Fórumok
Sziasztok,
Elkövettem azt a hibát, hogy engedtem neki a frissítést 22.04-re és azóta nem megy az L2TP. Az elején nem is csatlakozott, most már csatlakozik, de forgalom nincs, nem látok ki az internetre. Van valami gyógyír rá?
Hozzászólások
Ismert probléma, downgradelni kell az xl2tpd csomagot (legalábbis a legutóbbi infóm ez volt), már nem használok ilyen VPN-t.
igen, azzal felcsatlakozik, de nincs rajta forgalom.
hehe látom az ubuntu nem változott sok sok év alatt se :D
Kiadnak LTS be olyan cuccost ami elve ismert hiba ...
Többek közt emiatt váltottam 8.04 után, ott a xen-t bacták el, igaz utána ki is szedték LTS-upgradenek annyi is lett, bár később megint visszatették vicc ...
Fedora 38, Thinkpad x280
Ubuntuékat én se tartom sokra, meg az LTS-eket sem szeretem, de ebben megvédeném őket. Sokszor kötve van a kezük, ha LTS, ha nem LTS, egy ponton túl bele kell tegyék az x verziót a disztróba, különben kielégíthetetlen verziófüggőségek állnak elő, vagy valami új hardver nem lesz hajtható. Olyan nincs, hogy végtelenségig egy régi, nem bugos verzión tartanak valamit. Egy ideig lehet játszani, meg ennek mentén workaroundokkal manőverezni, de nem a végtelenségig.
“A computer is like air conditioning – it becomes useless when you open Windows.” (Linus Torvalds)
Ne vicceljünk már, nem sok sok éves eltérésekről van szó:
20.04 LTS ben : 1.3.12 es verzió van, a 22.04 esben meg 1.3.16, a githubon a changelog kb new upstream relaseben kimerül
Azért lássuk be, ez nem olyan protokoll ami hetente változik, és mégis valahogy sikerült elbaszniuk.
Fedora 38, Thinkpad x280
Ez így van, valószínű ez egy nem túl gyorsan változó csomag, protokollt. De! Oké, tegyük fel, hogy maradnak az 1.3.12-es verzión. Meddig lehet azt játszani? Lehet még 1-2 kiadást eltáncolnak vele, aztán van vége a történetnek, belátták, hogy felesleges játszadozni, most látták elérkezettnek az időt, hogy aki bújt, aki nem, be lesz vezetve.
“A computer is like air conditioning – it becomes useless when you open Windows.” (Linus Torvalds)
Nem értelek. A xl2tpd mint olyan, ahogy nézem kész van. Changelogban is látható, hogy igazából semmi változás. Az, hogy az ubuntu elbaszott valami az 1.3.16 -osban nem a xl2tpd gondja.
Megjegyzem Fedora alatt is 1.3.16 os van semmi gondom vele.
Szóval csak arra reflektáltam, hogy azt is el tudják rontani, ami érdemben nem változott ...
Fedora 38, Thinkpad x280
Csak úgy műkedvelőként mondod, hogy nem változott semmi, vagy programozó vagy-e? Azért volt pár dolog.
https://github.com/xelerance/xl2tpd/releases
A kódban van a hiba, csak build paraméterektől függ, hogy kijön-e: Valsz kiadnak hamarosan egy olyan csomagot, amit olyan paraméterezéssel fordítanak, ami gány kompatibilis. De a végső megoldás az lenne, ha az instabil kódot átírnák
https://github.com/xelerance/xl2tpd/issues/232
Ez a kód 20 napja készült. A 22.04 es előbb adták ki, arról nem is beszélve, hogy freeze még előbb volt ...
Valamint felmerül a kérdés, hogy ezekkel a build paraméterekkel nem teszteltek ? Főleg hogy a 20.04 esben indító elmondása szerint jó ? Megannyi kérdés ...
