На оборудовании провайдера (mikrotik) IPsec сервер. У меня есть сервер на дебиан 9 и мне надо пробросить туннель к серверу. Провайдер дал мне:
сервер: dns.name
login: username
pass: PaSSw0rD
IPSEC key: KeYPassW0rd
Конфиг на стороне клиента (на debian 9):
/etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
conn myvpn
auto=add
keyexchange=ikev1
authby=secret
type=transport
left=%defaultroute
leftprotoport=17/1701
rightprotoport=17/1701
right=dns.name
ike=aes128-sha1-modp2048
esp=aes128-sha1
/etc/ipsec.secrets
: PSK "KeYPassW0rd"
/etc/xl2tpd/xl2tpd.conf
[lac myvpn]
lns = dns.name
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name "username"
password "PaSSw0rD"
На выходе получаю это:
ipsec up myvpn
initiating Main Mode IKE_SA myvpn[1] to XXX.XXX.XXX.XXX-server
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (240 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (160 bytes)
parsed ID_PROT response 0 [ SA V V V V ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (372 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (364 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (108 bytes)
received packet: from XXX.XXX.XXX.XXX-server[500] to XXX.XXX.XXX.XXX-client[500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IDir 'XXX.XXX.XXX.XXX-server' does not match to 'dns.name'
deleting IKE_SA myvpn[1] between XXX.XXX.XXX.XXX-client[XXX.XXX.XXX.XXX-client]...XXX.XXX.XXX.XXX-server[%any]
sending DELETE for IKE_SA myvpn[1]
generating INFORMATIONAL_V1 request 280587427 [ HASH D ]
sending packet: from XXX.XXX.XXX.XXX-client[500] to XXX.XXX.XXX.XXX-server[500] (92 bytes)
establishing connection 'myvpn' failed
Настраивал debian по этому ману:
https://github.com/hwdsl2/setup-ipsec-vpn/blob/mas...
Подключение с iOS и Windows получается.
Раньше не доводилось работать с IPsec. Багодарю за оказанную помощь.
Что я не так делаю?