 (saucy) and 14.04 (trusty).

How to set up the VPN client on Ubuntu

1. Packages required:

$ sudo apt-get install openswan
$ sudo apt-get install xl2tpd
$ sudo apt-get install l2tp-ipsec-vpn

2. You need to restart your computer to see the little “L2TP IPSEC VPN Manager” appear in the  status bar

3. Configure the connection with the “L2TP IPSEC VPN Manager”:

Enter the VPN server address and the pre-shared key

Image

Go to the PPP tab and enter the username and password (you can let all the protocols checked as we will unban them later):

Image

Click on “IP Settings” and check the box:

Image

Before closing, click on “Routes” and make sure you use the gateway on the remote network:

Image

Close the “L2TP IPSEC VPN Manager” to apply the changes.

4. Before connecting to the VPN you need to make some more changes in the configuration files

In the file /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
– Add the password line
– Be sure the lines refuse-xxxx are commented:

$ sudo vi /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
  #debug
  #dump
  #record /var/log/pppd

  plugin passprompt.so
  ipcp-accept-local
  ipcp-accept-remote
  idle 72000
  ktune
  noproxyarp
  asyncmap 0
  #noccp
  noauth
  crtscts
  lock
  hide-password
  modem
  noipx

  ipparam L2tpIPsecVpn-<your_connection>

  promptprog "/usr/bin/L2tpIPsecVpn"

  #refuse-eap
  #refuse-pap
  #refuse-chap
  #refuse-mschap
  #refuse-mschap-v2
  #require-mschap-v2

  remotename ""
  name "<your_username>"
  password "<your_password>"

  defaultroute

  usepeerdns

5. Restart xl2tp and ipsec to apply the changes

$ sudo /etc/init.d/ipsec restart
$ sudo /etc/init.d/xl2tp restart

6. Finally, go to your (home) connection settings and deactivate the IPv6:

Image

7. You can now connect to your (home) connection and connect to the VPN connection you just created

Issues? Check the last lines of /var/log/syslog

FYI: the VPN server configuration
Here is the VPN configuration on the Vyatta firewall (version 6.5) which is our VPN server:
Any content in <> has to be replaced.
See Vyatta documentation for more details.

vpn {
    ipsec {
        esp-group ESP1 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group IKE1 {
            dead-peer-detection {
                action clear
                interval 150
                timeout 450
            }
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface <eth0>
        }
        nat-networks {
            allowed-network <192.168.0.0/16> {
            }
        }
        nat-traversal enable
    }
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username <user1> {
                        password <user1password>
                    }
                    username <user2> {
                        password <user2password>
                    }
                }
                mode local
            }
            client-ip-pool {
                start <vpn_ip_pool_start>
                stop <vpn_ip_pool_stop>
            }
            dns-servers {
                server-1 <internal_dns_server>
                server-2 <internal_dns_server2>
            }
            ipsec-settings {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret <choose_a_shared_secret>
                }
                ike-lifetime 3600
            }
            outside-address <your_external_ip>
            outside-nexthop <your_gateway>
            wins-servers {
                server-1 <your_wins_server_ip>
            }
        }
    }
}

Loved this article? Send Ethereum to this address: 0x9b09d5b83395FE4F43e4746a8c44E8d8491799A3