Fedora 38, Thinkpad x280
Futólag belenéztem, de nem látom, pontosan mi a gond, illetve mit old meg ez a `volatile`. Valószínűleg köze van a dologhoz annak, hogy a `payload` struktúra mezői 16-bitesek, de a `packed` attribútum miatt csak byte-unaligned. Van pár compiler warning emiatt, de nem kifejezetten erre a függvényre.
Írtam oda egy kis javítást, persze tesztelni nem tudom,
-fltoopcióval kellene próbálni, esetleg-usan -lusanis:Mire váltottál?
Visszatértem a debianhoz, majd CentOS/RHEL vonal. Mai napig is ezt a 2-t használom feladattól függően.
Fedora 38, Thinkpad x280
Ubuntu? A 22.04 előtti időkben az volt az egyik disztrib a Debian és a Mint mellett amin nálam rendesen működött az L2TP. A többi rendszeresen próbált, Fedora, Mangaro, MX általában nem tudtak működő L2TP VPN-t csinálni. Most éppen utolérte az Ubuntut is a probléma.
Egyébként nálam a legutóbbi frissítés óta már megy az L2TP 22.04-en is.
8.04 - Hardy? az még volt nekem is :). cd terjesztős korszak.
No, azért, hogy többekre rácáfoljak, kipróbáltam a még meglévő egyetlen L2TP+IPSec VPN-em (amit egy Mikrotik nyújt). Tapasztalat:
Felépül a kapcsolat, internet is van => úgy működik nálam, ahogy kell.
A kliens környezet (naprakészen tartott Ubi):
Az xl2tpd verziója:
Ezzel nézd össze szerintem.
Hibák bárhol bármikor előfordulnak, ne bántsátok az Ubuntut. :)
Ugyanez nálam is....:-(
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04 LTS
Release: 22.04
Codename: jammy
dpkg -l |grep xl2tpd
ii xl2tpd 1.3.16-1ubuntu0.1 amd64 layer 2 tunneling protocol implementation
Nem volt semmi érdekes a gépen, újrahúztam gyorsan, de a jelenség ugyanaz, kapcsolódik, de nincs internet. Szóval nem az upgrade körül van a baj.
logok mit irnak? es az ipsec-et mi nyujtja? vagy sima l2tp, ipsec nelkul?
IPSec fölötti természetesen.
# sudo tail -f /var/log/syslog
May 17 17:36:26 makina dbus-daemon[1744]: [session uid=1000 pid=1744] Successfully activated service 'org.gnome.ControlCenter.SearchProvider'
May 17 17:36:27 makina dbus-daemon[1744]: [session uid=1000 pid=1744] Successfully activated service 'org.gnome.Nautilus'
May 17 17:36:27 makina dbus-daemon[1744]: [session uid=1000 pid=1744] Successfully activated service 'org.gnome.Characters.BackgroundService'
May 17 17:36:27 makina dbus-daemon[1744]: [session uid=1000 pid=1744] Successfully activated service 'org.gnome.Terminal'
May 17 17:36:27 makina systemd[1726]: Started GNOME Terminal Server.
May 17 17:36:27 makina dbus-daemon[1744]: [session uid=1000 pid=1744] Successfully activated service 'org.gnome.Calculator.SearchProvider'
May 17 17:36:27 makina gnome-calculato[36289]: search-provider.vala:140: Failed to spawn Calculator: A gyermekfolyamat kilőve 9 szignállal
May 17 17:36:28 makina nautilus[36284]: Connecting to org.freedesktop.Tracker3.Miner.Files
May 17 17:36:28 makina systemd[1726]: Started Application launched by gnome-shell.
May 17 17:36:28 makina systemd[1726]: Started VTE child process 36356 launched by gnome-terminal-server process 36287.
