Всем доброго дня. Есть сервер, 2 сетевухи, 2 ip - один локальный, второй - белый интернет. Настраивал сервер по этому
http://itime.me/?p=212 мануалу, ошибок не было. Пытаюсь подключиться из интернета и в логе /var/log/auth.log вижу
Jan 18 19:25:58 server ipsec__plutorun: Starting Pluto subsystem...
Jan 18 19:25:58 server pluto[29278]: Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:29278
Jan 18 19:25:58 server pluto[29278]: LEAK_DETECTIVE support [disabled]
Jan 18 19:25:58 server pluto[29278]: OCF support for IKE [disabled]
Jan 18 19:25:58 server pluto[29278]: SAref support [disabled]: Protocol not available
Jan 18 19:25:58 server pluto[29278]: SAbind support [disabled]: Protocol not available
Jan 18 19:25:58 server pluto[29278]: NSS support [disabled]
Jan 18 19:25:58 server pluto[29278]: HAVE_STATSD notification via /bin/openswan-statsd enabled
Jan 18 19:25:58 server pluto[29278]: Setting NAT-Traversal port-4500 floating to on
Jan 18 19:25:58 server pluto[29278]: port floating activation criteria nat_t=1/port_float=1
Jan 18 19:25:58 server pluto[29278]: NAT-Traversal support [enabled]
Jan 18 19:25:58 server pluto[29278]: using /dev/urandom as source of random entropy
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 18 19:25:58 server pluto[29278]: starting up 3 cryptographic helpers
Jan 18 19:25:58 server pluto[29278]: started helper pid=29280 (fd:6)
Jan 18 19:25:58 server pluto[29278]: started helper pid=29281 (fd:7)
Jan 18 19:25:58 server pluto[29278]: started helper pid=29282 (fd:8)
Jan 18 19:25:58 server pluto[29278]: Using Linux 2.6 IPsec interface code on 2.6.32-37-generic (experimental code)
Jan 18 19:25:58 server pluto[29280]: using /dev/urandom as source of random entropy
Jan 18 19:25:58 server pluto[29282]: using /dev/urandom as source of random entropy
Jan 18 19:25:58 server pluto[29281]: using /dev/urandom as source of random entropy
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Jan 18 19:25:58 server pluto[29278]: ike_alg_add(): ERROR: Algorithm already exists
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Jan 18 19:25:58 server pluto[29278]: ike_alg_add(): ERROR: Algorithm already exists
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Jan 18 19:25:58 server pluto[29278]: ike_alg_add(): ERROR: Algorithm already exists
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Jan 18 19:25:58 server pluto[29278]: ike_alg_add(): ERROR: Algorithm already exists
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Jan 18 19:25:58 server pluto[29278]: ike_alg_add(): ERROR: Algorithm already exists
Jan 18 19:25:58 server pluto[29278]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Jan 18 19:25:58 server pluto[29278]: Changed path to directory '/etc/ipsec.d/cacerts'
Jan 18 19:25:58 server pluto[29278]: Changed path to directory '/etc/ipsec.d/aacerts'
Jan 18 19:25:58 server pluto[29278]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Jan 18 19:25:58 server pluto[29278]: Changing to directory '/etc/ipsec.d/crls'
Jan 18 19:25:58 server pluto[29278]: Warning: empty directory
Jan 18 19:25:58 server pluto[29278]: added connection description "L2TP-PSK-NAT"
Jan 18 19:25:58 server pluto[29278]: added connection description "L2TP-PSK-noNAT"
Jan 18 19:25:58 server pluto[29278]: listening for IKE messages
Jan 18 19:25:58 server pluto[29278]: adding interface ppp0/ppp0 213.210.92.37:500
Jan 18 19:25:58 server pluto[29278]: adding interface ppp0/ppp0 213.210.92.37:4500
Jan 18 19:25:58 server pluto[29278]: adding interface eth1/eth1 217.18.140.170:500
Jan 18 19:25:58 server pluto[29278]: adding interface eth1/eth1 217.18.140.170:4500
Jan 18 19:25:58 server pluto[29278]: adding interface eth0/eth0 192.168.1.1:4500
Jan 18 19:25:58 server pluto[29278]: adding interface lo/lo 127.0.0.1:500
Jan 18 19:25:58 server pluto[29278]: adding interface lo/lo 127.0.0.1:4500
Jan 18 19:25:58 server pluto[29278]: adding interface lo/lo ::1:500
Jan 18 19:25:58 server pluto[29278]: loading secrets from "/etc/ipsec.secrets"
Jan 18 19:26:20 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 18 19:26:20 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 18 19:26:20 server pluto[29278]: packet from 109.124.43.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 18 19:26:20 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 18 19:26:20 server pluto[29278]: packet from 109.124.43.52:500: initial Main Mode message received on 217.18.140.170:500 but no connection has been authorized with policy=PSK
Jan 18 19:26:21 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 18 19:26:21 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 18 19:26:21 server pluto[29278]: packet from 109.124.43.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 18 19:26:21 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 18 19:26:21 server pluto[29278]: packet from 109.124.43.52:500: initial Main Mode message received on 217.18.140.170:500 but no connection has been authorized with policy=PSK
Jan 18 19:26:23 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 18 19:26:23 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 18 19:26:23 server pluto[29278]: packet from 109.124.43.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 18 19:26:23 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 18 19:26:23 server pluto[29278]: packet from 109.124.43.52:500: initial Main Mode message received on 217.18.140.170:500 but no connection has been authorized with policy=PSK
Jan 18 19:26:27 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 18 19:26:27 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 18 19:26:27 server pluto[29278]: packet from 109.124.43.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 18 19:26:27 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 18 19:26:27 server pluto[29278]: packet from 109.124.43.52:500: initial Main Mode message received on 217.18.140.170:500 but no connection has been authorized with policy=PSK
Jan 18 19:26:35 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 18 19:26:35 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 18 19:26:35 server pluto[29278]: packet from 109.124.43.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 18 19:26:35 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 18 19:26:35 server pluto[29278]: packet from 109.124.43.52:500: initial Main Mode message received on 217.18.140.170:500 but no connection has been authorized with policy=PSK
Jan 18 19:26:51 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 18 19:26:51 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [FRAGMENTATION]
Jan 18 19:26:51 server pluto[29278]: packet from 109.124.43.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jan 18 19:26:51 server pluto[29278]: packet from 109.124.43.52:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jan 18 19:26:51 server pluto[29278]: packet from 109.124.43.52:500: initial Main Mode message received on 217.18.140.170:500 but no connection has been authorized with policy=PSK
Jan 18 19:27:16 server pluto[29278]: packet from 109.124.43.52:500: ignoring Delete SA payload: not encrypted
Jan 18 19:27:16 server pluto[29278]: packet from 109.124.43.52:500: received and ignored informational message
помогите расшифровать, заранее спасибо всем
Пользователь решил продолжить мысль 19 Января 2012, 13:57:36:
надо было еще 1701 порт пробросить, теперь подключается, но как сделать чтобы подключенный комп видел локалку и ходил в интернет ?
локальная сеть 192.168.1.0/24, сервер с 2мя интерфейсами один в локалку другой в интернет, а адрес сети для л2тп - 10.1.1.0/24
как правильно разрулить ?
Пользователь решил продолжить мысль 19 Января 2012, 14:31:08:
настроил, сеть для л2тп делаем из диапазона локалки и все дышит )