PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : PPP bei OpenSwan und XL2TP geht nicht



p@rick
19.11.12, 18:16
Hallo zusammen

Ich versuche jetzt schon ewig VPN bei mir zuhause einzurichten, habe aber so meine Mühe damit.
Der Server zuhause steht hinter einem Router (lokales Interface auf Server 192.168.1.98). Der Router leitet alle Anfragen auf den VPN Ports weiter an diesen Server.

Nachdem L2TP und IPSec verbinden konnten, bricht OS X (evtl auch andere Systeme) mit der Fehlermeldung Fatal signal 6 ab. Ich weiss nicht so recht was ich davon halten soll..

Hier die Fehlermeldung im Errorlog:


ov 19 18:09:41 avalon.edu.ds.fhnw.ch configd[17] <Notice>: SCNC: start, triggered by SystemUIServer, type L2TP, status 0
Nov 19 18:09:41 avalon.edu.ds.fhnw.ch pppd[21203] <Notice>: pppd 2.4.2 (Apple version 596.13) started by pdeboer, uid 501
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch pppd[21203] <Notice>: L2TP connecting to server 'beer.hopto.org' (1.2.3.4)...
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch pppd[21203] <Notice>: IPSec connection started
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: Connecting.
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IPSec Phase1 started (Initiated by me).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: receive success. (Initiator, Main-Mode message 2).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: receive success. (Initiator, Main-Mode message 4).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: receive success. (Initiator, Main-Mode message 6).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).
Nov 19 18:09:42 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IPSec Phase1 established (Initiated by me).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IPSec Phase2 started (Initiated by me).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IPSec Phase2 established (Initiated by me).
Nov 19 18:09:43 avalon.edu.ds.fhnw.ch pppd[21203] <Notice>: IPSec connection established
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch pppd[21203] <Notice>: L2TP connection established.
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch pppd[21203] <Notice>: Connect: ppp0 <--> socket[34:18]
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch pppd[21203] <Error>: Fatal signal 6
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IPSec disconnecting from server 80.218.222.187
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Information message).
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKE Packet: transmit success. (Information message).
Nov 19 18:09:45 avalon.edu.ds.fhnw.ch racoon[21199] <Notice>: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).


::Serverseite::
LNS Section im xl2tpd config file

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


options.xl2tpd:

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

ipsec.conf


version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Enable core dumps (might require system changes, like ulimit -C)
# This is required for abrtd to work properly
# Note: incorrect SElinux policies might prevent pluto writing the core
dumpdir=/var/run/pluto/

nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
# using 25/8 as "private" address space on their 3G network.
# This range has not been announced via BGP (at least upto 2010-12-21)
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
protostack=auto
# Use this to log to a file, or disable logging on embedded systems (like openwrt)
plutostderrlog=/var/log/pluto.log

# Add connections here

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add


conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=192.168.1.98
leftprotoport=17/1701
right=%any
rightprotoport=17/%any