May 17 17:37:01 makina NetworkManager[808]: <info> [1652801821.0952] vpn[0x55e542184380,27da464d-90cd-49ad-b178-4bf0ffe5b3ec,"Otthon"]: starting l2tp
May 17 17:37:01 makina NetworkManager[808]: <info> [1652801821.0961] audit: op="connection-activate" uuid="27da464d-90cd-49ad-b178-4bf0ffe5b3ec" name="Otthon" pid=1916 uid=1000 result="success"
May 17 17:37:01 makina nm-l2tp-service[36393]: Check port 1701
May 17 17:37:01 makina nm-l2tp-service[36393]: Can't bind to port 1701
May 17 17:37:01 makina NetworkManager[36408]: Stopping strongSwan IPsec failed: starter is not running
May 17 17:37:03 makina NetworkManager[36405]: Starting strongSwan 5.9.5 IPsec [starter]...
May 17 17:37:03 makina NetworkManager[36405]: Loading config setup
May 17 17:37:03 makina NetworkManager[36405]: Loading conn '27da464d-90cd-49ad-b178-4bf0ffe5b3ec'
May 17 17:37:03 makina charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-30-generic, x86_64)
May 17 17:37:03 makina charon: 00[LIB] providers loaded by OpenSSL: legacy default
May 17 17:37:03 makina charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
May 17 17:37:03 makina charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
May 17 17:37:03 makina charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
May 17 17:37:03 makina charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
May 17 17:37:03 makina charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
May 17 17:37:03 makina charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
May 17 17:37:03 makina charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
May 17 17:37:03 makina charon: 00[CFG] loaded IKE secret for %any
May 17 17:37:03 makina charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
May 17 17:37:03 makina charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
May 17 17:37:03 makina charon: 00[JOB] spawning 16 worker threads
May 17 17:37:03 makina charon: 05[CFG] received stroke: add connection '27da464d-90cd-49ad-b178-4bf0ffe5b3ec'
May 17 17:37:03 makina charon: 05[CFG] added configuration '27da464d-90cd-49ad-b178-4bf0ffe5b3ec'
May 17 17:37:04 makina charon: 07[CFG] rereading secrets
May 17 17:37:04 makina charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
May 17 17:37:04 makina charon: 07[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
May 17 17:37:04 makina charon: 07[CFG] loaded IKE secret for %any
May 17 17:37:04 makina charon: 10[CFG] received stroke: initiate '27da464d-90cd-49ad-b178-4bf0ffe5b3ec'
May 17 17:37:04 makina charon: 11[IKE] initiating Main Mode IKE_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec[1] to 176.63.XXX.XXX
May 17 17:37:04 makina charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
May 17 17:37:04 makina charon: 11[NET] sending packet: from 192.168.XXX.33[500] to 176.63.XXX.XXX[500] (240 bytes)
May 17 17:37:04 makina charon: 12[NET] received packet: from 176.63.XXX.XXX[500] to 192.168.XXX.33[500] (410 bytes)
May 17 17:37:04 makina charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V V V V V V V V ]
May 17 17:37:04 makina charon: 12[ENC] received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
May 17 17:37:04 makina charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 17 17:37:04 makina charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 17 17:37:04 makina charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 17 17:37:04 makina charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
May 17 17:37:04 makina charon: 12[IKE] received XAuth vendor ID
May 17 17:37:04 makina charon: 12[IKE] received DPD vendor ID
May 17 17:37:04 makina charon: 12[ENC] received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
