1 |
Aproveitando a onda de erros bizarros. |
2 |
|
3 |
|
4 |
Galera da uma olhada no log e me digam o que esta acontecendo, pq eu nao |
5 |
consegui identificar o porque a maldita vpn nao esta estabelecendo conexao. |
6 |
abaixo do log estao os confs ipsec.conf, l2tpd.conf e options-l2tpd |
7 |
|
8 |
abraço.... |
9 |
|
10 |
|
11 |
|
12 |
Dec 22 17:53:28 orca ipsec_setup: Starting Openswan IPsec 2.4.4... |
13 |
Dec 22 17:53:28 orca ipsec_setup: insmod |
14 |
/lib/modules/2.6.11-gentoo-r3/kernel/net/key/af_key.ko |
15 |
Dec 22 17:53:28 orca ipsec_setup: insmod |
16 |
/lib/modules/2.6.11-gentoo-r3/kernel/net/ipv4/xfrm4_tunnel.ko |
17 |
Dec 22 17:53:29 orca ipsec_setup: insmod |
18 |
/lib/modules/2.6.11-gentoo-r3/kernel/net/xfrm/xfrm_user.ko |
19 |
Dec 22 17:53:29 orca ipsec_setup: KLIPS ipsec0 on eth0 |
20 |
201.28.34.18/255.255.255.248 broadcast 201.28.34.255 |
21 |
Dec 22 17:53:30 orca ipsec_setup: ...Openswan IPsec started |
22 |
Dec 22 17:53:38 orca l2tpd[26008]: death_handler: Fatal signal 15 received |
23 |
Dec 22 17:53:39 orca l2tpd[26487]: This binary does not support kernel L2TP. |
24 |
Dec 22 17:53:39 orca l2tpd[26488]: l2tpd version 0.69 started on orca |
25 |
PID:26488 |
26 |
Dec 22 17:53:39 orca l2tpd[26488]: Linux version 2.6.11-gentoo-r3 on a i686, |
27 |
listening on IP address 201.28.34.18, port 1701 |
28 |
Dec 22 17:55:46 orca syslog-ng[17390]: STATS: dropped 0 |
29 |
Dec 22 18:04:52 orca l2tpd[26488]: ourtid = 52259, entropy_buf = cc23 |
30 |
Dec 22 18:04:52 orca l2tpd[26488]: check_control: control, cid = 0, Ns = 0, |
31 |
Nr = 0 |
32 |
Dec 22 18:04:52 orca l2tpd[26488]: handle_avps: handling avp's for tunnel |
33 |
52259, call 0 |
34 |
Dec 22 18:04:52 orca l2tpd[26488]: message_type_avp: message type 1 |
35 |
(Start-Control-Connection-Request) |
36 |
Dec 22 18:04:52 orca l2tpd[26488]: protocol_version_avp: peer is using |
37 |
version 1, revision 0. |
38 |
Dec 22 18:04:52 orca l2tpd[26488]: framing_caps_avp: supported peer frames: |
39 |
sync |
40 |
Dec 22 18:04:52 orca l2tpd[26488]: bearer_caps_avp: supported peer bearers: |
41 |
Dec 22 18:04:52 orca l2tpd[26488]: firmware_rev_avp: peer reports firmware |
42 |
version 1280 (0x0500) |
43 |
Dec 22 18:04:52 orca l2tpd[26488]: hostname_avp: peer reports hostname |
44 |
'rfc_epbx' |
45 |
Dec 22 18:04:52 orca l2tpd[26488]: vendor_avp: peer reports vendor |
46 |
'Microsoft' |
47 |
Dec 22 18:04:52 orca l2tpd[26488]: assigned_tunnel_avp: using peer's tunnel |
48 |
35 |
49 |
Dec 22 18:04:52 orca l2tpd[26488]: receive_window_size_avp: peer wants RWS |
50 |
of 8. Will use flow control. |
51 |
Dec 22 18:04:53 orca l2tpd[26488]: ourtid = 29537, entropy_buf = 7361 |
52 |
Dec 22 18:04:53 orca l2tpd[26488]: check_control: control, cid = 0, Ns = 0, |
53 |
Nr = 0 |
54 |
Dec 22 18:04:53 orca l2tpd[26488]: handle_avps: handling avp's for tunnel |
55 |
29537, call 0 |
56 |
Dec 22 18:04:53 orca l2tpd[26488]: message_type_avp: message type 1 |
57 |
(Start-Control-Connection-Request) |
58 |
Dec 22 18:04:53 orca l2tpd[26488]: protocol_version_avp: peer is using |
59 |
version 1, revision 0. |
60 |
Dec 22 18:04:53 orca l2tpd[26488]: framing_caps_avp: supported peer frames: |
61 |
sync |
62 |
Dec 22 18:04:53 orca l2tpd[26488]: bearer_caps_avp: supported peer bearers: |
