VPN Ipsec l2tp debian
Publié : mar. 4 févr. 2014 19:37
yop,
bon je me galère avec mon vpn ^^
j'ai suivis ce tuto:
https://mnt-tech.fr/monter-un-serveur-l ... ur-debian/
pas de soucis tout le long, juste impossible de connecter mon téléphone android au vpn, j'ai ca dans syslog:
[cpp]Feb 4 20:26:17 VPN xl2tpd[3529]: Unable to deliver closing message for tunnel 39144. Destroying anyway.
Feb 4 20:28:10 VPN xl2tpd[3529]: death_handler: Fatal signal 15 received
Feb 4 20:28:11 VPN xl2tpd[3651]: setsockopt recvref[30]: Protocol not available
Feb 4 20:28:11 VPN xl2tpd[3651]: This binary does not support kernel L2TP.
Feb 4 20:28:11 VPN xl2tpd[3652]: xl2tpd version xl2tpd-1.3.1 started on VPN PID:3652
Feb 4 20:28:11 VPN xl2tpd[3652]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 4 20:28:11 VPN xl2tpd[3652]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 4 20:28:11 VPN xl2tpd[3652]: Inherited by Jeff McAdams, (C) 2002
Feb 4 20:28:11 VPN xl2tpd[3652]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 4 20:28:11 VPN xl2tpd[3652]: Listening on IP address 192.168.1.52, port 1701
Feb 4 20:29:26 VPN xl2tpd[3652]: handle_challenge: no secret found for us='VPN' and them='anonymous'
Feb 4 20:29:28 VPN xl2tpd[3652]: check_control: Received out of order control packet on tunnel -1 (got 1, expected 0)
Feb 4 20:29:28 VPN xl2tpd[3652]: handle_packet: bad control packet!
Feb 4 20:29:33 VPN xl2tpd[3652]: Maximum retries exceeded for tunnel 60519. Closing.
Feb 4 20:29:33 VPN xl2tpd[3652]: Connection 58254 closed to 192.168.1.159, port 37880 (Timeout)
Feb 4 20:29:38 VPN xl2tpd[3652]: Unable to deliver closing message for tunnel 60519. Destroying anyway.
[/cpp]
le serveur est en local sur le lan en 192 et mon téléphone est en wifi sur le même lan, je pense pas que ca pose problème.
je peux filer les fichiers de conf sans soucis:
ipsec.conf
[cpp]# /etc/ipsec.conf - Openswan IPsec configuration file
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Subnet ID 172.16.90.0
# Broadcast 172.16.90.7
# Range 172.16.90.1 - 6
# Netmask 255.255.255.248
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,!%v4:172.16.90.0/29
oe=off
protostack=auto
plutoopts="--interface=eth0"
# Add connections here
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=192.168.1.52
leftprotoport=17/1701
leftnexthop=%defaultroute
right=%any
rightprotoport=17/%any
# Evite un bug a la deconnexion empechant la reconnexion avec OSX et iOs
dpddelay=15
dpdtimeout=30
dpdaction=clear
[/cpp]
ipsec.secrets:
[cpp]# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created RSA keys
# adresseduserveur %any: PSK "clepartagee"
#66.66.66.66 %any: PSK "monpasswordrandomquitue"
192.168.1.52 %any: PSK "TestClePSKIPSEC"[/cpp]
xl2tpd.conf:
[cpp][global]
listen-addr = 192.168.1.52
[lns default]
ip range = 172.16.90.2-172.16.90.5
local ip = 172.16.90.1
length bit = yes
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
[/cpp]
options.xl2tpd;
[cpp]require-mschap-v2
ms-dns 8.8.8.8
asyncmap 0
auth
crtscts
mtu 1400
mru 1400
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
[/cpp]
chap-secrets:
[cpp]# Secrets for authentication using CHAP
# client server secret IP addresses
gizmo15 l2tpd BorisTEST 172.16.90.2
[/cpp]
une idée du soucis?
merci
bon je me galère avec mon vpn ^^
j'ai suivis ce tuto:
https://mnt-tech.fr/monter-un-serveur-l ... ur-debian/
pas de soucis tout le long, juste impossible de connecter mon téléphone android au vpn, j'ai ca dans syslog:
[cpp]Feb 4 20:26:17 VPN xl2tpd[3529]: Unable to deliver closing message for tunnel 39144. Destroying anyway.