May 17 17:37:04 makina charon: 12[ENC] received unknown vendor ID: f9:19:6d:f8:6b:81:2f:b0:f6:80:26:d8:87:6d:cb:7b:00:04:32:00
May 17 17:37:04 makina charon: 12[ENC] received unknown vendor ID: ac:40:f8:c4:38:99:27:c6:e8:ac:24:53:1b:b7:8b:2b:5c:6c:71:2f:b0:a1:88:01:2f:94:ee:63:f7:20:7b:f4:69:e2:39:d4:80:4d:0d:a9:01:fc:8c:f0:cb:88:dc:77:5e:fa:a2:0a:e4:5c:3b:36:08:a5:a9:67:ae:86:f5:8b:c9:e2:17:34:ee:22:7c:f9:31:51:69:7d:dc:cf:50:61:c4:99:14:fa:de:93:35:4b:2e:17:af:47:ef:4d:79:72:25:00:38:df:58:e9:32:cb:f2:cf:0a:07:ce:24:fe:14:36:9d:be:40:e7:8e:ea:4f:d4:f1:eb:dc:15:62:4f:b7
May 17 17:37:04 makina charon: 12[ENC] received unknown vendor ID: b6:c9:8c:ca:29:0a:eb:be:37:f1:9f:31:12:d2:d7:cb
May 17 17:37:04 makina charon: 12[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
May 17 17:37:04 makina charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
May 17 17:37:04 makina charon: 12[NET] sending packet: from 192.168.XXX.33[500] to 176.63.XXX.XXX[500] (372 bytes)
May 17 17:37:05 makina charon: 13[NET] received packet: from 176.63.XXX.XXX[500] to 192.168.XXX.33[500] (356 bytes)
May 17 17:37:05 makina charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
May 17 17:37:05 makina charon: 13[IKE] local host is behind NAT, sending keep alives
May 17 17:37:05 makina charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
May 17 17:37:05 makina charon: 13[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (76 bytes)
May 17 17:37:05 makina charon: 14[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (76 bytes)
May 17 17:37:05 makina charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
May 17 17:37:05 makina charon: 14[IKE] IKE_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec[1] established between 192.168.XXX.33[192.168.XXX.33]...176.63.XXX.XXX[176.63.170.43]
May 17 17:37:05 makina charon: 14[IKE] scheduling reauthentication in 9793s
May 17 17:37:05 makina charon: 14[IKE] maximum IKE_SA lifetime 10333s
May 17 17:37:05 makina charon: 14[ENC] generating QUICK_MODE request 1554637012 [ HASH SA No ID ID NAT-OA NAT-OA ]
May 17 17:37:05 makina charon: 14[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (252 bytes)
May 17 17:37:05 makina charon: 15[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (172 bytes)
May 17 17:37:05 makina charon: 15[ENC] parsed QUICK_MODE response 1554637012 [ HASH SA No ID ID NAT-OA NAT-OA ]
May 17 17:37:05 makina charon: 15[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
May 17 17:37:05 makina charon: 15[IKE] CHILD_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec{1} established with SPIs c966931b_i 93b369ba_o and TS 192.168.XXX.33/32[udp] === 176.63.XXX.XXX/32[udp/l2f]
May 17 17:37:05 makina charon: 15[ENC] generating QUICK_MODE request 1554637012 [ HASH ]
May 17 17:37:05 makina charon: 15[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (60 bytes)
May 17 17:37:05 makina NetworkManager[36447]: initiating Main Mode IKE_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec[1] to 176.63.XXX.XXX
May 17 17:37:05 makina NetworkManager[36447]: generating ID_PROT request 0 [ SA V V V V V ]
May 17 17:37:05 makina NetworkManager[36447]: sending packet: from 192.168.XXX.33[500] to 176.63.XXX.XXX[500] (240 bytes)
May 17 17:37:05 makina NetworkManager[36447]: received packet: from 176.63.XXX.XXX[500] to 192.168.XXX.33[500] (410 bytes)
May 17 17:37:05 makina NetworkManager[36447]: parsed ID_PROT response 0 [ SA V V V V V V V V V V V ]
May 17 17:37:05 makina NetworkManager[36447]: received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