63 |
Dec 22 18:04:53 orca l2tpd[26488]: firmware_rev_avp: peer reports firmware |
64 |
version 1280 (0x0500) |
65 |
Dec 22 18:04:53 orca l2tpd[26488]: hostname_avp: peer reports hostname |
66 |
'rfc_epbx' |
67 |
Dec 22 18:04:53 orca l2tpd[26488]: vendor_avp: peer reports vendor |
68 |
'Microsoft' |
69 |
Dec 22 18:04:53 orca l2tpd[26488]: assigned_tunnel_avp: using peer's tunnel |
70 |
35 |
71 |
Dec 22 18:04:53 orca l2tpd[26488]: receive_window_size_avp: peer wants RWS |
72 |
of 8. Will use flow control. |
73 |
Dec 22 18:04:53 orca l2tpd[26488]: control_finish: Peer requested tunnel 35 |
74 |
twice, ignoring second one. |
75 |
Dec 22 18:04:55 orca l2tpd[26488]: ourtid = 49602, entropy_buf = c1c2 |
76 |
Dec 22 18:04:55 orca l2tpd[26488]: check_control: control, cid = 0, Ns = 0, |
77 |
Nr = 0 |
78 |
Dec 22 18:04:55 orca l2tpd[26488]: handle_avps: handling avp's for tunnel |
79 |
49602, call 1886351988 |
80 |
Dec 22 18:04:55 orca l2tpd[26488]: message_type_avp: message type 1 |
81 |
(Start-Control-Connection-Request) |
82 |
Dec 22 18:04:55 orca l2tpd[26488]: protocol_version_avp: peer is using |
83 |
version 1, revision 0. |
84 |
Dec 22 18:04:55 orca l2tpd[26488]: framing_caps_avp: supported peer frames: |
85 |
sync |
86 |
Dec 22 18:04:55 orca l2tpd[26488]: bearer_caps_avp: supported peer bearers: |
87 |
Dec 22 18:04:55 orca l2tpd[26488]: firmware_rev_avp: peer reports firmware |
88 |
version 1280 (0x0500) |
89 |
Dec 22 18:04:55 orca l2tpd[26488]: hostname_avp: peer reports hostname |
90 |
'rfc_epbx' |
91 |
Dec 22 18:04:55 orca l2tpd[26488]: vendor_avp: peer reports vendor |
92 |
'Microsoft' |
93 |
Dec 22 18:04:55 orca l2tpd[26488]: assigned_tunnel_avp: using peer's tunnel |
94 |
35 |
95 |
Dec 22 18:04:55 orca l2tpd[26488]: receive_window_size_avp: peer wants RWS |
96 |
of 8. Will use flow control. |
97 |
Dec 22 18:04:55 orca l2tpd[26488]: control_finish: Peer requested tunnel 35 |
98 |
twice, ignoring second one. |
99 |
Dec 22 18:04:57 orca l2tpd[26488]: control_xmit: Maximum retries exceeded |
100 |
for tunnel 52259. Closing. |
101 |
Dec 22 18:04:57 orca l2tpd[26488]: call_close : Connection 35 closed to |
102 |
10.0.0.181, port 1701 (Timeout) |
103 |
Dec 22 18:04:59 orca l2tpd[26488]: ourtid = 31189, entropy_buf = 79d5 |
104 |
Dec 22 18:04:59 orca l2tpd[26488]: check_control: control, cid = 0, Ns = 0, |
105 |
Nr = 0 |
106 |
Dec 22 18:04:59 orca l2tpd[26488]: handle_avps: handling avp's for tunnel |
107 |
31189, call 1886351988 |
108 |
Dec 22 18:04:59 orca l2tpd[26488]: message_type_avp: message type 1 |
109 |
(Start-Control-Connection-Request) |
110 |
Dec 22 18:04:59 orca l2tpd[26488]: protocol_version_avp: peer is using |
111 |
version 1, revision 0. |
112 |
Dec 22 18:04:59 orca l2tpd[26488]: framing_caps_avp: supported peer frames: |
113 |
sync |
114 |
Dec 22 18:04:59 orca l2tpd[26488]: bearer_caps_avp: supported peer bearers: |
115 |
Dec 22 18:04:59 orca l2tpd[26488]: firmware_rev_avp: peer reports firmware |
116 |
version 1280 (0x0500) |
117 |
Dec 22 18:04:59 orca l2tpd[26488]: hostname_avp: peer reports hostname |
118 |
'rfc_epbx' |
119 |
Dec 22 18:04:59 orca l2tpd[26488]: vendor_avp: peer reports vendor |
120 |
'Microsoft' |
121 |
