forum.lissyara.su

Танки встречай шквалом огня, твёрдо запомни - горит и броня
https://forum.lissyara.su/

l2tp over ipsec

https://forum.lissyara.su/viewtopic.php?f=8&t=12648

Страница 1 из 1

l2tp over ipsec

Добавлено: 2008-11-19 15:13:18
doker
насколько я понял (поправте пжл если я ошибся) небходимо сначала настроить шифрованный тунель с помощью ipsec-tools с ключём (PSK), а потом поднимать l2tp сессию. кто силён в этом, подскажите детали пжл.
расматриваеться аналог VPN соединеия с PSK в винде (простите за дубляж темы, эта более точная)

Re: l2tp over ipsec

Добавлено: 2008-11-20 10:58:46
doker
тыкни в ошибки конфигов плз
10.10.10.222 мой локальный IP, gw 10.10.10.1
88.88.88.1 IP циски
rc.conf

ifconfig_re0="inet 10.10.10.222 netmask 255.255.255.0"
defaultrouter="10.10.10.1"
racoon_enable="yes"
racoon_flag="-l /var/log/racoon"
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"


ipsec.conf

flush;
spdflush;
spdadd 10.10.10.222/32 88.88.88.1/32 any -P out ipsec esp/tunnel/10.10.10.222-88.88.88.1/require ;
spdadd 88.88.88.1/32 10.10.10.222/32 any -P in ipsec esp/tunnel/88.88.88.1-10.10.10.222/require ;

racoon.conf
path include "/usr/local/etc/racoon";
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log debug2;
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per send.
phase1 30 sec;
phase2 15 sec;
}
remote anonymous
{
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
initial_contact on;
proposal_check obey; # obey, strict, or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 1;
}
}
sainfo anonymous
{
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

psk.txt
88.88.88.1 ххххххххххххххх

l2tpd.conf

[global]
port = 1701
auth file = /usr/local/etc/l2tp/l2tp-secrets
[lac default]
lns = 88.88.88.1
redial = yes
redial timeout = 1
max redials = 5
require chap = yes
refuse pap = yes
require authentication = yes
name = myname
ppp debug = yes
pppoptfile = /letc/l2tp/options.l2tpd.client

options.l2tpd.client

mtu 1410
mru 1410
refuse-eap
noccp
logfile /var/log/ppp.log
nodeflate
noproxyarp
noauth
nodefaultroute
#replacedefaultroute
lock

l2tp-secrets
myname * mypass *

вы логах пишет следующее

Nov 20 09:40:18 poligon racoon: DEBUG: new cookie: ff3b61dce6ddf06c
Nov 20 09:40:18 poligon racoon: DEBUG: add payload of len 48, next type 13
Nov 20 09:40:18 poligon racoon: DEBUG: add payload of len 16, next type 0
Nov 20 09:40:18 poligon racoon: DEBUG: 100 bytes from 10.10.10.222[500] to 88.88.88.1[500]
Nov 20 09:40:18 poligon racoon: DEBUG: sockname 10.10.10.222[500]
Nov 20 09:40:18 poligon racoon: DEBUG: send packet from 10.10.10.222[500]
Nov 20 09:40:18 poligon racoon: DEBUG: send packet to 88.88.88.1[500]
Nov 20 09:40:18 poligon racoon: DEBUG: 1 times of 100 bytes message will be sent to 88.88.88.1[500]
Nov 20 09:40:18 poligon racoon: DEBUG: ff3b61dc e6ddf06c 00000000 00000000 01100200 00000000 00000064 0d000034 00000001 0000000
Nov 20 09:40:18 poligon racoon: DEBUG: resend phase1 packet ff3b61dce6ddf06c:0000000000000000
Nov 20 09:40:18 poligon racoon: DEBUG: ===
Nov 20 09:40:18 poligon racoon: DEBUG: 92 bytes message received from 88.88.88.1[500] to 10.10.10.222[500]
Nov 20 09:40:18 poligon racoon: DEBUG: ff3b61dc e6ddf06c b15bed4a 7898398d 0b100500 00000000 0000005c 00000040 00000001 0000000
Nov 20 09:40:18 poligon racoon: DEBUG: receive Information.
Nov 20 09:40:18 poligon racoon: DEBUG: begin.
Nov 20 09:40:18 poligon racoon: DEBUG: seen nptype=11(notify)
Nov 20 09:40:18 poligon racoon: DEBUG: succeed.
Nov 20 09:40:19 poligon racoon: DEBUG2: getph1byaddr: start
Nov 20 09:40:19 poligon racoon: DEBUG2: local: 10.10.10.222[0]
Nov 20 09:40:19 poligon racoon: DEBUG2: remote: 88.88.88.1[0]
Nov 20 09:40:19 poligon racoon: DEBUG2: p->local: 10.10.10.222[500]
Nov 20 09:40:19 poligon racoon: DEBUG2: p->remote: 88.88.88.1[500]
Nov 20 09:40:19 poligon racoon: DEBUG2: matched
Nov 20 09:40:19 poligon racoon: DEBUG2: CHKPH1THERE: no established ph1 handler found


setkey -D
No SAD entries.

есть у когонить идеи ?

Re: l2tp over ipsec

Добавлено: 2009-01-19 23:27:22
Kos
Удалось решить? Можна пример рабочих конфигов?

Re: l2tp over ipsec

Добавлено: 2009-01-20 10:49:16
doker
пока нет
решу - выложу
Часовой пояс: UTC+03:00
Страница 1 из 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/