l2tp/ipsec

Sun, 20 Feb 2011 18:51:40 -0800 

Pekny vecer prajem,
pokusam sa sprevadzkovat l2tp/ipsec vpn medzi Android 2.2 (klient) a FreeBSD 7.3-RELEASE (server). 


Podarilo sa mi rozbehnut racoon, ale trapim sa s nefunkcnym l2tpd. 
Klient hlasi
"Server negotiation failed. The server may not agree with your 
encryption option."



Zial z tejto odozvy neviem vycitat, ci je problem na strane klienta 
alebo serveru.



Preto by som sa rad opytal - podarilo sa niekomu rozchodit takuto vpn 
medzi androidom a freebsd? Alebo aspon medzi windows klientom a freebsd? 
Klient ma verejnu IP, takze nat-t nepotrebujem.



Ak by mal niekto cas a chut sa prehrabat v konfigurakoch, ci tam nemam 
nejaku blbost (pripadne nieco dolezite nechyba), prikladam ich spolu s 
linkami na logy.


Dakujem,

Tomas Ciernik.




V jadre mam zapnute
options IPSEC
device crypto
device ppp

konfiguraky vyzeraju takto

# cat l2tpd.conf
[global]
access control = no;

[lns default]
ip range = 192.168.30.1-192.168.30.10
local ip = 192.168.30.254
require chap = yes
refuse pap = yes
require authentication = yes
name = VPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes



# cat /etc/ppp/options.l2tpd
ipcp-accept-local
ipcp-accept-remote
auth
crtscts
idle 1800
mtu 1400
mru 1400
nodefaultroute
debug
lock
deflate 9
proxyarp



# cat ipsec.conf
flush;
spdflush;
# 192.168.20.7 je "vonkajsia" ip adresa testovacieho servera

spdadd 192.168.20.7[1701] 0.0.0.0/0 any -P out ipsec 
esp/transport//require ;



# cat racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log debug;
listen {
    isakmp 192.168.20.7;
}

remote anonymous {
    exchange_mode main;
    generate_policy on;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 2;
        }
}

sainfo anonymous {
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
}


Logy su na

http://www.ciernik.sk/l2tp-ipsec/l2tpd.log
http://www.ciernik.sk/l2tp-ipsec/messages.log
http://www.ciernik.sk/l2tp-ipsec/racoon.log
--
FreeBSD mailing list (users-l@freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l






















					Odpovedet emailem