Stránka 1 z 1
VPN L2TP
Napsal: 19 Nov 2011 19:32
od kongo
Zdravim,
mam problem sa autentifikovat na l2tp serveri.
v4.17
otvorene UDP porty vo firewalle: 500,1701
Kód: Vybrat vše
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
yes max-mru=1460 max-mtu=1460 mrru=disabled
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
local-address=192.168.1.1 name=meno password=heslo profile=\
default remote-address=192.168.1.10 routes="" service=l2tp
vo firewalle nabieha pocitadlo paketov na porte 500 pri kazdom pokuse o autenfikaciu a pritom klient hlasi chybu.
ako klienta pouzivam nativneho v MAC OS a taktiez som skusal vo WIN.
Dakujem za rady
Re: VPN L2TP
Napsal: 20 Nov 2011 10:42
od cino
Zdravim.
Ja to pouzivan takto
Kód: Vybrat vše
/interface l2tp-server
add comment="" disabled=no name=z_notebooku user=MENO
/interface l2tp-server server
set authentication=chap,mschap1,mschap2 default-profile=L2TP-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=\
disabled
/ppp profile
set L2TP-encryption change-tcp-mss=yes comment="" idle-timeout=10m name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=192.168.1.1 name=MENO \
password=HESLO profile=default-encryption remote-address=192.168.1.10 routes="" service=l2tp
Beží to na 411-ke Ros3.30 a pripajam sa z "DrayTek Smart VPN client 3.6.2" pre WinXP
Re: VPN L2TP
Napsal: 20 Nov 2011 15:26
od kongo
super, dakujem. takze problem bol u mna v klientovi pod MAC OS, ktory sa nevie pripojit bez ipsec. S tym draytekom vo win to slape bez ipsec.
Teraz mi uz len zostava rozbehat ipsec ...
ma s tym niekto skusenosti ? dakujem.
Re: VPN L2TP
Napsal: 21 Nov 2011 19:19
od cino
L2TP zostane nastavený rovnako a do Firewall a v IPSec treba nastaviť toto:
Kód: Vybrat vše
/ip firewall filter
add action=accept chain=input comment=ipsec disabled=no dst-port=500 protocol=udp
add action=accept chain=input comment="" disabled=no dst-port=1701 protocol=udp
add action=accept chain=input comment="" disabled=no protocol=ipsec-esp
/ip ipsec peer
add address=0.0.0.0/0:500 auth-method=pre-shared-key comment="" dh-group=modp1024 disabled=no dpd-interval=disable-dpd \
dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main generate-policy=yes hash-algorithm=sha1 lifebytes=0 \
lifetime=10m nat-traversal=no proposal-check=obey secret=TAJNE_HESLO send-initial-contact=yes
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
Potom to beží napr. aj s tým Draytek client cez "L2TP over IPSec"
Good luck
Re: VPN L2TP
Napsal: 25 Nov 2011 20:28
od kongo
cino, stale si s tym neviem dat rady
vlozil som konfiguraciu ako si uviedol vyssie a l2tp s ipsec a zial nic ...
vid. log:
Kód: Vybrat vše
20:21:50 l2tp,debug,packet sent control message to X.X.X.X:1701
20:21:50 l2tp,debug,packet tunnel-id=64, session-id=0, ns=5704, nr=5701
20:21:50 l2tp,debug,packet (M) Message-Type=HELLO
20:21:50 l2tp,debug,packet rcvd control message (ack) from X.X.X.X:1701
20:21:50 l2tp,debug,packet tunnel-id=5, session-id=0, ns=5701, nr=5705
20:21:50 ipsec couldn't find configuration.
20:21:51 ipsec couldn't find configuration.
20:21:53 ipsec couldn't find configuration.
20:21:57 ipsec couldn't find configuration.
Re: VPN L2TP
Napsal: 26 Nov 2011 11:42
od cino
Neviem kde si urobil chybu ale ak chceš môžem sa na to pozrieť ak by si mi k tomu dal prístup. (SZ)
Re: VPN L2TP
Napsal: 29 Nov 2011 06:38
od kongo
Problem bol vo verzii v4.17, zrejme nejaky bug. Upgradol som na 5.x a uz nehlasilo chybu "ipsec couldn't find configuration". Nasledne bolo treba restartnut (disable, enable) /ip/ipsec/peer
dakujem za pomoc