Advertisements
Set up a L2TP/IPSec VPN connection on Ubuntu desktop

24 thoughts on “Set up a L2TP/IPSec VPN connection on Ubuntu desktop

  1. Hi, I am trying to use this method to connect to our school’s VPN. However, it gives me an “Error 500”

    When I checked the syslog, I found the following errors

    Dec 29 14:35:53 ivp ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-32-generic…
    Dec 29 14:35:53 ivp ipsec_setup: Using NETKEY(XFRM) stack
    Dec 29 14:35:53 ivp kernel: [12677.246838] Initializing XFRM netlink socket
    Dec 29 14:35:53 ivp ipsec_setup: …Openswan IPsec started
    Dec 29 14:35:53 ivp pluto: adjusting ipsec.d to /etc/ipsec.d
    Dec 29 14:35:53 ivp ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
    Dec 29 14:35:53 ivp ipsec__plutorun: 002 added connection description “CUHK”
    Dec 29 14:36:05 ivp xl2tpd[22022]: death_handler: Fatal signal 15 received
    Dec 29 14:36:06 ivp xl2tpd[24636]: setsockopt recvref[30]: Protocol not available
    Dec 29 14:36:06 ivp xl2tpd[24636]: This binary does not support kernel L2TP.
    Dec 29 14:36:06 ivp xl2tpd[24637]: xl2tpd version xl2tpd-1.3.6 started on ivp PID:24637
    Dec 29 14:36:06 ivp xl2tpd[24637]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    Dec 29 14:36:06 ivp xl2tpd[24637]: Forked by Scott Balmos and David Stipp, (C) 2001
    Dec 29 14:36:06 ivp xl2tpd[24637]: Inherited by Jeff McAdams, (C) 2002
    Dec 29 14:36:06 ivp xl2tpd[24637]: Forked again by Xelerance (www.xelerance.com) (C) 2006
    Dec 29 14:36:06 ivp xl2tpd[24637]: Listening on IP address 0.0.0.0, port 1701

    Do you have any idea about this problem? Thank you.

  2. Varun says:

    was trying since a week to connect to the vpn. Thanx a lot for such beautiful explanation without missing any steps.

  3. hako2 says:

    I have tried your approach, set up on my Ubuntu 14.04 64bit machine.
    Using a VPN I have without problems used before with PPTP, and on Android with L2TP/IPSec, I seem to get a connection, but after a short time (2 min), it disconnects.
    What am I doing wrong?

    L2TP IPSec Log:
    Jul 13 16:50:11.360 ipsec_setup: Stopping Openswan IPsec…
    Jul 13 16:50:13.903 Stopping xl2tpd: xl2tpd.
    Jul 13 16:50:13.985 xl2tpd[2190]: death_handler: Fatal signal 15 received
    Jul 13 16:50:14.198 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.16.0-41-generic…
    Jul 13 16:50:14.671 ipsec__plutorun: Starting Pluto subsystem…
    Jul 13 16:50:14.688 recvref[30]: Protocol not available
    Jul 13 16:50:14.688 xl2tpd[12765]: This binary does not support kernel L2TP.
    Jul 13 16:50:14.689 xl2tpd[12767]: xl2tpd version xl2tpd-1.3.6 started on HK-Home-Linux PID:12767
    Jul 13 16:50:14.689 xl2tpd[12767]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    Jul 13 16:50:14.689 xl2tpd[12767]: Forked by Scott Balmos and David Stipp, (C) 2001
    Jul 13 16:50:14.689 xl2tpd[12767]: Inherited by Jeff McAdams, (C) 2002
    Jul 13 16:50:14.689 xl2tpd[12767]: Forked again by Xelerance (www.xelerance.com) (C) 2006
    Jul 13 16:50:14.690 xl2tpd[12767]: Listening on IP address 0.0.0.0, port 1701
    Jul 13 16:50:14.690 Starting xl2tpd: xl2tpd.
    Jul 13 16:50:14.714 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
    Jul 13 16:50:14.785 ipsec__plutorun: 002 added connection description “Solidtunnel_L2TP_SG”
    Jul 13 16:50:14.786 ipsec__plutorun: 002 added connection description “SolidTunnel_L2TP_US_Lenoir”
    Jul 13 16:50:15.960 104 “SolidTunnel_L2TP_US_Lenoir” #1: STATE_MAIN_I1: initiate
    Jul 13 16:50:15.960 003 “SolidTunnel_L2TP_US_Lenoir” #1: received Vendor ID payload [Openswan (this version) 2.6.38 ]
    Jul 13 16:50:15.960 003 “SolidTunnel_L2TP_US_Lenoir” #1: received Vendor ID payload [Dead Peer Detection]
    Jul 13 16:50:15.960 003 “SolidTunnel_L2TP_US_Lenoir” #1: received Vendor ID payload [RFC 3947] method set to=115
    Jul 13 16:50:15.960 106 “SolidTunnel_L2TP_US_Lenoir” #1: STATE_MAIN_I2: sent MI2, expecting MR2
    Jul 13 16:50:15.960 003 “SolidTunnel_L2TP_US_Lenoir” #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
    Jul 13 16:50:15.960 108 “SolidTunnel_L2TP_US_Lenoir” #1: STATE_MAIN_I3: sent MI3, expecting MR3
    Jul 13 16:50:15.961 003 “SolidTunnel_L2TP_US_Lenoir” #1: received Vendor ID payload [CAN-IKEv2]
    Jul 13 16:50:15.961 004 “SolidTunnel_L2TP_US_Lenoir” #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
    Jul 13 16:50:15.961 117 “SolidTunnel_L2TP_US_Lenoir” #2: STATE_QUICK_I1: initiate
    Jul 13 16:50:15.961 004 “SolidTunnel_L2TP_US_Lenoir” #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x9f4bb11d <0xce6495cf xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
    Jul 13 16:50:16.962 xl2tpd[12767]: Connecting to host 192.198.93.214, port 1701
    Jul 13 16:50:17.286 xl2tpd[12767]: Connection established to 192.198.93.214, 1701. Local: 469, Remote: 53123 (ref=0/0).
    Jul 13 16:50:17.287 xl2tpd[12767]: Calling on tunnel 469
    Jul 13 16:50:17.606 xl2tpd[12767]: Call established with 192.198.93.214, Local: 31620, Remote: 19484, Serial: 1 (ref=0/0)
    Jul 13 16:50:17.613 xl2tpd[12767]: start_pppd: I'm running:
    Jul 13 16:50:17.613 xl2tpd[12767]: "/usr/sbin/pppd"
    Jul 13 16:50:17.613 xl2tpd[12767]: "passive"
    Jul 13 16:50:17.613 xl2tpd[12767]: "nodetach"
    Jul 13 16:50:17.613 xl2tpd[12767]: ":"
    Jul 13 16:50:17.614 xl2tpd[12767]: "file"
    Jul 13 16:50:17.614 xl2tpd[12767]: "/etc/ppp/SolidTunnel_L2TP_US_Lenoir.options.xl2tpd"
    Jul 13 16:50:17.614 xl2tpd[12767]: "/dev/pts/9"
    Jul 13 16:50:17.647 pppd[12848]: Plugin passprompt.so loaded.
    Jul 13 16:50:17.648 pppd[12848]: pppd 2.4.5 started by root, uid 0
    Jul 13 16:50:17.680 pppd[12848]: Using interface ppp0
    Jul 13 16:50:17.680 pppd[12848]: Connect: ppp0 /dev/pts/9
    Jul 13 16:50:18.488 pppd[12848]: CHAP authentication succeeded
    Jul 13 16:50:19.063 pppd[12848]: not replacing existing default route via 192.168.1.1
    Jul 13 16:50:19.064 pppd[12848]: local IP address 172.16.1.30
    Jul 13 16:50:19.064 pppd[12848]: remote IP address 172.16.1.1
    Jul 13 16:50:19.064 pppd[12848]: primary DNS address 8.8.8.8
    Jul 13 16:50:19.064 pppd[12848]: secondary DNS address 8.8.4.4
    Jul 13 16:50:21.787 pppd[12848]: Deflate (15) compression enabled

