r.nahm
Apr 24, 2012, updated at 23:32:21 (UTC)
view4225
view3
0
Goto Top

Ipsec xl2tpd verbindung nicht möglich

GermansolvedQuestionLinux
Hi,

Nachdem ich mein serverseitiges problem gelöst habe, scheint es als ob meine confi nicht stimmt...

xl2tpd.conf :
# /etc/xl2tpd/xl2tpd.conf 
[global]
listen-addr = 134.0.25.###
auth file = /etc/vp/l2tp-secret
 
[lns]
ip range = 10.0.0.2 - 10.0.0.12
length bit = yes
local ip = 10.0.0.1
refuse chap = yes
refuse pap = yes
require authentication = yes
unix authentication = yes
pppoptfile = /etc/vpn/pppopt.xl2tpd
challenge = yes

l2tp-secret :
# Secrets for authenticating l2tp tunnels
# us    them    secret
# *             marko blah2
# zeus          marko   blah
# *     *       interop
*       *       l2tppasswd
pppopt.xl2tpd :
ipcp-accept-localipcp-accept-remote
ms-dns 8.8.8.8
noccp
noauth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

ipsec.conf :
# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
 
config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8
        protostack=netkey #protostack=mast # used for SAref + MAST only
        interfaces="%defaultroute"
        oe=off
 
conn l2tp-psk
        authby=secret
        pfs=no
        auto=add
        rekey=no
        # overlapip=yes         # for SAref + MAST
        # sareftrack=yes        # for SAref + MAST
        type=transport
        left=134.0.25.###
        leftprotoport=17/1701
        #
        # The remote user.
        #
        right=%any
        rightprotoport=17/%any
        rightsubnet=vhost:%priv,%no
<ipsec verify ergibt :
 Checking your system to see if IPsec got installed and started correctly:Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.28/K3.0.0-12-server (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]
 
  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!
 
Checking that pluto is running                                  [OK]
Pluto listening for IKE on udp 500                              [OK]
Pluto listening for NAT-T on udp 4500                           [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

Kann mir da jemand weiter helfen?

Lg Richard
comment-contentCommentShareShare
Share on Facebook Share on Twitter Share on Reddit Share on Linkedin

Content-Key: 184059

Url: https://administrator.de/contentid/184059

Printed on: April 18, 2024 at 18:04 o'clock

3 Comments
Latest comment
Goto Top
Member: r.nahm
r.nahm Apr 25, 2012 at 09:43:19 (UTC)
Goto Top
Exakte Fehlermeldung: Die Netzwerkverbindung kann nicht hergestellt werden. Ip stimmt user und pass (unix) auch
Member: r.nahm
r.nahm Apr 25, 2012 at 23:48:25 (UTC)
Goto Top
So ich bin nun ein wenig weiter gekommen...

Die vpn verbindung kommt nun wohl zustande bricht aber stets nach ca. 10 sek ab.

Die aktuellen configs:

Xl2tpd.conf :

 [global]                                                                ; Global parameters: port = 1701                                                    ; * Bind to port 1701
auth file = /etc/xl2tpd/l2tp-secrets    ; * Where our challenge secrets are
 
[lns default]                                                   ; Our fallthrough LNS definition
;exclusive = no                                         ; * Only permit one tunnel per host
ip range = 10.10.0.2-10.10.0.20         ; * Allocate from this IP range
local ip = 10.10.0.1                            ; * Our local IP to use
length bit = yes                                                ; * Use length bit in payload?
unix authentication = yes                               ; * Use /etc/passwd for auth.


Ipsec.conf :

 # /etc/ipsec.conf - Openswan IPsec configuration file 
version 2.0     # conforms to second version of ipsec.conf specification
 
# basic configuration
config setup
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes
        # exclude networks used on server side by adding %v4:!a.b.c.0/24
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        # OE is now off by default. Uncomment and change to on, to enable.
        oe=off
        # which IPsec stack to use. auto will try netkey, then klips then mast
        protostack=auto
 
 
conn testvpn
        left=134.0.25.###
        right=%any

Ipsec verify :

 root@vsrv#####:/etc/xl2tpd# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.28/K3.0.0-12-server (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking that pluto is running                                  [OK]
Pluto listening for IKE on udp 500                              [OK]
Pluto listening for NAT-T on udp 4500                           [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

Kann da jemand helfen?

LG
Member: r.nahm
r.nahm Apr 26, 2012 at 01:08:09 (UTC)
Goto Top
So kleine info zwichendurch...


tail -f /var/log/auth.log

 
Apr 26 02:58:06 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payl
Apr 26 02:58:26 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payload [RFC 3947] method set to=109
Apr 26 02:58:26 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using
method 10958:06 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payl
Apr 26 02:58:26 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already usin
g method 109:06 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payl
Apr 26 02:58:26 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr 26 02:58:26 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Apr 26 02:58:26 vsrv##### pluto[6828]: packet from 89.204.130.###:20762: initial Main Mode message received on 134.0.25.###:500 but no connection has been autho
rized with policy=PSK6856 pluto[6828]: packet from 89.204.130.###:20762: received Vendor ID payl

Dieser Block erscheint pro versuch 4 mal...dann kommt auf meim android vpn verbunden... Dann nach paar sec verbindung abgebrochen

Lg
GermansolvedQuestionLinux
Hotly discussed
AlexWishaHow to set up and configure a Linux GRE tunnelAlexWisha - 3 CommentsDaniEnd of Support dates for Office 2016, 2019 Apps und Productivity ServersDani - 1 CommentjstrickerWIREGUARD VPN ON UDM PRO BEHIND FRITZBOX - HANDSHAKE DID NOT COMPLETEjstricker