come da titolo avrei la necessità di effettuare un collegamento dal mio PC verso un'azienda che fornisce una VPN L2TP/IPSec.
Ho già testato la cosa da Windows XP e funziona tutto correttamente ma, son testardo, vorrei riuscirci anche dalla Slackware 13.1
Ho installato strongSwan-4.6.2 e xl2tpd-1.3.0, ho seguito alcune guide trovate su Internet (in particolare https://wiki.archlinux.org/index.php/L2 ... ient_setup che però fa riferimento a openSwan, e la documentazione/esempi dal sito di strongSwan) ma non sono approdato a nulla.
Questi i miei file di configurazione
/etc/ipsec.conf
Codice: Seleziona tutto
config setup
plutostart=no
charondebug="ike 3, knl 3, cfg 2"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
type=tunnel
conn L2TP-PSK
left=%defaultroute
leftfirewall=yes
leftauth=psk
right=xxx.xxx.xxx.xxx IP pubblico dell'azienda
rightsubnet=yyy.yyy.yyy.0/24 rete interna dell'azienda
rightauth=psk
auto=add
Codice: Seleziona tutto
192.168.1.2 xxx.xxx.xxx.xxx : PSK "lamiapresharedkey"
Codice: Seleziona tutto
[lac la-mia-vpn]
lns = xxx.xxx.xxx.xxx IP pubblico dell'azienda
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd.client
length bit = yes
Codice: Seleziona tutto
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name "miousername"
password "miapassword"
Output di tail -f /var/log/messages dopo il comando
# ipsec start
Codice: Seleziona tutto
Mar 12 21:09:58 darkstar charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2)
Mar 12 21:09:58 darkstar charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 12 21:09:58 darkstar charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 12 21:09:58 darkstar charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 12 21:09:58 darkstar charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 12 21:09:58 darkstar charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 12 21:09:58 darkstar charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 12 21:09:58 darkstar charon: 00[CFG] loaded IKE secret for 192.168.1.2 xxx.xxx.xxx.xxx
Mar 12 21:09:58 darkstar charon: 00[KNL] listening on interfaces:
Mar 12 21:09:58 darkstar charon: 00[KNL] eth0
Mar 12 21:09:58 darkstar charon: 00[KNL] 192.168.1.2
Mar 12 21:09:58 darkstar charon: 00[KNL] fe80::216:17ff:fe22:ab7e
Mar 12 21:09:58 darkstar charon: 00[KNL] received netlink error: Address family not supported by protocol (97)
Mar 12 21:09:58 darkstar charon: 00[KNL] unable to create IPv6 routing table rule
Mar 12 21:09:58 darkstar charon: 00[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
Mar 12 21:09:58 darkstar charon: 00[JOB] spawning 16 worker threads
Mar 12 21:09:58 darkstar charon: 03[CFG] received stroke: add connection 'L2TP-PSK'
Mar 12 21:09:58 darkstar charon: 03[CFG] conn L2TP-PSK
Mar 12 21:09:58 darkstar charon: 03[CFG] left=192.168.1.2
Mar 12 21:09:58 darkstar charon: 03[CFG] leftsubnet=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftsourceip=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftauth=psk
Mar 12 21:09:58 darkstar charon: 03[CFG] leftauth2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftid=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftid2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftcert=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftcert2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftca=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftca2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftgroups=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] leftupdown=ipsec _updown iptables
Mar 12 21:09:58 darkstar charon: 03[CFG] right=xxx.xxx.xxx.xxx
Mar 12 21:09:58 darkstar charon: 03[CFG] rightsubnet=yyy.yyy.yyy.0/24
Mar 12 21:09:58 darkstar charon: 03[CFG] rightsourceip=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightauth=psk
Mar 12 21:09:58 darkstar charon: 03[CFG] rightauth2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightid=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightid2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightcert=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightcert2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightca=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightca2=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightgroups=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] rightupdown=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] eap_identity=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] aaa_identity=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] ike=aes128-sha1-modp2048,3des-sha1-modp1536
Mar 12 21:09:58 darkstar charon: 03[CFG] esp=aes128-sha1,3des-sha1
Mar 12 21:09:58 darkstar charon: 03[CFG] dpddelay=30
Mar 12 21:09:58 darkstar charon: 03[CFG] dpdaction=0
Mar 12 21:09:58 darkstar charon: 03[CFG] closeaction=0
Mar 12 21:09:58 darkstar charon: 03[CFG] mediation=no
Mar 12 21:09:58 darkstar charon: 03[CFG] mediated_by=(null)
Mar 12 21:09:58 darkstar charon: 03[CFG] me_peerid=(null)
Mar 12 21:09:58 darkstar charon: 03[KNL] getting interface name for xxx.xxx.xxx.xxx
Mar 12 21:09:58 darkstar charon: 03[KNL] xxx.xxx.xxx.xxx is not a local address
Mar 12 21:09:58 darkstar charon: 03[KNL] getting interface name for 192.168.1.2
Mar 12 21:09:58 darkstar charon: 03[KNL] 192.168.1.2 is on interface eth0
Mar 12 21:09:58 darkstar charon: 03[CFG] added configuration 'L2TP-PSK'
# /usr/sbin/xl2tpd &
Codice: Seleziona tutto
Mar 12 21:10:11 darkstar xl2tpd[7496]: This binary does not support kernel L2TP.