    at this point, connection seems to be established, Skype shows connected. But, after 2 min, connection is lost.

    Jul 13 16:52:20.598 xl2tpd[12767]: check_control: Received out of order control packet on tunnel 53123 (got 3, expected 4)
    Jul 13 16:52:20.598 xl2tpd[12767]: handle_packet: bad control packet!
    Jul 13 16:53:56.619 xl2tpd[12767]: death_handler: Fatal signal 15 received
    Jul 13 16:53:56.619 Stopping xl2tpd: xl2tpd.
    Jul 13 16:53:56.619 pppd[12848]: Modem hangup
    Jul 13 16:53:56.619 pppd[12848]: Connect time 3.7 minutes.
    Jul 13 16:53:56.619 pppd[12848]: Sent 267346 bytes, received 422069 bytes.
    Jul 13 16:53:56.620 pppd[12848]: Connection terminated.
    Jul 13 16:53:56.640 ipsec_setup: Stopping Openswan IPsec…
    Jul 13 16:53:56.774 pppd[12848]: Exit.

    1. Jason says:

      im having the same problem – error logs talk about: “Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects!” –I wonder, for the few seconds the tunnel is up try and run “sudo ipsec verify” and see if you get the same error. I found a couple forums talking about how to change that “redirects” attribute but it wont let me save the changes

  4. Jason says:

    Thank You for writing this out – it has been very useful – I run into a problem with it disconnecting seconds after it connects… here are my logs:

    jason@casa-wesella:~$ sudo ipsec verify
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path [OK]
    Linux Openswan U2.6.38/K3.16.0-43-lowlatency (netkey)
    Checking for IPsec support in kernel [OK]
    SAref kernel support [N/A]
    NETKEY: Testing XFRM related proc values [FAILED]

    Please disable /proc/sys/net/ipv4/conf/*/send_redirects
    or NETKEY will cause the sending of bogus ICMP redirects!

