Portál AbcLinuxu, 11. května 2025 04:43

Dotaz: Ubuntu jako l2tp over ipsec klient

20.1.2020 14:03 DanielM
Ubuntu jako l2tp over ipsec klient
Přečteno: 465×
Odpovědět | Admin

Snazim se pripojit k L2TP/IPSec VPN serveru, ktery bezi na ZyWallu USG60 z Ubuntu 16.04 (server). Na serveru nepouzivam Network managera takze vetsina navodu na netu jsou mi k nicemu. Nainstaloval jsem Strongswan a xl2tpd. Provedl jsem konfiguraci dle navodu na netu. Bohuzel se mi nedari pripojit. V logu xl2tp je zprava
control_finish: Connection closed to 88.103.xxx.xxx, port 1701 (No IPSec protection for the L2TP tunnel), Local: 9502, Remote: 19933
. Na ZyWallu je nastaveni funkcni - pripojeni z Mikrotik, Windows funguje.

ipsec.conf 
conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  authby=secret
  ike=3des-sha1
  esp=3des-sha1-modp1536
 
conn myvpn
  keyexchange=ikev1
  left=%defaultroute
  auto=add
  authby=secret
  type=transport
  leftprotoport=17/1701
  rightprotoport=17/1701
  right=88.103.xxx.xxx
/etc/ipsec.secrets 

: PSK "predsdiLENEvelmitajnouckEHeslicko"
/etc/xl2tpd/xl2tpd.conf 

[global]
debug tunnel = yes

[lac myvpn]
lns = 88.103.xxx.xxx
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client 

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name prihlasovaciJmenoUzivatele
password hesloUzivatele
Pripojuji se pomoci echo "c myvpn" > /var/run/xl2tpd/l2tp-control
Nástroje: Začni sledovat (0) ?Zašle upozornění na váš email při vložení nového komentáře.

Odpovědi

20.1.2020 14:40 NN
Rozbalit Rozbalit vše Re: Ubuntu jako l2tp over ipsec klient
Odpovědět | | Sbalit | Link | Blokovat | Admin 
No IPSec protection for the L2TP tunnel
Nebezi ti IPsec tunel..
21.1.2020 10:14 DanielM
Rozbalit Rozbalit vše Re: Ubuntu jako l2tp over ipsec klient
Jasne to me uprimne doslo. Strongswan jede. Takze kde by mohl byt problem?
21.1.2020 14:32 DanielM
Rozbalit Rozbalit vše Re: Ubuntu jako l2tp over ipsec klient
Odpovědět | | Sbalit | Link | Blokovat | Admin
Logy 

led 21 14:25:38 srv03 charon[6612]: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.15.0-74-generic, x86_64)
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
led 21 14:25:38 srv03 charon[6612]: 00[CFG]   loaded IKE secret for %any
led 21 14:25:38 srv03 charon[6612]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
led 21 14:25:38 srv03 charon[6612]: 00[CFG] loaded 0 RADIUS server configurations
led 21 14:25:38 srv03 charon[6612]: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity
led 21 14:25:38 srv03 charon[6612]: 00[LIB] dropped capabilities, running as uid 0, gid 0
led 21 14:25:38 srv03 charon[6612]: 00[JOB] spawning 16 worker threads
led 21 14:25:38 srv03 ipsec_starter[6611]: charon (6612) started after 20 ms
led 21 14:25:38 srv03 charon[6612]: 05[CFG] received stroke: add connection 'myvpn'
led 21 14:25:38 srv03 charon[6612]: 05[CFG] added configuration 'myvpn'


led 21 14:26:07 srv03 systemd[1]: Started LSB: layer 2 tunelling protocol daemon.
led 21 14:26:07 srv03 xl2tpd[6649]: Forked by Scott Balmos and David Stipp, (C) 2001
led 21 14:26:07 srv03 xl2tpd[6649]: Inherited by Jeff McAdams, (C) 2002
led 21 14:26:07 srv03 xl2tpd[6649]: Forked again by Xelerance (www.xelerance.com) (C) 2006
led 21 14:26:07 srv03 xl2tpd[6649]: Listening on IP address 0.0.0.0, port 1701
led 21 14:26:43 srv03 xl2tpd[6649]: get_call: allocating new tunnel for host 88.103.xxx.xxx, port 1701.
led 21 14:26:43 srv03 xl2tpd[6649]: Connecting to host 88.103.xxx.xxx, port 1701
led 21 14:26:43 srv03 xl2tpd[6649]: control_finish: Connection closed to 88.103.xxx.xxx, port 1701 (No IPSec protection for the L2TP tunnel), Local: 22260, Remote: 17592
led 21 14:26:43 srv03 xl2tpd[6649]: build_fdset: closing down tunnel 22260
3.2.2020 09:01 MM
Rozbalit Rozbalit vše Re: Ubuntu jako l2tp over ipsec klient
A vytocil si tu VPN? Podla logu nevyzera... Nieco ako "ipsec start myvpn"

Založit nové vláknoNahoru

Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.