@Nomad_Kreator

VPN не работает?

Поднял L2TP/IPsec vpn сервер на Ubutnu при помощи strongswan и xl2tpd.
Конфиг IPsec:
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
	# strictcrlpolicy=yes
	# uniqueids = no
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        protostack=netkey

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start
conn l2tpvpn
        type=tunnel
        authby=rsasig
        pfs=no
        rekey=no
        keyingtries=2
        left=%any
        leftprotoport=udp/l2tp
        leftid=@l2tpvpnserver
        right=%any
        rightprotoport=udp/%any
        auto=add
Конфиг L2TP
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work.  The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documentation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
; [global]								; Global parameters:
; port = 1701						 	; * Bind to port 1701
; auth file = /etc/l2tpd/l2tp-secrets 	; * Where our challenge secrets are
; access control = yes					; * Refuse connections without IP match
; rand source = dev                     ; Source for entropy for random
;                                       ; numbers, options are:
;                                       ; dev - reads of /dev/urandom
;                                       ; sys - uses rand()
;                                       ; egd - reads from egd socket
;                                       ; egd is not yet implemented
;
; [lns default]							; Our fallthrough LNS definition
; exclusive = no						; * Only permit one tunnel per host
; ip range = 192.168.0.1-192.168.0.20	; * Allocate from this IP range
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5				; * But this one is okay
; ip range = lac1-lac2					; * And anything from lac1 to lac2's IP
; lac = 192.168.1.4 - 192.168.1.8		; * These can connect as LAC's
; no lac = untrusted.marko.net			; * This guy can't connect
; hidden bit = no						; * Use hidden AVP's?
; local ip = 192.168.1.2				; * Our local IP to use
; local ip range = 192.168.200.0-192.168.200.20   ; Alternatively, use a range for local addressing
; length bit = yes						; * Use length bit in payload?
; require chap = yes					; * Require CHAP auth. by peer
; refuse pap = yes						; * Refuse PAP authentication
; refuse chap = no						; * Refuse CHAP authentication
; refuse authentication = no			; * Refuse authentication altogether
; require authentication = yes			; * Require peer to authenticate
; unix authentication = no				; * Use /etc/passwd for auth.
; name = myhostname						; * Report this as our hostname
; ppp debug = no						; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns	; * ppp options file
; call rws = 10							; * RWS for call (-1 is valid)
; tunnel rws = 4						; * RWS for tunnel (must be > 0)
; flow bit = yes						; * Include sequence numbers
; challenge = yes						; * Challenge authenticate peer ; 
; rx bps = 10000000				; Receive tunnel speed
; tx bps = 10000000				; Transmit tunnel speed
; bps = 100000					; Define both receive and transmit speed in one option

; [lac marko]							; Example VPN LAC definition
; lns = lns.marko.net					; * Who is our LNS?
; lns = lns2.marko.net					; * A backup LNS (not yet used)
; redial = yes							; * Redial if disconnected?
; redial timeout = 15					; * Wait n seconds between redials
; max redials = 5						; * Give up after n consecutive failures
; hidden bit = yes						; * User hidden AVP's?
; local ip = 192.168.1.1				; * Force peer to use this IP for us
; remote ip = 192.168.1.2				; * Force peer to use this as their IP
; length bit = no						; * Use length bit in payload?
; require pap = no						; * Require PAP auth. by peer
; require chap = yes					; * Require CHAP auth. by peer
; refuse pap = yes						; * Refuse PAP authentication
; refuse chap = no						; * Refuse CHAP authentication
; refuse authentication = no			; * Refuse authentication altogether
; require authentication = yes			; * Require peer to authenticate
; name = marko							; * Report this as our hostname
; ppp debug = no						; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko	; * ppp options file for this lac
; call rws = 10							; * RWS for call (-1 is valid)
; tunnel rws = 4						; * RWS for tunnel (must be > 0)
; flow bit = yes						; * Include sequence numbers
; challenge = yes						; * Challenge authenticate peer 
;
; [lac cisco]							; Another quick LAC
; lns = cisco.marko.net					; * Required, but can take from default
; require authentication = yes			

[global]
port = 1701
access control = no
ipsec saref = yes
force userspace = yes
auth file = /etc/ppp/chap-secrets

[lns default]
ip range = 176.16.10.10-176.16.10.200
local ip = 176.16.10.1
name = l2tpserver
pppoptfile = /etc/ppp/options.xl2tpd
flow bit = yes
exclusive = no
hidden bit = no
length bit = yes
require authentication = yes
require chap = yes
refuse pap = yes
Однако ни Windows, ни андроид и даже ни роутер не подключаются. Где ошибки и в чём проблема?!
  • Вопрос задан
  • 110 просмотров
Пригласить эксперта
Ответы на вопрос 1
dimonchik2013
@dimonchik2013
...а ну-ка пыль сдуй отсюда...
проблема в невнимательности

https://habr.com/ru/post/250859/
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы