Jump to content
Как правильно добавить self-test и прочую отладку в тему

Помогите настроить L2TP/IPSec

pachalia
 Share

Recommended Posts

pachalia Content Generator

pachalia

Posted
Posted

У меня не получается настроить L2TP/IPSec соединение. Вот журнал:

Скрытый текст
Sep 03 10:33:35ndm
Network::Interface::Base: "L2TP0": interface is up.
Sep 03 10:33:35ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Sep 03 10:33:35ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Sep 03 10:33:35ndm
IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.
Sep 03 10:33:35ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "91.105.238.11".
Sep 03 10:33:35ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "10.2.48.1" (via "GigabitEthernet1").
Sep 03 10:33:35ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 91.105.238.11 via 10.2.48.254 (GigabitEthernet1).
Sep 03 10:33:35ndm
Network::Interface::Base: "L2TP0": static MTU reset to default.
Sep 03 10:33:35ndm
Network::Interface::Base: "L2TP0": network MTU is 1400.
Sep 03 10:33:35ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Sep 03 10:33:35ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Sep 03 10:33:37ndm
IpSec::Manager: create IPsec reconfiguration transaction...
Sep 03 10:33:37ndm
IpSec::Manager: add config for crypto map "L2TP0".
Sep 03 10:33:37ndm
IpSec::Manager: IPsec reconfiguration transaction was created.
Sep 03 10:33:37ndm
IpSec::Configurator: start applying IPsec configuration.
Sep 03 10:33:37ndm
IpSec::Configurator: IPsec configuration applying is done.
Sep 03 10:33:37ndm
IpSec::Configurator: start reloading IKE keys task.
Sep 03 10:33:37ndm
Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer.
Sep 03 10:33:37ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Sep 03 10:33:37ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Sep 03 10:33:37ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "91.105.238.11".
Sep 03 10:33:37ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "10.2.48.1" (via "GigabitEthernet1").
Sep 03 10:33:37ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 91.105.238.11 via 10.2.48.254 (GigabitEthernet1).
Sep 03 10:33:37ndm
Network::Interface::Base: "L2TP0": static MTU reset to default.
Sep 03 10:33:37ndm
Network::Interface::Base: "L2TP0": network MTU is 1400.
Sep 03 10:33:37ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Sep 03 10:33:37ndm
IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.
Sep 03 10:33:37ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Sep 03 10:33:37ipsec
15[CFG] rereading secrets
Sep 03 10:33:37ipsec
15[CFG] loading secrets
Sep 03 10:33:37ipsec
15[CFG] loaded IKE secret for cmap:L2TP0
Sep 03 10:33:37ipsec
15[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'
Sep 03 10:33:37ipsec
15[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'
Sep 03 10:33:37ipsec
15[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'
Sep 03 10:33:37ipsec
15[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'
Sep 03 10:33:37ipsec
15[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'
Sep 03 10:33:37ndm
IpSec::Configurator: reloading IKE keys task done.
Sep 03 10:33:37ndm
IpSec::Configurator: start reloading IPsec config task.
Sep 03 10:33:37ipsec
04[CFG] received stroke: delete connection 'L2TP0'
Sep 03 10:33:37ipsec
04[CFG] deleted connection 'L2TP0'
Sep 03 10:33:37ipsec
00[DMN] signal of type SIGHUP received. Reloading configuration
Sep 03 10:33:37ipsec
07[CFG] received stroke: add connection 'L2TP0'
Sep 03 10:33:37ipsec
00[CFG] loaded 0 entries for attr plugin configuration
Sep 03 10:33:37ipsec
07[CFG] added configuration 'L2TP0'
Sep 03 10:33:38ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Sep 03 10:33:38ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Sep 03 10:33:38ndm
IpSec::Configurator: reloading IPsec config task done.
Sep 03 10:33:39ndm
IpSec::Configurator: crypto map "L2TP0" shutdown started.
Sep 03 10:33:39ipsec
09[CFG] received stroke: unroute 'L2TP0'
Sep 03 10:33:39ndm
IpSec::Manager: create IPsec reconfiguration transaction...
Sep 03 10:33:39ipsec
04[CFG] received stroke: terminate 'L2TP0{*}'
