Jump to content
  • 0

L2TP + IPSEC - HOW TO ????

Lacho

Asked by Lacho,

 Share

Question

Lacho Newbie

Lacho

Posted
Posted

Здравейте,

Имам следната дилема :

Трябва да пусна ВПН с L2TP + IPSEC, но съм с ros 5.2 и туторияли никакви няма из нета. Всичко което е изписано съм пробвал, но без успех.

Моля някой ако е пускал да даде стъпка по стъпка как стават нещата.

Благодаря :)

Live Free Or Die !!!

http://www.etropole.net/ 

http://www.allfn.com/

 

Link to comment
Share on other sites

21 answers to this question

Recommended Posts

  • 0
pavlan Newbie

pavlan

Posted
Posted

Еми примерно - win7, iphone.... такива обикновени джаджи.

ето ти моя конфиг ;)

99.99... е примерно адреса на клиента

работи и с win7 и с vista


[admin@VPN] > interface l2tp-server server print 

          enabled: yes

          max-mtu: 1460

          max-mru: 1460

             mrru: disabled

   authentication: mschap2

  default-profile: default-encryption

[admin@VPN] > ip ipsec proposal print            

Flags: X - disabled 

 0   name="default" auth-algorithms=sha1 enc-algorithms=aes-128 lifetime=30m pfs-group=modp1024 

[admin@VPN] > ip ipsec peer print                

Flags: X - disabled 

 0   address=99.99.99.99/32 port=500 auth-method=pre-shared-key secret="**********" generate-policy=yes exchange-mode=main send-initial-contact=no 

     nat-traversal=yes my-id-user-fqdn="" proposal-check=obey hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 

     dpd-interval=disable-dpd dpd-maximum-failures=1

Link to comment
Share on other sites
  • 0
Lacho
Newbie

Lacho

Posted
  • Author
Posted

При такава конфигурация ми дава следната грешка в дебъг режим :

11:28:14 ipsec,debug couldn't find configuration.

А ето и конфигурацията :

> /interface l2tp-server server print

enabled: yes

max-mtu: 1460

max-mru: 1460

mrru: disabled

authentication: mschap2

default-profile: default-encryption

> /ip ipsec proposal print

Flags: X - disabled

0 name="proposal1" auth-algorithms=sha1 enc-algorithms=aes-128 lifetime=30m pfs-group=modp1024

> /ip ipsec peer print

0 address=192.168.0.5/32 port=500 auth-method=pre-shared-key secret="test" generate-policy=yes exchange-mode=main

send-initial-contact=no nat-traversal=yes my-id-user-fqdn="" proposal-check=obey hash-algorithm=sha1

enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=disable-dpd dpd-maximum-failures=1

Трябва още нещо да се конфигурира, но какво е ?

Live Free Or Die !!!

http://www.etropole.net/ 

http://www.allfn.com/

 

Link to comment
Share on other sites
  • 0
pavlan Newbie

pavlan

Posted
Posted

от 192.168.0.5 ли се пробваш да се вържеш?

може да сложиш на peer-а address=0.0.0.0 и да пробваш

това в proposal незнам дали има толкова значение , не съм спец по IPSEC :)

При такава конфигурация ми дава следната грешка в дебъг режим :

11:28:14 ipsec,debug couldn't find configuration.

А ето и конфигурацията :

> /interface l2tp-server server print

enabled: yes

max-mtu: 1460

max-mru: 1460

mrru: disabled

authentication: mschap2

default-profile: default-encryption

> /ip ipsec proposal print

Flags: X - disabled

0 name="proposal1" auth-algorithms=sha1 enc-algorithms=aes-128 lifetime=30m pfs-group=modp1024

> /ip ipsec peer print

0 address=192.168.0.5/32 port=500 auth-method=pre-shared-key secret="test" generate-policy=yes exchange-mode=main

send-initial-contact=no nat-traversal=yes my-id-user-fqdn="" proposal-check=obey hash-algorithm=sha1

enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=disable-dpd dpd-maximum-failures=1

Трябва още нещо да се конфигурира, но какво е ?

Link to comment
Share on other sites
  • 0
Lacho
Newbie

Lacho

Posted
  • Author
Posted

Такамм...

