Я следовал инструкциям отсюда:http://samsclass.info/ipv6/proj/proj-L5-VPN-Server.html
Я использовал те же самые файлы, которые были размещены на этом сайте. На моем маршрутизаторе у меня есть перенаправленные порты 500 UDP и 4500 UDP в ящик Ubuntu. На Android, когда я пытаюсь, он переходит в «Подключение ...», а затем в «Тайм-аут». Также тестируется на iOS (iPad) и тоже не работает. Я заметил, что syslog не имеет ничего из xl2tpd для каждой попытки подключения, поэтому я предполагаю, что ipsec openswan не передает трафик в xl2tpd?
Все шаги из руководства были выполнены:
added local ip address 172.22.1.1 eth0:0 (the Ubuntu box has eth0 192.168.0.50)
installed openswan
edited ipsec.conf, ipsec.secrets
stopped redirects
ipsec verify
restarted openswan
installed xl2tpd
edited xl2tpd.conf
ppp was already installed, so skipped this step
edited options.xl2tpd and chaps-secrets
restarted xl2tpd
[Ipsec.conf]
# diff ipsec.conf ipsec.conf.template
21c21
< left=192.168.0.50
---
> left=YOUR.SERVER.IP.ADDRESS
.50 IP-адрес - это eth0 IP-адрес сервера Ubuntu в моей локальной сети.
[ipsec.secrets]
# cat /etc/ipsec.secrets
192.168.0.50 %any: PSK "YourSharedSecret"
[xl2tpd.conf / options.xl2tpd / chap-secrets]
Все 3 файла идентичны примерам, представленным на сайте.
=== /var/log/auth.log
Sep 20 02:05:51 sbowne pluto[12590]: packet from 166.147.67.29:58529: received Vendor ID payload [RFC 3947] method set to=115
Sep 20 02:05:51 sbowne pluto[12590]: packet from 166.147.67.29:58529: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Sep 20 02:05:51 sbowne pluto[12590]: packet from 166.147.67.29:58529: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Sep 20 02:05:51 sbowne pluto[12590]: packet from 166.147.67.29:58529: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 20 02:05:51 sbowne pluto[12590]: packet from 166.147.67.29:58529: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Sep 20 02:05:51 sbowne pluto[12590]: packet from 166.147.67.29:58529: received Vendor ID payload [Dead Peer Detection]
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: responding to Main Mode from unknown peer 166.147.67.29
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: Main mode peer ID is ID_IPV4_ADDR: '10.4.23.140'
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[1] 166.147.67.29 #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: deleting connection "L2TP-PSK-NAT" instance with peer 166.147.67.29 {isakmp=#0/ipsec=#0}
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: new NAT mapping for #1, was 166.147.67.29:58529, now 166.147.67.29:37048
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep 20 02:05:51 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: received and ignored informational message
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #1: the peer proposed: 98.201.212.153/32:17/1701 -> 10.4.23.140/32:17/0
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: responding to Quick Mode proposal {msgid:76a9dec2}
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: us: 192.168.0.50<192.168.0.50>:17/1701
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: them: 166.147.67.29[10.4.23.140]:17/0===10.4.23.140/32
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 20 02:05:52 sbowne pluto[12590]: "L2TP-PSK-NAT"[2] 166.147.67.29 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x01bbb0b5 <0xee2829cb xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=166.147.67.29:37048 DPD=none}
=== /var/log/syslog
Sep 20 02:00:52 sbowne kernel: [28283.272399] NET: Unregistered protocol family 15
Sep 20 02:00:52 sbowne ipsec_setup: ...Openswan IPsec stopped
Sep 20 02:00:52 sbowne kernel: [28283.357232] NET: Registered protocol family 15
Sep 20 02:00:52 sbowne ipsec_setup: Starting Openswan IPsec U2.6.38/K3.8.0-19-generic...
Sep 20 02:00:52 sbowne ipsec_setup: Using NETKEY(XFRM) stack
Sep 20 02:00:52 sbowne kernel: [28283.414490] Initializing XFRM netlink socket
Sep 20 02:00:52 sbowne kernel: [28283.446177] AVX instructions are not detected.
Sep 20 02:00:52 sbowne kernel: [28283.450489] AVX instructions are not detected.
Sep 20 02:00:52 sbowne kernel: [28283.459554] AVX instructions are not detected.
Sep 20 02:00:52 sbowne kernel: [28283.462983] AVX instructions are not detected.
Sep 20 02:00:52 sbowne kernel: [28283.470054] AVX or AES-NI instructions are not detected.
Sep 20 02:00:52 sbowne ipsec_setup: multiple ip addresses, using 192.168.0.50 on eth0
Sep 20 02:00:52 sbowne ipsec_setup: ...Openswan IPsec started
Sep 20 02:00:52 sbowne ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Sep 20 02:00:52 sbowne pluto: adjusting ipsec.d to /etc/ipsec.d
Sep 20 02:00:52 sbowne ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Sep 20 02:00:52 sbowne ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
Sep 20 02:03:17 sbowne xl2tpd[8264]: death_handler: Fatal signal 15 received
Sep 20 02:03:19 sbowne xl2tpd[12634]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
Sep 20 02:03:19 sbowne xl2tpd[12634]: setsockopt recvref[30]: Protocol not available
Sep 20 02:03:19 sbowne xl2tpd[12634]: This binary does not support kernel L2TP.
Sep 20 02:03:19 sbowne xl2tpd[12635]: xl2tpd version xl2tpd-1.3.1 started on sbowne PID:12635
Sep 20 02:03:19 sbowne xl2tpd[12635]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Sep 20 02:03:19 sbowne xl2tpd[12635]: Forked by Scott Balmos and David Stipp, (C) 2001
Sep 20 02:03:19 sbowne xl2tpd[12635]: Inherited by Jeff McAdams, (C) 2002
Sep 20 02:03:19 sbowne xl2tpd[12635]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Sep 20 02:03:19 sbowne xl2tpd[12635]: Listening on IP address 0.0.0.0, port 1701