Sep 03 10:33:39ipsec
12[IKE] closing CHILD_SA L2TP0{2} with SPIs ce1cb0f7_i (228 bytes) cddbf682_o (642 bytes) and TS 10.2.48.1/32[udp] === 91.105.238.11/32[udp/l2tp]
Sep 03 10:33:39ipsec
08[CFG] received stroke: terminate 'L2TP0[*]'
Sep 03 10:33:39ndm
IpSec::Configurator: crypto map "L2TP0" shutdown complete.
Sep 03 10:33:39ndm
IpSec::Configurator: crypto map "L2TP0" active IKE SA: 0, active CHILD SA: 0.
Sep 03 10:33:39ndm
IpSec::Manager: add config for crypto map "L2TP0".
Sep 03 10:33:39ndm
kernel: EIP93: release SPI ce1cb0f7
Sep 03 10:33:39ndm
kernel: EIP93: release SPI cddbf682
Sep 03 10:33:39ipsec
12[IKE] sending DELETE for ESP CHILD_SA with SPI ce1cb0f7
Sep 03 10:33:39ipsec
11[IKE] deleting IKE_SA L2TP0[2] between 10.2.48.1[10.2.48.1]...91.105.238.11[91.105.238.11]
Sep 03 10:33:39ipsec
11[IKE] sending DELETE for IKE_SA L2TP0[2]
Sep 03 10:33:39ndm
IpSec::Manager: IPsec reconfiguration transaction was created.
Sep 03 10:33:39ndm
IpSec::Configurator: crypto map "L2TP0" active IKE SA: 0, active CHILD SA: 0.
Sep 03 10:33:39ndm
IpSec::Configurator: start applying IPsec configuration.
Sep 03 10:33:39ndm
IpSec::Configurator: IPsec configuration applying is done.
Sep 03 10:33:39ndm
IpSec::Configurator: start reloading IKE keys task.
Sep 03 10:33:40ipsec
05[CFG] rereading secrets
Sep 03 10:33:40ipsec
05[CFG] loading secrets
Sep 03 10:33:40ipsec
05[CFG] loaded IKE secret for cmap:L2TP0
Sep 03 10:33:40ipsec
05[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'
Sep 03 10:33:40ipsec
05[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'
Sep 03 10:33:40ipsec
05[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'
Sep 03 10:33:40ipsec
05[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'
Sep 03 10:33:40ipsec
05[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'
Sep 03 10:33:40ndm
IpSec::Configurator: reloading IKE keys task done.
Sep 03 10:33:40ndm
IpSec::Configurator: start reloading IPsec config task.
Sep 03 10:33:40ipsec
13[CFG] received stroke: delete connection 'L2TP0'
Sep 03 10:33:40ipsec
13[CFG] deleted connection 'L2TP0'
Sep 03 10:33:40ipsec
00[DMN] signal of type SIGHUP received. Reloading configuration
Sep 03 10:33:40ipsec
00[CFG] loaded 0 entries for attr plugin configuration
Sep 03 10:33:40ipsec
09[CFG] received stroke: add connection 'L2TP0'
Sep 03 10:33:40ipsec
09[CFG] added configuration 'L2TP0'
Sep 03 10:33:40ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Sep 03 10:33:40ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Sep 03 10:33:40ndm
IpSec::Configurator: reloading IPsec config task done.
Sep 03 10:33:40ndm
Network::Interface::Supplicant: "L2TP0": authnentication is unchanged.
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": description saved.
Sep 03 10:33:40ndm
Network::Interface::Ppp: "L2TP0": peer set.
Sep 03 10:33:40ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Sep 03 10:33:40ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "91.105.238.11".
Sep 03 10:33:40ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "10.2.48.1" (via "GigabitEthernet1").
Sep 03 10:33:40ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 91.105.238.11 via 10.2.48.254 (GigabitEthernet1).
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": static MTU reset to default.
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": network MTU is 1400.
Sep 03 10:33:40ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Sep 03 10:33:40ndm
IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.
Sep 03 10:33:40ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Sep 03 10:33:40ndm
Network::Interface::Supplicant: "L2TP0": identity is unchanged.
Sep 03 10:33:40ndm
Network::Interface::Supplicant: "L2TP0": password is unchanged.
Sep 03 10:33:40ndm
Network::Interface::IP: "L2TP0": IP address cleared.
Sep 03 10:33:40ndm
Network::Interface::Ppp: "L2TP0": remote address erased.
Sep 03 10:33:40ndm
Network::Interface::IP: "L2TP0": global priority enabled.
Sep 03 10:33:40ndm
Network::Interface::IP: "L2TP0": TCP-MSS adjustment enabled.
Sep 03 10:33:40ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Sep 03 10:33:40ndm