May 17 17:37:05 makina NetworkManager[36447]: received draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 17 17:37:05 makina NetworkManager[36447]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 17 17:37:05 makina NetworkManager[36447]: received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 17 17:37:05 makina NetworkManager[36447]: received NAT-T (RFC 3947) vendor ID
May 17 17:37:05 makina NetworkManager[36447]: received XAuth vendor ID
May 17 17:37:05 makina NetworkManager[36447]: received DPD vendor ID
May 17 17:37:05 makina NetworkManager[36447]: received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
May 17 17:37:05 makina NetworkManager[36447]: received unknown vendor ID: f9:19:6d:f8:6b:81:2f:b0:f6:80:26:d8:87:6d:cb:7b:00:04:32:00
May 17 17:37:05 makina NetworkManager[36447]: received unknown vendor ID: ac:40:f8:c4:38:99:27:c6:e8:ac:24:53:1b:b7:8b:2b:5c:6c:71:2f:b0:a1:88:01:2f:94:ee:63:f7:20:7b:f4:69:e2:39:d4:80:4d:0d:a9:01:fc:8c:f0:cb:88:dc:77:5e:fa:a2:0a:e4:5c:3b:36:08:a5:a9:67:ae:86:f5:8b:c9:e2:17:34:ee:22:7c:f9:31:51:69:7d:dc:cf:50:61:c4:99:14:fa:de:93:35:4b:2e:17:af:47:ef:4d:79:72:25:00:38:df:58:e9:32:cb:f2:cf:0a:07:ce:24:fe:14:36:9d:be:40:e7:8e:ea:4f:d4:f1:eb:dc:15:62:4f:b7
May 17 17:37:05 makina NetworkManager[36447]: received unknown vendor ID: b6:c9:8c:ca:29:0a:eb:be:37:f1:9f:31:12:d2:d7:cb
May 17 17:37:05 makina NetworkManager[36447]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
May 17 17:37:05 makina NetworkManager[36447]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
May 17 17:37:05 makina NetworkManager[36447]: sending packet: from 192.168.XXX.33[500] to 176.63.XXX.XXX[500] (372 bytes)
May 17 17:37:05 makina NetworkManager[36447]: received packet: from 176.63.XXX.XXX[500] to 192.168.XXX.33[500] (356 bytes)
May 17 17:37:05 makina NetworkManager[36447]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
May 17 17:37:05 makina NetworkManager[36447]: local host is behind NAT, sending keep alives
May 17 17:37:05 makina NetworkManager[36447]: generating ID_PROT request 0 [ ID HASH ]
May 17 17:37:05 makina NetworkManager[36447]: sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (76 bytes)
May 17 17:37:05 makina NetworkManager[36447]: received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (76 bytes)
May 17 17:37:05 makina NetworkManager[36447]: parsed ID_PROT response 0 [ ID HASH ]
May 17 17:37:05 makina NetworkManager[36447]: IKE_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec[1] established between 192.168.XXX.33[192.168.XXX.33]...176.63.XXX.XXX[176.63.170.43]
May 17 17:37:05 makina NetworkManager[36447]: scheduling reauthentication in 9793s
May 17 17:37:05 makina NetworkManager[36447]: maximum IKE_SA lifetime 10333s
May 17 17:37:05 makina NetworkManager[36447]: generating QUICK_MODE request 1554637012 [ HASH SA No ID ID NAT-OA NAT-OA ]
May 17 17:37:05 makina NetworkManager[36447]: sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (252 bytes)
May 17 17:37:05 makina NetworkManager[36447]: received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (172 bytes)
May 17 17:37:05 makina NetworkManager[36447]: parsed QUICK_MODE response 1554637012 [ HASH SA No ID ID NAT-OA NAT-OA ]
May 17 17:37:05 makina NetworkManager[36447]: selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
May 17 17:37:05 makina NetworkManager[36447]: CHILD_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec{1} established with SPIs c966931b_i 93b369ba_o and TS 192.168.XXX.33/32[udp] === 176.63.XXX.XXX/32[udp/l2f]
May 17 17:37:05 makina NetworkManager[36447]: connection '27da464d-90cd-49ad-b178-4bf0ffe5b3ec' established successfully
May 17 17:37:05 makina nm-l2tp-service[36393]: xl2tpd started with pid 36453
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Not looking for kernel SAref support.
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Using l2tp kernel support.
