l2tp/ipsec

Čiernik Tomáš tomas at ciernik.sk
Mon Feb 21 03:51:27 CET 2011

Previous message: FBSD a BACnet
Next message: l2tp/ipsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pekny vecer prajem,

pokusam sa sprevadzkovat l2tp/ipsec vpn medzi Android 2.2 (klient) a 
FreeBSD 7.3-RELEASE (server).

Podarilo sa mi rozbehnut racoon, ale trapim sa s nefunkcnym l2tpd. 
Klient hlasi
"Server negotiation failed. The server may not agree with your 
encryption option."

Zial z tejto odozvy neviem vycitat, ci je problem na strane klienta 
alebo serveru.

Preto by som sa rad opytal - podarilo sa niekomu rozchodit takuto vpn 
medzi androidom a freebsd? Alebo aspon medzi windows klientom a freebsd? 
Klient ma verejnu IP, takze nat-t nepotrebujem.

Ak by mal niekto cas a chut sa prehrabat v konfigurakoch, ci tam nemam 
nejaku blbost (pripadne nieco dolezite nechyba), prikladam ich spolu s 
linkami na logy.

Dakujem,

Tomas Ciernik.




V jadre mam zapnute
options IPSEC
device crypto
device ppp

konfiguraky vyzeraju takto

# cat l2tpd.conf
[global]
access control = no;

[lns default]
ip range = 192.168.30.1-192.168.30.10
local ip = 192.168.30.254
require chap = yes
refuse pap = yes
require authentication = yes
name = VPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes



# cat /etc/ppp/options.l2tpd
ipcp-accept-local
ipcp-accept-remote
auth
crtscts
idle 1800
mtu 1400
mru 1400
nodefaultroute
debug
lock
deflate 9
proxyarp



# cat ipsec.conf
flush;
spdflush;
# 192.168.20.7 je "vonkajsia" ip adresa testovacieho servera
spdadd 192.168.20.7[1701] 0.0.0.0/0 any -P out ipsec 
esp/transport//require ;


# cat racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log debug;
listen {
     isakmp 192.168.20.7;
}

remote anonymous {
     exchange_mode main;
     generate_policy on;
     proposal {
         encryption_algorithm 3des;
         hash_algorithm sha1;
         authentication_method pre_shared_key;
         dh_group 2;
         }
}

sainfo anonymous {
     encryption_algorithm 3des;
     authentication_algorithm hmac_md5;
     compression_algorithm deflate;
}


Logy su na

http://www.ciernik.sk/l2tp-ipsec/l2tpd.log
http://www.ciernik.sk/l2tp-ipsec/messages.log
http://www.ciernik.sk/l2tp-ipsec/racoon.log

Previous message: FBSD a BACnet
Next message: l2tp/ipsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list