znaczacy > comp.os.* > comp.os.linux.sieci

MaRc (18.11.2010, 12:22)
witam
mecze sie z ipsec/l2tp. oglnie dziala, uwierzytelnia sie. ale mam dwa
komputery klienckie, ktre sa za tym samym routerem ale maja rzne
loginy/hasla dla xl2tp.
z logw widze, ze ipsec zestawia polaczenie:

Nov 18 11:06:13 sat pluto[10624]: "roadwarrior-l2tp"[12] 77.77.37.1 #12:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x99bd74f4
<0x5216e16a xfrm=3DES_0-HMAC_MD5 NATOA=10.0.2.15 NATD=77.77.37.1:41720
DPD=none}

ale juz daemon xltpd krzyczy, z danym peerem juz ma polaczenie:

Nov 18 11:06:15 sat xl2tpd[10414]: control_finish: Peer requested tunnel 3
twice, ignoring second one.
Nov 18 11:06:15 sat pluto[10624]: initiate on demand from 77.77.33.14:1701
to 77.77.37.1:1701 proto=17 state: fos_start because: acquire
Nov 18 11:06:16 sat xl2tpd[10414]: control_finish: Peer requested tunnel 3
twice, ignoring second one.
Nov 18 11:06:20 sat xl2tpd[10414]: Maximum retries exceeded for tunnel
3526. Closing.
Nov 18 11:06:20 sat xl2tpd[10414]: control_finish: Peer requested tunnel 3
twice, ignoring second one.
Nov 18 11:06:20 sat xl2tpd[10414]: Connection 3 closed to 77.77.37.1, port
1701 (Timeout)
Nov 18 11:06:25 sat pluto[10624]: "roadwarrior-l2tp"[12] 77.77.37.1 #11:
received Delete SA(0x99bd74f4) payload: deleting IPSEC State #12
Nov 18 11:06:25 sat pluto[10624]: "roadwarrior-l2tp"[12] 77.77.37.1 #11:
received and ignored informational message
Nov 18 11:06:25 sat pluto[10624]: "roadwarrior-l2tp"[12] 77.77.37.1 #11:
received Delete SA payload: deleting ISAKMP State #11
Nov 18 11:06:25 sat pluto[10624]: "roadwarrior-l2tp"[12] 77.77.37.1:
deleting connection "roadwarrior-l2tp" instance with peer 77.77.37.1
{isakmp=#0/ipsec=#0}
Nov 18 11:06:25 sat pluto[10624]: packet from 77.77.37.1:41720: received
and ignored informational message
Nov 18 11:06:25 sat xl2tpd[10414]: Unable to deliver closing message for
tunnel 3526. Destroying anyway.

/etc/ipsec.conf

version 2.0 # conforms to second version of ipsec.conf specification

config setup
plutodebug="none"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
interfaces=%defaultroute
forwardcontrol=yes

conn roadwarrior-l2tp
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior

conn roadwarrior
auth=esp
authby=secret
compress=yes
keyexchange=ike
keyingtries=3
pfs=no
rekey=yes
left=77.77.33.14
right=%any
rightsubnet=vhost:%no,%priv
auto=add

/etc/xl2ptd/xl2ptd.conf

[global] ; Global parameters:
port = 1701
listen-addr = 77.77.33.14

[lns default]
ip range = 172.17.2.100-172.17.2.150
local ip = 172.17.2.1
require chap = yes
require authentication = yes
name = ipsec
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd

czy to jest przypadlosc l2tp, ze tak sie nie da czy moze cos zle jeszcze
zrobilem?

w sumie w manualu znalazlem cos takiego:
Multiple L2TP clients behind the same NAT router, and multiple L2TP
clients behind different NAT routers using the same Virtual IP is
currently only working for the KLIPSNG stack.

ale jak moge uruchomic KLIPSNG?
MaRc (23.11.2010, 18:54)
nikt nie uzywa vpn'ow??
Stachu 'Dozzie' K. (23.11.2010, 19:26)
On 2010-11-23, MaRc <marc> wrote:
> nikt nie uywa vpn'ow??


Nie. Po prostu ci wszyscy olali.
MaRc (23.11.2010, 19:40)
> Nie. Po prostu ci wszyscy olali.
>


no trudno. life is brutal
MaRc (23.11.2010, 20:31)
> /etc/ipsec.conf
[..]
> right=%any
> rightsubnet=vhost:%no,%priv
> auto=add


moze komus sie przyda rozwiazanie.
wystarczy do polaczenia dopisac:

leftnexthop=%defaultroute

i dziala z:)
Sergiusz Rozanski (24.11.2010, 00:17)
Dnia 23.11.2010 MaRc <marc> napisal/a:
> nikt nie uzywa vpn'ow??


ja uzywam ale pptp, oglnie to dodaj polaczeni, next, host next, login, haslo nex,
nex i idzie, tylko dla latwosci setupu :) dla ZU.
Podobne wtki