Dec 22 18:04:59 orca l2tpd[26488]: assigned_tunnel_avp: using peer's tunnel |
122 |
35 |
123 |
Dec 22 18:04:59 orca l2tpd[26488]: receive_window_size_avp: peer wants RWS |
124 |
of 8. Will use flow control. |
125 |
Dec 22 18:04:59 orca l2tpd[26488]: control_finish: Peer requested tunnel 35 |
126 |
twice, ignoring second one. |
127 |
Dec 22 18:05:02 orca l2tpd[26488]: control_xmit: Unable to deliver closing |
128 |
message for tunnel 52259. Destroying anyway. |
129 |
|
130 |
l2tpd.conf |
131 |
[global] ; |
132 |
Global parameters: |
133 |
listen-addr = 200.200.200.200 |
134 |
port = 1701 |
135 |
[lns default] ; Our |
136 |
fallthrough LNS definition |
137 |
ip range = 10.0.1.1 - 10.0.1.20 ; * Allocate from this IP range |
138 |
local ip = 10.0.1.50 ; * Our local IP to use |
139 |
hostname = thehost |
140 |
require chap = yes ; * Require CHAP |
141 |
auth. by peer |
142 |
refuse pap = yes ; * Refuse |
143 |
PAP authentication |
144 |
require authentication = yes ; * Require peer to |
145 |
authenticate |
146 |
ppp debug = yes ; * Turn on PPP |
147 |
debugging |
148 |
pppoptfile = /etc/ppp/options-l2tpd ; * ppp options file |
149 |
length bit = yes ; * Use |
150 |
length bit in payload? |
151 |
|
152 |
options-l2tpd |
153 |
ms-dns 10.0.0.61 |
154 |
ms-wins 10.0.0.1 |
155 |
auth |
156 |
crtscts |
157 |
lock |
158 |
mru 1400 |
159 |
mtu 1400 |
160 |
nodetach |
161 |
debug |
162 |
proxyarp |
163 |
ipcp-accept-local |
164 |
ipcp-accept-remote |
165 |
idle 1800 |
166 |
connect-delay 5000 |
167 |
nodefaultroute |
168 |
require-mschap-v2 |
169 |
nologfd |
170 |
|
171 |
ipsec.conf |
172 |
# /etc/ipsec.conf - Openswan IPsec configuration file |
173 |
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $ |
174 |
|
175 |
# This file: /usr/share/doc/openswan-2.4.4/ipsec.conf-sample |
176 |
# |
177 |
# Manual: ipsec.conf.5 |
178 |
|
179 |
|
180 |
version 2.0 # conforms to second version of ipsec.conf specification |
181 |
config setup |
182 |
plutodebug=none |
183 |
nat_traversal=yes |
184 |
virtual_private=%v4:10.0.0.0/16,%v4:192.168.0.0/24,%4:172.16.0.0/16 |
185 |
|
186 |
# Add connections here |
187 |
|
188 |
# sample VPN connection |
189 |
#conn sample |
190 |
# # Left security gateway, subnet behind it, nexthop toward |
191 |
right. |
192 |
# left=10.0.0.1 |
193 |
# leftsubnet=172.16.0.0/24 |
194 |
# leftnexthop=10.22.33.44 |
195 |
# # Right security gateway, subnet behind it, nexthop toward |
196 |
left. |
197 |
# right=10.12.12.1 |
198 |
# rightsubnet=192.168.0.0/24 |
199 |
# rightnexthop=10.101.102.103 |
200 |
# # To authorize this connection, but not actually start it, |
201 |
# # at startup, uncomment this. |
202 |
# #auto=start |
203 |
|
204 |
#Disable Opportunistic Encryption |
205 |
include /etc/ipsec/ipsec.d/examples/no_oe.conf |
206 |
conn l2tp-cert-orgWIN2KXP |
207 |
disablearrivalcheck=no |
208 |
keyingtries=2 |
209 |
compress=yes |
210 |
authby=rsasig |
211 |
pfs=no |
212 |
auto=add |
213 |
left=%defaultroute |
214 |
leftrsasigkey=%cert |
215 |
leftcert=the_cert.pem |
216 |
leftprotoport=17/0 |
217 |
# |
218 |
# The remote user. |
219 |
# |
220 |
right=%any |
221 |
rightca=%same |
222 |
rightrsasigkey=%cert |
223 |
rightprotoport=17/1701 |
224 |
rightsubnet=vhost:%priv,%no |