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: xl2tpd version xl2tpd-1.3.12 started on makina PID:36453
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Forked by Scott Balmos and David Stipp, (C) 2001
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Inherited by Jeff McAdams, (C) 2002
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Listening on IP address 0.0.0.0, port 54044
May 17 17:37:05 makina NetworkManager[36453]: xl2tpd[36453]: Connecting to host 176.63.XXX.XXX, port 1701
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: Connection established to 176.63.XXX.XXX, 1701. Local: 40965, Remote: 12058 (ref=0/0).
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: Calling on tunnel 40965
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: Call established with 176.63.XXX.XXX, Local: 3389, Remote: 22203, Serial: 1 (ref=0/0)
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: start_pppd: I'm running:
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "/usr/sbin/pppd"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "plugin"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "pppol2tp.so"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "pppol2tp"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "7"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "passive"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "nodetach"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: ":"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "file"
May 17 17:37:06 makina NetworkManager[36453]: xl2tpd[36453]: "/run/nm-l2tp-27da464d-90cd-49ad-b178-4bf0ffe5b3ec/ppp-options"
May 17 17:37:06 makina pppd[36454]: Plugin pppol2tp.so loaded.
May 17 17:37:06 makina pppd[36454]: Plugin /usr/lib/pppd/2.4.9/nm-l2tp-pppd-plugin.so loaded.
May 17 17:37:06 makina pppd[36454]: pppd 2.4.9 started by root, uid 0
May 17 17:37:06 makina NetworkManager[808]: <info> [1652801826.3738] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/9)
May 17 17:37:06 makina pppd[36454]: Using interface ppp0
May 17 17:37:06 makina pppd[36454]: Connect: ppp0 <-->
May 17 17:37:06 makina pppd[36454]: Overriding mtu 1500 to 1400
May 17 17:37:06 makina pppd[36454]: Overriding mru 1500 to mtu value 1400
May 17 17:37:06 makina systemd-udevd[36457]: Using default interface naming scheme 'v249'.
May 17 17:37:06 makina pppd[36454]: PAP authentication succeeded
May 17 17:37:06 makina charon: 07[KNL] 10.1.2.100 appeared on ppp0
May 17 17:37:06 makina charon: 11[KNL] 10.1.2.100 disappeared from ppp0
May 17 17:37:06 makina charon: 11[KNL] 10.1.2.100 appeared on ppp0
May 17 17:37:06 makina charon: 12[KNL] 10.1.2.100 appeared on ppp0
May 17 17:37:06 makina charon: 14[KNL] 10.1.2.100 disappeared from ppp0
May 17 17:37:06 makina charon: 16[KNL] 10.1.2.100 appeared on ppp0
May 17 17:37:06 makina charon: 15[KNL] interface ppp0 activated
May 17 17:37:06 makina pppd[36454]: local IP address 10.1.2.100
May 17 17:37:06 makina pppd[36454]: remote IP address 176.63.XXX.XXX
May 17 17:37:06 makina pppd[36454]: primary DNS address 192.168.XXX.254
May 17 17:37:06 makina NetworkManager[808]: <info> [1652801826.5899] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
May 17 17:37:06 makina charon: 15[KNL] interface ppp0 activated
May 17 17:37:06 makina NetworkManager[808]: <info> [1652801826.5954] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
May 17 17:37:06 makina dbus-daemon[807]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.11' (uid=0 pid=808 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
May 17 17:37:06 makina systemd[1]: Starting Network Manager Script Dispatcher Service...
May 17 17:37:06 makina dbus-daemon[807]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
May 17 17:37:06 makina systemd[1]: Started Network Manager Script Dispatcher Service.
May 17 17:37:06 makina NetworkManager[808]: <info> [1652801826.6453] policy: set 'Otthon' (ppp0) as default for IPv4 routing and DNS
May 17 17:37:06 makina systemd-resolved[755]: enp2s0: Bus client set default route setting: no
May 17 17:37:06 makina systemd-resolved[755]: enp2s0: Bus client reset DNS server list.