Сега пък излезе друга дилема "invalid length of payload"

Много съм ти балодарен за хелпа :)

това е лога в дебъг :

19:04:17 ipsec,debug,packet ==========

19:04:17 ipsec,debug,packet 68 bytes message received from xx.xx.xx.xx[31091] to xx.xx.xx.xx[4500]

19:04:17 ipsec,debug,packet c3194dca 6e35bbee fabafead 7af830e8 05100201 00000000 00000044 639c1291

19:04:17 ipsec,debug,packet 305e690c ede50622 1968cdca b723e518 ff35f794 3f8d39c0 9fe1ea0b cdcc8a7e

19:04:17 ipsec,debug,packet b78cbd12

19:04:17 ipsec,debug,packet encryption(3des)

19:04:17 ipsec,debug,packet IV was saved for next processing:

19:04:17 ipsec,debug,packet cdcc8a7e b78cbd12

19:04:17 ipsec,debug,packet encryption(3des)

19:04:17 ipsec,debug,packet with key:

19:04:17 ipsec,debug,packet 3c7e22b4 3c7e22b4 3c7e22b4 4727fcc9 3c7e22b4 3c7e22b4

19:04:17 ipsec,debug,packet decrypted payload by IV:

19:04:17 ipsec,debug,packet 3c7e22b4 3c7e22b4

19:04:17 ipsec,debug,packet decrypted payload, but not trimed.

19:04:17 ipsec,debug,packet 3c7e22b4 3c7e22b4 3c7e22b4 3c7e22b4 3c7e22b4 3c7e22b4 3c7e22b4 3c7e22b4

19:04:17 ipsec,debug,packet 3a2b0611 79ac1abf

19:04:17 ipsec,debug,packet padding len=192

19:04:17 ipsec,debug,packet skip to trim padding.

19:04:17 ipsec,debug,packet decrypted.

19:04:17 ipsec,debug,packet 3c7e22b4 3c7e22b4 fabafead 3c7e22b4 05100201 00000000 00000044 ebdd592a

19:04:17 ipsec,debug,packet e8656618 cfb73969 9579a4c3 3c7e22b4 3c7e22b4 3c7e22b4 053f14db 3a2b0611

19:04:17 ipsec,debug,packet 79ac1abf

19:04:17 ipsec,debug,packet begin.

19:04:17 ipsec,debug,packet seen nptype=5(id)

19:04:17 ipsec,debug invalid length of payload

19:04:23 ipsec,debug,packet ==========

Live Free Or Die !!!

http://www.etropole.net/ 

http://www.allfn.com/

 

Link to comment
Share on other sites
  • 0
  • Administrator
111111 Rising Star

111111

Posted
  • Administrator
Posted

намали max-mtu/max-mru вероятно някъде фрагментира

как е с 1440

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа

RB951Ui-2HnD / RBD25GR-5HPACQD2HPND&R11E-LTE6 /  RB952Ui-5ac2nD-TC

ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites
  • 0
  • Administrator
111111 Rising Star

111111

Posted
  • Administrator
Posted

свали още на 1396

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа

RB951Ui-2HnD / RBD25GR-5HPACQD2HPND&R11E-LTE6 /  RB952Ui-5ac2nD-TC

ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites
  • 0
Lacho
Newbie

Lacho

Posted
  • Author
Posted (edited)

отново нямам успех :(

други идеи ?

П.С. - ето пак грешката

Jan/03/1970 05:34:21 ipsec,debug,packet ==========

Jan/03/1970 05:34:21 ipsec,debug,packet 68 bytes message received from XX.XX.XX.XX[11650] to XX.XX.XX.XX[4500]

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet encryption(3des)

Jan/03/1970 05:34:21 ipsec,debug,packet IV was saved for next processing:

Jan/03/1970 05:34:21 ipsec,debug,packet 5ee01d2e 12b87b5b

Jan/03/1970 05:34:21 ipsec,debug,packet encryption(3des)

Jan/03/1970 05:34:21 ipsec,debug,packet with key:

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet decrypted payload by IV:

Jan/03/1970 05:34:21 ipsec,debug,packet fe168a04 63db61de

Jan/03/1970 05:34:21 ipsec,debug,packet decrypted payload, but not trimed.

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet padding len=211

Jan/03/1970 05:34:21 ipsec,debug,packet skip to trim padding.

Jan/03/1970 05:34:21 ipsec,debug,packet decrypted.

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80 dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet dd69bc80

Jan/03/1970 05:34:21 ipsec,debug,packet begin.

Jan/03/1970 05:34:21 ipsec,debug,packet seen nptype=5(id)

Jan/03/1970 05:34:21 ipsec,debug invalid length of payload

Jan/03/1970 05:34:25 ipsec,debug,packet ==========

Edited by Lacho

Live Free Or Die !!!

http://www.etropole.net/ 

http://www.allfn.com/

 

Link to comment
Share on other sites
  • 0
  • Administrator
111111 Rising Star

111111

Posted
  • Administrator
Posted

Следва 1360 ама ще имаш вътре тунелно фрагментиране

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа

RB951Ui-2HnD / RBD25GR-5HPACQD2HPND&R11E-LTE6 /  RB952Ui-5ac2nD-TC

ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites
  • 0
  • Administrator
111111 Rising Star

111111

Posted
  • Administrator
Posted

поиграй си с кодировката

под над 13 символа парола

100% нещо тъпо ще се окаже

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа

RB951Ui-2HnD / RBD25GR-5HPACQD2HPND&R11E-LTE6 /  RB952Ui-5ac2nD-TC

ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept