VPN L2TP/IPsec linux server pro Mikrotik klienty

tuxmartin · Příspěvekod **tuxmartin** » 5 years ago

Zdravim,

potrebuji rozchodit na Ubuntu 18.04 L2TP/IPsec server a pripojovat se na nej z Mikrotik (hAp lite) klientu.
Jde mi o UDP VPN pro VoIP, proto nemuzu pouzit OpenVPN, kterou jinak mam vsude. Jako rozumna volba se mi proto zda prave L2TP/IPsec.

Na linuxu mam strongSwan a xl2tpd.
Stale vsak vidim jen tuto chybu:

Kód: Vybrat vše

Oct 31 15:27:41 vpn charon: 03[NET] waiting for data on sockets
Oct 31 15:27:41 vpn charon: 14[NET] received packet: from 77.78.90.200[500] to 88.86.113.219[500] (364 bytes)
Oct 31 15:27:41 vpn charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 31 15:27:41 vpn charon: 14[IKE] remote host is behind NAT
Oct 31 15:27:41 vpn charon: 14[CFG]   candidate "wtf", match: 1/1/28 (me/other/ike)
Oct 31 15:27:41 vpn charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 31 15:27:41 vpn charon: 14[NET] sending packet: from 88.86.113.219[500] to 77.78.90.200[500] (372 bytes)
Oct 31 15:27:41 vpn charon: 04[NET] sending packet: from 88.86.113.219[500] to 77.78.90.200[500]
Oct 31 15:27:42 vpn charon: 03[NET] received packet: from 77.78.90.200[4500] to 88.86.113.219[4500]
Oct 31 15:27:42 vpn charon: 03[NET] waiting for data on sockets
Oct 31 15:27:42 vpn charon: 16[NET] received packet: from 77.78.90.200[4500] to 88.86.113.219[4500] (76 bytes)
Oct 31 15:27:42 vpn charon: 16[ENC] invalid ID_V1 payload length, decryption failed?
Oct 31 15:27:42 vpn charon: 16[ENC] could not decrypt payloads
Oct 31 15:27:42 vpn charon: 16[IKE] message parsing failed
Oct 31 15:27:42 vpn charon: 16[ENC] generating INFORMATIONAL_V1 request 3597591477 [ HASH N(PLD_MAL) ]

Me configy:

Kód: Vybrat vše

root@vpn:/# cat /etc/ipsec.conf 
config setup
    charondebug="cfg 2, dmn 2, ike 2, net 2"
    uniqueids=no

conn wtf
    type=transport
    pfs=no
    rekey=no
    keyingtries=1
    left=%any
    leftprotoport=udp/l2tp
    leftid=@88.86.113.219
    right=%any
    rightprotoport=udp/%any
    auto=add
    aggressive=yes
    keyexchange=ikev1
    leftauth=psk
    rightauth=psk
    leftauth2=xauthpsk
    rightauth2=xauthpsk

Kód: Vybrat vše

root@vpn:/# cat /etc/xl2tpd/xl2tpd.conf

[global]
listen-addr = 88.86.113.219

[lns default]
ip range = 10.10.100.10-10.10.100.250
local ip = 10.10.100.1
assign ip = yes
require chap = yes
refuse pap = yes
require authentication = yes
name = TEST_VPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Kód: Vybrat vše

root@vpn:/# cat /etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
auth
mtu 1200
mru 1000
crtscts
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

Uz jsem uplne bezradny :-(

Uvitam jakykoliv tip, jak rozjet funkcni kombinaci L2TP/IPsec server na linuxu a Mikrotik klientu.

Radsi bych mel overovani certifikaty, ale preziju i IPsec PSK (klikatko na vpn ve winboxu mic jineho nenabizi) a jmena+hesla na L2TP.

Dekuji za pomoc.