May 17 17:37:06 makina systemd-resolved[755]: ppp0: Bus client set default route setting: yes
May 17 17:37:06 makina systemd-resolved[755]: ppp0: Bus client set DNS server list to: 192.168.XXX.254
May 17 17:37:08 makina systemd[1726]: Started VTE child process 36488 launched by gnome-terminal-server process 36287.
May 17 17:37:12 makina systemd-resolved[755]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.XXX.254.
May 17 17:37:16 makina systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
May 17 17:37:18 makina systemd-resolved[755]: Using degraded feature set TCP instead of UDP for DNS server 192.168.XXX.254.
May 17 17:37:27 makina google-chrome.desktop[4420]: [4414:4446:0517/173727.112634:ERROR:connection_factory_impl.cc(425)] Failed to connect to MCS endpoint with error -105
May 17 17:37:30 makina charon: 05[IKE] sending keep alive to 176.63.XXX.XXX[4500]
May 17 17:37:35 makina charon: 08[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (92 bytes)
May 17 17:37:35 makina charon: 08[ENC] parsed INFORMATIONAL_V1 request 924542669 [ HASH N(DPD) ]
May 17 17:37:35 makina charon: 08[ENC] generating INFORMATIONAL_V1 request 3669283587 [ HASH N(DPD_ACK) ]
May 17 17:37:35 makina charon: 08[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (92 bytes)
May 17 17:37:36 makina charon: 07[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (92 bytes)
May 17 17:37:36 makina charon: 07[ENC] parsed INFORMATIONAL_V1 request 3352456550 [ HASH N(DPD) ]
May 17 17:37:36 makina charon: 07[ENC] generating INFORMATIONAL_V1 request 2503470752 [ HASH N(DPD_ACK) ]
May 17 17:37:36 makina charon: 07[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (92 bytes)
May 17 17:37:38 makina systemd-resolved[755]: Using degraded feature set UDP instead of TCP for DNS server 192.168.167.254.
May 17 17:37:38 makina charon: 09[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (92 bytes)
May 17 17:37:38 makina charon: 09[ENC] parsed INFORMATIONAL_V1 request 1192371882 [ HASH N(DPD) ]
May 17 17:37:38 makina charon: 09[ENC] generating INFORMATIONAL_V1 request 162381581 [ HASH N(DPD_ACK) ]
May 17 17:37:38 makina charon: 09[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (92 bytes)
May 17 17:37:41 makina charon: 11[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (92 bytes)
May 17 17:37:41 makina charon: 11[ENC] parsed INFORMATIONAL_V1 request 753630980 [ HASH N(DPD) ]
May 17 17:37:41 makina charon: 11[ENC] generating INFORMATIONAL_V1 request 1103916881 [ HASH N(DPD_ACK) ]
May 17 17:37:41 makina charon: 11[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (92 bytes)
May 17 17:37:43 makina systemd-resolved[755]: Using degraded feature set TCP instead of UDP for DNS server 192.168.167.254.
May 17 17:37:46 makina charon: 13[NET] received packet: from 176.63.XXX.XXX[4500] to 192.168.XXX.33[4500] (92 bytes)
May 17 17:37:46 makina charon: 13[ENC] parsed INFORMATIONAL_V1 request 1829099405 [ HASH N(DPD) ]
May 17 17:37:46 makina charon: 13[ENC] generating INFORMATIONAL_V1 request 2201225588 [ HASH N(DPD_ACK) ]
May 17 17:37:46 makina charon: 13[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (92 bytes)
May 17 17:37:49 makina NetworkManager[808]: <info> [1652801869.4126] audit: op="connection-deactivate" uuid="27da464d-90cd-49ad-b178-4bf0ffe5b3ec" name="Otthon" pid=1916 uid=1000 result="success"
May 17 17:37:49 makina dbus-daemon[807]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.11' (uid=0 pid=808 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
May 17 17:37:49 makina systemd[1]: Starting Network Manager Script Dispatcher Service...
May 17 17:37:49 makina dbus-daemon[807]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
May 17 17:37:49 makina systemd[1]: Started Network Manager Script Dispatcher Service.