Network::Interface::Secure: "L2TP0": preshared key was set.
Sep 03 10:33:40ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "91.105.238.11".
Sep 03 10:33:40ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "10.2.48.1" (via "GigabitEthernet1").
Sep 03 10:33:40ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 91.105.238.11 via 10.2.48.254 (GigabitEthernet1).
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": static MTU reset to default.
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": network MTU is 1400.
Sep 03 10:33:40ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": interface is up.
Sep 03 10:33:40ndm
Network::Interface::Base: "L2TP0": schedule cleared.
Sep 03 10:33:40ndm
IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.
Sep 03 10:33:40ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Sep 03 10:33:40ndm
Dns::InterfaceSpecific: static name server list cleared on L2TP0.
Sep 03 10:33:40ndm
Dns::Manager: name server 8.8.8.8 is disregarded while Yandex.DNS is active.
Sep 03 10:33:40ndm
Dns::Manager: name server 8.8.8.8, domain (default) deleted.
Sep 03 10:33:40ndm
Dns::InterfaceSpecific: name server 8.8.8.8 added, domain (default), interface L2TP0.
Sep 03 10:33:41ndm
Core::ConfigurationSaver: saving configuration...
Sep 03 10:33:41ndm
IpSec::Configurator: crypto map "L2TP0" shutdown started.
Sep 03 10:33:42ipsec
15[CFG] received stroke: unroute 'L2TP0'
Sep 03 10:33:42ipsec
06[CFG] received stroke: terminate 'L2TP0{*}'
Sep 03 10:33:42ipsec
06[CFG] no CHILD_SA named 'L2TP0' found
Sep 03 10:33:42ipsec
07[CFG] received stroke: terminate 'L2TP0[*]'
Sep 03 10:33:42ipsec
07[CFG] no IKE_SA named 'L2TP0' found
Sep 03 10:33:42ndm
IpSec::Configurator: crypto map "L2TP0" shutdown complete.
Sep 03 10:33:42ndm
IpSec::Manager: create IPsec reconfiguration transaction...
Sep 03 10:33:42ndm
IpSec::Manager: add config for crypto map "L2TP0".
Sep 03 10:33:42ndm
IpSec::Manager: IPsec reconfiguration transaction was created.
Sep 03 10:33:43ndm
IpSec::Configurator: start applying IPsec configuration.
Sep 03 10:33:43ndm
IpSec::Configurator: IPsec configuration applying is done.
Sep 03 10:33:43ndm
IpSec::Configurator: start reloading IKE keys task.
Sep 03 10:33:43ipsec
11[CFG] rereading secrets
Sep 03 10:33:43ipsec
11[CFG] loading secrets
Sep 03 10:33:43ipsec
11[CFG] loaded IKE secret for cmap:L2TP0
Sep 03 10:33:43ipsec
11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'
Sep 03 10:33:43ipsec
11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'
Sep 03 10:33:43ipsec
11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'
Sep 03 10:33:43ndm
IpSec::Configurator: reloading IKE keys task done.
Sep 03 10:33:43ipsec
11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'
Sep 03 10:33:43ipsec
11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'
Sep 03 10:33:43ndm
IpSec::Configurator: start reloading IPsec config task.
Sep 03 10:33:43ipsec
05[CFG] received stroke: delete connection 'L2TP0'
Sep 03 10:33:43ipsec
05[CFG] deleted connection 'L2TP0'
Sep 03 10:33:43ipsec
00[DMN] signal of type SIGHUP received. Reloading configuration
Sep 03 10:33:43ipsec
15[CFG] received stroke: add connection 'L2TP0'
Sep 03 10:33:43ipsec
00[CFG] loaded 0 entries for attr plugin configuration
Sep 03 10:33:43ipsec
15[CFG] added configuration 'L2TP0'
Sep 03 10:33:43ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Sep 03 10:33:43ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Sep 03 10:33:43ndm
IpSec::Configurator: reloading IPsec config task done.
Sep 03 10:33:44ndm
Core::ConfigurationSaver: configuration saved.
Sep 03 10:33:45ndm
IpSec::Configurator: crypto map "L2TP0" shutdown started.
Sep 03 10:33:45ipsec
12[CFG] received stroke: unroute 'L2TP0'
Sep 03 10:33:45ipsec
11[CFG] received stroke: terminate 'L2TP0{*}'
Sep 03 10:33:45ipsec
11[CFG] no CHILD_SA named 'L2TP0' found
Sep 03 10:33:45ipsec
13[CFG] received stroke: terminate 'L2TP0[*]'
Sep 03 10:33:45ipsec
13[CFG] no IKE_SA named 'L2TP0' found
Sep 03 10:33:45ndm
IpSec::Configurator: crypto map "L2TP0" shutdown complete.
Sep 03 10:33:46ipsec
09[CFG] received stroke: initiate 'L2TP0'