Mar 12 21:10:11 darkstar xl2tpd[7497]: xl2tpd version xl2tpd-1.3.0 started on darkstar PID:7497
Mar 12 21:10:11 darkstar xl2tpd[7497]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Mar 12 21:10:11 darkstar xl2tpd[7497]: Forked by Scott Balmos and David Stipp, (C) 2001
Mar 12 21:10:11 darkstar xl2tpd[7497]: Inherited by Jeff McAdams, (C) 2002
Mar 12 21:10:11 darkstar xl2tpd[7497]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Mar 12 21:10:11 darkstar xl2tpd[7497]: Listening on IP address 0.0.0.0, port 1701
Codice: Seleziona tutto
Mar 12 21:10:11 darkstar xl2tpd[7496]: setsockopt recvref[22]: Protocol not available
A questo punto do il comando
# ipsec up L2TP-PSK e trovo nel /var/log/messages
Codice: Seleziona tutto
Mar 12 21:10:22 darkstar charon: 01[CFG] received stroke: initiate 'L2TP-PSK'
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_VENDOR task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_INIT task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_NATD task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_CERT_PRE task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_AUTHENTICATE task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_CERT_POST task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_CONFIG task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_AUTH_LIFETIME task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing IKE_MOBIKE task
Mar 12 21:10:22 darkstar charon: 13[IKE] queueing CHILD_CREATE task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating new tasks
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_VENDOR task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_INIT task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_NATD task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_CERT_PRE task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_AUTHENTICATE task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_CERT_POST task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_CONFIG task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating CHILD_CREATE task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_AUTH_LIFETIME task
Mar 12 21:10:22 darkstar charon: 13[IKE] activating IKE_MOBIKE task
Mar 12 21:10:22 darkstar charon: 13[IKE] initiating IKE_SA L2TP-PSK[1] to xxx.xxx.xxx.xxx
Mar 12 21:10:22 darkstar charon: 13[IKE] IKE_SA L2TP-PSK[1] state change: CREATED => CONNECTING
Mar 12 21:10:22 darkstar charon: 13[IKE] natd_chunk => 22 bytes @ 0x624d10
Mar 12 21:10:22 darkstar charon: 13[IKE] 0: 4F 4A 21 2F 3F C7 1A 78 00 00 00 00 00 00 00 00 OJ!/?..x........
Mar 12 21:10:22 darkstar charon: 13[IKE] 16: 5E 5A 9F CE 01 F4 ^Z....
Mar 12 21:10:22 darkstar charon: 13[IKE] natd_hash => 20 bytes @ 0x624cf0
Mar 12 21:10:22 darkstar charon: 13[IKE] 0: D6 96 FA F7 6C E6 96 D6 AD E4 F4 0A AA DF 1F DF ....l...........
Mar 12 21:10:22 darkstar charon: 13[IKE] 16: 85 6A 44 68 .jDh
Mar 12 21:10:22 darkstar charon: 13[IKE] natd_chunk => 22 bytes @ 0x6230b0
Mar 12 21:10:22 darkstar charon: 13[IKE] 0: 4F 4A 21 2F 3F C7 1A 78 00 00 00 00 00 00 00 00 OJ!/?..x........
Mar 12 21:10:22 darkstar charon: 13[IKE] 16: C0 A8 01 02 01 F4 ......
Mar 12 21:10:22 darkstar charon: 13[IKE] natd_hash => 20 bytes @ 0x6244b0
Mar 12 21:10:22 darkstar charon: 13[IKE] 0: 3A BE BA DA 47 5A 44 5C CA F9 07 76 DB DD 30 A1 :...GZD\...v..0.
Mar 12 21:10:22 darkstar charon: 13[IKE] 16: 27 7A AF E2 'z..
Mar 12 21:10:22 darkstar charon: 13[ENC] generating IKE_SA_INIT request 0 [ SA che No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 12 21:10:22 darkstar charon: 13[NET] sending packet: from 192.168.1.2[500] to xxx.xxx.xxx.xxx[500]
Mar 12 21:10:26 darkstar charon: 14[IKE] retransmit 1 of request with message ID 0
Mar 12 21:10:26 darkstar charon: 14[NET] sending packet: from 192.168.1.2[500] to xxx.xxx.xxx.xxx[500]
Mar 12 21:10:33 darkstar charon: 04[IKE] retransmit 2 of request with message ID 0
Mar 12 21:10:33 darkstar charon: 04[NET] sending packet: from 192.168.1.2[500] to xxx.xxx.xxx.xxx[500]
Mar 12 21:10:46 darkstar charon: 08[IKE] retransmit 3 of request with message ID 0
Mar 12 21:10:46 darkstar charon: 08[NET] sending packet: from 192.168.1.2[500] to xxx.xxx.xxx.xxx[500]
Mar 12 21:11:09 darkstar charon: 15[IKE] retransmit 4 of request with message ID 0
Mar 12 21:11:09 darkstar charon: 15[NET] sending packet: from 192.168.1.2[500] to xxx.xxx.xxx.xxx[500]
Mar 12 21:11:51 darkstar charon: 02[IKE] retransmit 5 of request with message ID 0
Mar 12 21:11:51 darkstar charon: 02[NET] sending packet: from 192.168.1.2[500] to xxx.xxx.xxx.xxx[500]
Mar 12 21:13:07 darkstar charon: 03[IKE] giving up after 5 retransmits
Mar 12 21:13:07 darkstar charon: 03[IKE] establishing IKE_SA failed, peer not responding
Ripeto : il mio non è un problema importante, all'occorrenza riesco ad accedere da WinXP; soltanto mi piacerebbe riuscire a farlo dalla Slackware, anche solo per imparare qualcosa di nuovo
Confido nella vostra esperienza.
Ciao e grazie