Feb 4 20:28:10 VPN xl2tpd[3529]: death_handler: Fatal signal 15 received
Feb 4 20:28:11 VPN xl2tpd[3651]: setsockopt recvref[30]: Protocol not available
Feb 4 20:28:11 VPN xl2tpd[3651]: This binary does not support kernel L2TP.
Feb 4 20:28:11 VPN xl2tpd[3652]: xl2tpd version xl2tpd-1.3.1 started on VPN PID:3652
Feb 4 20:28:11 VPN xl2tpd[3652]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 4 20:28:11 VPN xl2tpd[3652]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 4 20:28:11 VPN xl2tpd[3652]: Inherited by Jeff McAdams, (C) 2002
Feb 4 20:28:11 VPN xl2tpd[3652]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 4 20:28:11 VPN xl2tpd[3652]: Listening on IP address 192.168.1.52, port 1701
Feb 4 20:29:26 VPN xl2tpd[3652]: handle_challenge: no secret found for us='VPN' and them='anonymous'
Feb 4 20:29:28 VPN xl2tpd[3652]: check_control: Received out of order control packet on tunnel -1 (got 1, expected 0)
Feb 4 20:29:28 VPN xl2tpd[3652]: handle_packet: bad control packet!
Feb 4 20:29:33 VPN xl2tpd[3652]: Maximum retries exceeded for tunnel 60519. Closing.
Feb 4 20:29:33 VPN xl2tpd[3652]: Connection 58254 closed to 192.168.1.159, port 37880 (Timeout)
Feb 4 20:29:38 VPN xl2tpd[3652]: Unable to deliver closing message for tunnel 60519. Destroying anyway.
[/cpp]
le serveur est en local sur le lan en 192 et mon téléphone est en wifi sur le même lan, je pense pas que ca pose problème.
je peux filer les fichiers de conf sans soucis:
ipsec.conf
[cpp]# /etc/ipsec.conf - Openswan IPsec configuration file
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Subnet ID 172.16.90.0
# Broadcast 172.16.90.7
# Range 172.16.90.1 - 6
# Netmask 255.255.255.248
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,!%v4:172.16.90.0/29
oe=off
protostack=auto
plutoopts="--interface=eth0"
# Add connections here
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=192.168.1.52
leftprotoport=17/1701
leftnexthop=%defaultroute
right=%any
rightprotoport=17/%any
# Evite un bug a la deconnexion empechant la reconnexion avec OSX et iOs
dpddelay=15
dpdtimeout=30
dpdaction=clear
[/cpp]
ipsec.secrets:
[cpp]# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created RSA keys
# adresseduserveur %any: PSK "clepartagee"
#66.66.66.66 %any: PSK "monpasswordrandomquitue"
192.168.1.52 %any: PSK "TestClePSKIPSEC"[/cpp]
xl2tpd.conf:
[cpp][global]
listen-addr = 192.168.1.52
[lns default]
ip range = 172.16.90.2-172.16.90.5
local ip = 172.16.90.1
length bit = yes
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
[/cpp]
options.xl2tpd;
[cpp]require-mschap-v2
ms-dns 8.8.8.8
asyncmap 0
auth
crtscts
mtu 1400
mru 1400
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
[/cpp]
chap-secrets:
[cpp]# Secrets for authentication using CHAP
# client server secret IP addresses
gizmo15 l2tpd BorisTEST 172.16.90.2
[/cpp]
une idée du soucis?
merci