Sep 03 10:33:46ipsec
06[IKE] sending DPD vendor ID
Sep 03 10:33:46ipsec
06[IKE] sending FRAGMENTATION vendor ID
Sep 03 10:33:46ipsec
06[IKE] sending NAT-T (RFC 3947) vendor ID
Sep 03 10:33:46ipsec
06[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Sep 03 10:33:46ipsec
06[IKE] initiating Main Mode IKE_SA L2TP0[3] to 91.105.238.11
Sep 03 10:33:46ndm
IpSec::Configurator: crypto map "L2TP0" initialized.
Sep 03 10:33:46ipsec
07[IKE] received XAuth vendor ID
Sep 03 10:33:46ipsec
07[IKE] received DPD vendor ID
Sep 03 10:33:46ipsec
07[IKE] received FRAGMENTATION vendor ID
Sep 03 10:33:46ipsec
07[IKE] received NAT-T (RFC 3947) vendor ID
Sep 03 10:33:46ipsec
07[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024/#
Sep 03 10:33:46ipsec
07[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536/#, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024/#, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536/#, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024/#, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536/#, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024/#
Sep 03 10:33:46ipsec
07[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024/#
Sep 03 10:33:46ipsec
08[IKE] found linked key for crypto map 'L2TP0'
Sep 03 10:33:46ipsec
08[IKE] local host is behind NAT, sending keep alives
Sep 03 10:33:46ipsec
10[IKE] IKE_SA L2TP0[3] established between 10.2.48.1[10.2.48.1]...91.105.238.11[91.105.238.11]
Sep 03 10:33:46ipsec
10[IKE] scheduling reauthentication in 28778s
Sep 03 10:33:46ipsec
10[IKE] maximum IKE_SA lifetime 28798s
Sep 03 10:33:46ndm
IpSec::Configurator: crypto map "L2TP0" active IKE SA: 1, active CHILD SA: 0.
Sep 03 10:33:46ipsec
11[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/#/#/NO_EXT_SEQ
Sep 03 10:33:46ipsec
11[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/#/#/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/#/#/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/#/#/NO_EXT_SEQ
Sep 03 10:33:46ipsec
11[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/#/#/NO_EXT_SEQ
Sep 03 10:33:46ipsec
11[IKE] received 21474836000 lifebytes, configured 21474836480
Sep 03 10:33:46ipsec
11[IKE] CHILD_SA L2TP0{3} established with SPIs cd852ac9_i c7a83a1d_o and TS 10.2.48.1/32[udp] === 91.105.238.11/32[udp/l2tp]
Sep 03 10:33:46ndm
IpSec::Configurator: crypto map "L2TP0" is up.
Sep 03 10:33:46ndm
IpSec::Configurator: crypto map "L2TP0" active IKE SA: 1, active CHILD SA: 1.
Sep 03 10:33:46ndm
Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.
Sep 03 10:33:46ndm
Network::Interface::Ppp: "L2TP0": enabled connection via any interface.
Sep 03 10:33:46ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Sep 03 10:33:46ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Sep 03 10:33:48l2tp[23179]
Plugin pppol2tp.so loaded.
Sep 03 10:33:49l2tp[23179]
pppd 2.4.4-4 started by root, uid 0
Sep 03 10:33:49ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 91.105.238.11 via 10.2.48.254 (GigabitEthernet1).
Sep 03 10:33:49pppd_L2TP0
l2tp_control v2.02
Sep 03 10:33:49pppd_L2TP0
remote host: 91.105.238.11
Sep 03 10:33:49pppd_L2TP0
local bind: 10.2.48.1
Sep 03 10:33:49ndm
kernel: EIP93: build outbound ESP connection, (SPI=c7a83a1d)
Sep 03 10:33:49ndm
kernel: EIP93: build inbound ESP connection, (SPI=cd852ac9)
Sep 03 10:33:53pppd_L2TP0
no ack, skip zlb on scccn
Sep 03 10:33:53pppd_L2TP0
no ack, skip zlb on iccn
Sep 03 10:33:54ndm
kernel: Fast VPN ctrl: setup for src 91.105.238.11
Sep 03 10:33:54pppd_L2TP0
using channel 37
Sep 03 10:33:54pppd_L2TP0
Using interface ppp0
Sep 03 10:33:54pppd_L2TP0
Connect: ppp0 <--> l2tp[0]
Sep 03 10:34:24pppd_L2TP0
LCP: timeout sending Config-Requests
Sep 03 10:34:24pppd_L2TP0
Connection terminated.
Sep 03 10:34:34pppd_L2TP0
Modem hangup
Sep 03 10:34:34pppd_L2TP0
Exit.
Sep 03 10:34:34ndm
kernel: Fast VPN ctrl: release for src 91.105.238.11
Sep 03 10:34:34ndm
Service: "L2TP0": unexpectedly stopped.

Что не так? Этот VPN с сайта hidemy.name.  Я ввёл все параметры которые были указанны на сайте. В результате подключится не может.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...