[FUGSPBR] VPN, L2TP e problema LASKADO

Paulo Angelo pa em orbitel.com.br
Ter Jun 24 13:51:42 BRT 2003 

Ola pessoal,

	Estou tentando fazer uma VPN entre windows e FreeSwan como está nesse documento:

http://www.jacco2.dds.nl/networking/msl2tp.html
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html


	Mas eu estou tendo vários problemas, e parei em um que não consigo ir adiante, aí lembrei que aqui tem gente que pode me ajudar. Alguém me ajude, por favor  :)  .


	Eu acredito que a parte do freeSwan está ok, porque em /var/log/secure  :

Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: received Vendor ID Payload; ASCII hash: 0%[R\020b9e=DAF*5)6
Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: received Vendor ID Payload; ASCII hash: Z\016\023x
Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: received Vendor ID Payload; ASCII hash: \011
Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: Peer ID is ID_IPV4_ADDR: '10.10.10.59'
Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: sent MR3, ISAKMP SA established
Jun 24 12:51:57 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #3: responding to Quick Mode
Jun 24 12:51:57 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #3: IPsec SA established
Jun 24 12:52:30 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #1: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Jun 24 12:52:30 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #1: starting keying attempt 2 of at most 3


	Tem as linhas mensionadas no how-to:

Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: Peer ID is ID_IPV4_ADDR: '10.10.10.59'
Jun 24 12:51:56 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #2: sent MR3, ISAKMP SA established
Jun 24 12:51:57 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #3: responding to Quick Mode
Jun 24 12:51:57 pa pluto[2846]: "L2TP-PSK-WIN9x-1" #3: IPsec SA established


	Mas nao consegue estabelecer conexão..

	O l2tpd daemon está rodando, de uma olhada nas informações abaixo.


/etc/l2tpd/l2tpd.conf:
------------------cuthere-----------------

[global]

[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = pa
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
------------------cuthere-----------------


/etc/l2tpd/l2tp-secrets
------------------cuthere-----------------
# Secrets for authenticating l2tp tunnels
# us    them    secret
# *             marko blah2
# zeus          marko   blah
# *     *       interop
------------------cuthere-----------------

/etc/ppp/options.l2tpd
------------------cuthere-----------------
ipcp-accept-local
ipcp-accept-remote
ms-dns  192.168.1.1
ms-wins 192.168.1.2
auth
crtscts
idle 1800
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
------------------cuthere-----------------

/etc/ppp/chap-secrets
------------------cuthere-----------------
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
jacco           *       "mysecret"              192.168.1.128/25
pa           *       "senha123"              192.168.1.128/25
*               jacco   "mysecret"              192.168.1.128/25
sam             *       "rumpelstiltskin"       192.168.1.5
*               sam     "rumpelstiltskin"       192.168.1.5

------------------cuthere-----------------


/etc/ipsec.secrets
------------------cuthere-----------------
10.10.10.155 10.10.10.53: PSK "senha123"
10.10.10.155 10.10.10.59: PSK "senha123"
#: PSK "senha123"

------------------cuthere-----------------

/etc/ipsec.conf
------------------cuthere-----------------
version 2.0     # conforms to second version of ipsec.conf specification

config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug=none


conn L2TP-PSK-WIN9x-1
        authby=secret
        pfs=no
        left=10.10.10.155
        leftprotoport=17/1701
        right=10.10.10.59
        rightprotoport=17/1701
        auto=start
        keyingtries=3
------------------cuthere-----------------


Comandos:

root em pa:/etc# ps ax | grep l2tp
 2152 ?        S      0:00 l2tpd
 3136 pts/1    R      0:00 grep l2tp
root em pa:/etc#
root em pa:/etc# ps ax | grep ipsec
 2840 pts/6    S      0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids yes --nocrsend  --strictcrlpolicy  --crlcheckinterval 0 --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto.pid
 2841 pts/6    S      0:00 logger -s -p daemon.error -t ipsec__plutorun
 2842 pts/6    S      0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids yes --nocrsend  --strictcrlpolicy  --crlcheckinterval 0 --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto.pid
 2843 pts/6    S      0:00 /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
 2846 pts/6    S      0:00 /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --policygroupsdir /etc/ipsec.d/policies --debug-none --uniqueids
 3138 pts/1    S      0:00 grep ipsec
root em pa:~# uname -a
Linux pa 2.4.20-ipsec #1 SMP Seg Jun 23 11:56:56 BRT 2003 i586 unknown
root em pa:~#

ADDITIONAL INFORMATION:
OS-Server:  Slackware 9.0
OS-Client:  Windows 98 SE (With msl2tp)
Tentando fazer com pre-shared key

Usando...:
l2tpd-0.69-6jdl.src.rpm
linux-2.4.20.tar
x509-1.3.5-freeswan-2.00.tar.gz
notify-freeswan-2.00-030617.diff

Todos citados na documentação do Jacco.


Paulo Angelo
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Mais detalhes sobre a lista de discussão freebsd