    [FAILED]

    Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
    or NETKEY will accept bogus ICMP redirects!

    [OK]
    Checking that pluto is running [OK]
    Pluto listening for IKE on udp 500 [OK]
    Pluto listening for NAT-T on udp 4500 [OK]
    Two or more interfaces found, checking IP forwarding Checking NAT and MASQUERADEing [OK]
    Checking for ‘ip’ command [OK]
    Checking /bin/sh is not /bin/dash [WARNING]
    Checking for ‘iptables’ command [OK]
    Opportunistic Encryption Support [DISABLED]

  5. hako2 says:

    2nd attempt to write a comment, first time it did not show up due to lousy forum software.
    I tried on my Ubuntu 14.4 64bit: After editing /etc/sysctl.conf as suggested in https://gist.github.com/kryptek/7683862, the warnings about bogus redirections do not show up anymore in sudo ipsec verify. But, it seems, Pluto is also not running anymore:
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path [OK]
    Linux Openswan U2.6.38/K(no kernel code presently loaded)
    Checking for IPsec support in kernel [FAILED]
    SAref kernel support [N/A]
    Checking that pluto is running [FAILED]
    whack: Pluto is not running (no “/var/run/pluto/pluto.ctl”)
    Checking for ‘ip’ command [OK]
    Checking /bin/sh is not /bin/dash [WARNING]
    Checking for ‘iptables’ command [OK]
    Opportunistic Encryption Support [DISABLED]

    A connection attempt had the same result as before: disconnection after 2 min. Syslog has the same enties as the IPsec connection log, with a few additions. Unfortunately, I cannot see why it disconnects after short time.

    Aug 4 10:29:40 HK-Home-Linux L2tpIPsecVpnControlDaemon: Opening client connection
    Aug 4 10:29:40 HK-Home-Linux L2tpIPsecVpnControlDaemon: Opening client connection
    Aug 4 10:29:40 HK-Home-Linux L2tpIPsecVpnControlDaemon: Closing client connection
    Aug 4 10:29:40 HK-Home-Linux L2tpIPsecVpnControlDaemon: Executing command service xl2tpd start
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6280]: setsockopt recvref[30]: Protocol not available
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6280]: This binary does not support kernel L2TP.
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6281]: xl2tpd version xl2tpd-1.3.6 started on HK-Home-Linux PID:6281
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6281]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6281]: Forked by Scott Balmos and David Stipp, (C) 2001
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6281]: Inherited by Jeff McAdams, (C) 2002
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6281]: Forked again by Xelerance (www.xelerance.com) (C) 2006
    Aug 4 10:29:40 HK-Home-Linux xl2tpd[6281]: Listening on IP address 0.0.0.0, port 1701
    Aug 4 10:29:40 HK-Home-Linux L2tpIPsecVpnControlDaemon: Command service xl2tpd start finished with exit code 0
    Aug 4 10:29:41 HK-Home-Linux L2tpIPsecVpnControlDaemon: Closing client connection
    Aug 4 10:29:41 HK-Home-Linux xl2tpd[6281]: Connecting to host 119.81.124.84, port 1701
    Aug 4 10:29:43 HK-Home-Linux xl2tpd[6281]: Connection established to 119.81.124.84, 1701. Local: 14093, Remote: 39606 (ref=0/0).
    Aug 4 10:29:43 HK-Home-Linux xl2tpd[6281]: Calling on tunnel 14093
    Aug 4 10:29:43 HK-Home-Linux xl2tpd[6281]: check_control: Received out of order control packet on tunnel 39606 (got 0, expected 1)
    Aug 4 10:29:43 HK-Home-Linux xl2tpd[6281]: handle_packet: bad control packet!
    Aug 4 10:29:44 HK-Home-Linux xl2tpd[6281]: check_control: Received out of order control packet on tunnel 39606 (got 2, expected 1)
    Aug 4 10:29:44 HK-Home-Linux xl2tpd[6281]: handle_packet: bad control packet!
    Aug 4 10:29:44 HK-Home-Linux xl2tpd[6281]: check_control: Received out of order control packet on tunnel 39606 (got 2, expected 1)
    Aug 4 10:29:44 HK-Home-Linux xl2tpd[6281]: handle_packet: bad control packet!
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: Call established with 119.81.124.84, Local: 8760, Remote: 64737, Serial: 1 (ref=0/0)
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: start_pppd: I’m running:
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “/usr/sbin/pppd”
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “passive”
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “nodetach”
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “:”
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “file”
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “/etc/ppp/PIA_L2TP_SG.options.xl2tpd”
    Aug 4 10:29:45 HK-Home-Linux xl2tpd[6281]: “/dev/pts/24”
    Aug 4 10:29:45 HK-Home-Linux pppd[6282]: Plugin passprompt.so loaded.
    Aug 4 10:29:45 HK-Home-Linux pppd[6282]: pppd 2.4.5 started by root, uid 0
    Aug 4 10:29:45 HK-Home-Linux pppd[6282]: Using interface ppp0
    Aug 4 10:29:45 HK-Home-Linux pppd[6282]: Connect: ppp0 /dev/pts/24
    Aug 4 10:29:45 HK-Home-Linux NetworkManager[992]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
    Aug 4 10:29:45 HK-Home-Linux NetworkManager[992]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
    Aug 4 10:29:45 HK-Home-Linux NetworkManager[992]: /sys/devices/virtual/net/ppp0: couldn’t determine device driver; ignoring…
    Aug 4 10:29:46 HK-Home-Linux pppd[6282]: CHAP authentication succeeded
    Aug 4 10:29:46 HK-Home-Linux pppd[6282]: not replacing existing default route via 192.168.1.1
    Aug 4 10:29:46 HK-Home-Linux pppd[6282]: local IP address 10.10.1.2
    Aug 4 10:29:46 HK-Home-Linux pppd[6282]: remote IP address 10.10.1.1
    Aug 4 10:29:46 HK-Home-Linux pppd[6282]: primary DNS address 8.8.8.8
    Aug 4 10:29:46 HK-Home-Linux pppd[6282]: secondary DNS address 8.8.4.4
    Aug 4 10:29:52 HK-Home-Linux whoopsie[1258]: offline
    Aug 4 10:29:58 HK-Home-Linux whoopsie[1258]: online
    Aug 4 10:31:53 HK-Home-Linux L2tpIPsecVpnControlDaemon: Opening client connection
    Aug 4 10:31:53 HK-Home-Linux L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop
    Aug 4 10:31:53 HK-Home-Linux xl2tpd[6281]: death_handler: Fatal signal 15 received
    Aug 4 10:31:53 HK-Home-Linux pppd[6282]: Modem hangup
    Aug 4 10:31:53 HK-Home-Linux pppd[6282]: Connect time 2.2 minutes.
    Aug 4 10:31:53 HK-Home-Linux pppd[6282]: Sent 268590 bytes, received 568064 bytes.
    Aug 4 10:31:53 HK-Home-Linux L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0
    Aug 4 10:31:53 HK-Home-Linux pppd[6282]: Connection terminated.
    Aug 4 10:31:53 HK-Home-Linux NetworkManager[992]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
    Aug 4 10:31:53 HK-Home-Linux L2tpIPsecVpnControlDaemon: Closing client connection
    Aug 4 10:31:53 HK-Home-Linux pppd[6282]: Exit.

  6. hako2 says:

    If I start the ipsec verification after trying to connect, the check for running pluto returns ok.
    The disconnection after about 2 min happens on my laptop running 12.04 32bit, also. The laptop connects via wifi, the desktop (14.04 64bit) is connected by cable. Seems to be systematic (e.g., a setting, or time-out, etc.). The server is a commercial PIA VPN server.
    Where to look?

  7. hako2 says:

    PIA support does not have a setup for L2TP, only openvpn, which does not work in China.
    When I tried with another VPN provider, I have the same problem, disconnection after short time.

  8. carol says:

    I have done all above and still it doesn’t work.

    xl2tpd[3876]: death_handler: Fatal signal 15 received
    Stopping xl2tpd: xl2tpd.

    When launching the l2tpd vpn manager, I get
    I couldn’t load PKCS11 library /usr/lib/x86_64-linux-gnu/pkcs11/gnome-keyring-pkcs11.so.

    Where should PKCS11 path in preferences, openssl should point to on ubuntu14.04?

    Look forward to your reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s