May 17 17:37:49 makina NetworkManager[808]: <info> [1652801869.4475] policy: set '1. vezetékes kapcsolat' (enp2s0) as default for IPv4 routing and DNS
May 17 17:37:49 makina charon: 16[KNL] 10.1.2.100 disappeared from ppp0
May 17 17:37:49 makina charon: 11[KNL] 10.1.2.100 disappeared from ppp0
May 17 17:37:49 makina NetworkManager[36453]: xl2tpd[36453]: death_handler: Fatal signal 15 received
May 17 17:37:49 makina NetworkManager[36536]: Stopping strongSwan IPsec...
May 17 17:37:49 makina NetworkManager[36453]: xl2tpd[36453]: Terminating pppd: sending TERM signal to pid 36454
May 17 17:37:49 makina NetworkManager[36453]: xl2tpd[36453]: Connection 12058 closed to 176.63.XXX.XXX, port 1701 (Server closing)
May 17 17:37:49 makina systemd-resolved[755]: enp2s0: Bus client set default route setting: yes
May 17 17:37:49 makina pppd[36454]: Terminating on signal 15
May 17 17:37:49 makina pppd[36454]: Connect time 0.8 minutes.
May 17 17:37:49 makina pppd[36454]: Sent 472425815 bytes, received 0 bytes.
May 17 17:37:49 makina charon: 00[DMN] SIGINT received, shutting down
May 17 17:37:49 makina charon: 00[IKE] closing CHILD_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec{1} with SPIs c966931b_i (533 bytes) 93b369ba_o (428281287 bytes) and TS 192.168.XXX.33/32[udp] === 176.63.XXX.XXX/32[udp/l2f]
May 17 17:37:49 makina charon: 00[IKE] sending DELETE for ESP CHILD_SA with SPI c966931b
May 17 17:37:49 makina charon: 00[ENC] generating INFORMATIONAL_V1 request 2643863889 [ HASH D ]
May 17 17:37:49 makina charon: 00[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (76 bytes)
May 17 17:37:49 makina charon: 00[IKE] deleting IKE_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec[1] between 192.168.XXX.33[192.168.XXX.33]...176.63.XXX.XXX[176.63.170.43]
May 17 17:37:49 makina charon: 00[IKE] sending DELETE for IKE_SA 27da464d-90cd-49ad-b178-4bf0ffe5b3ec[1]
May 17 17:37:49 makina charon: 00[ENC] generating INFORMATIONAL_V1 request 3001758283 [ HASH D ]
May 17 17:37:49 makina charon: 00[NET] sending packet: from 192.168.XXX.33[4500] to 176.63.XXX.XXX[4500] (92 bytes)
May 17 17:37:49 makina charon: 12[KNL] interface ppp0 deactivated
May 17 17:37:49 makina NetworkManager[808]: <info> [1652801869.5011] device (ppp0): state change: disconnected -> unmanaged (reason 'connection-assumed', sys-iface-state: 'external')
May 17 17:37:49 makina pppd[36454]: Overriding mtu 1500 to 1400
May 17 17:37:49 makina pppd[36454]: Overriding mru 1500 to mtu value 1400
May 17 17:37:49 makina systemd-resolved[755]: enp2s0: Bus client set DNS server list to: 192.168.XXX.254
May 17 17:37:49 makina systemd-resolved[755]: ppp0: Bus client set default route setting: no
May 17 17:37:49 makina systemd-resolved[755]: ppp0: Bus client reset DNS server list.
May 17 17:37:49 makina nm-l2tp-service[36393]: ipsec shut down
May 17 17:37:55 makina pppd[36454]: Connection terminated.
May 17 17:37:55 makina charon: 15[KNL] interface ppp0 deleted
May 17 17:37:55 makina gnome-shell[1916]: Removing a network device that was not added
May 17 17:37:55 makina pppd[36454]: Modem hangup
May 17 17:37:55 makina pppd[36454]: Exit.
May 17 17:37:59 makina systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
pedig ez nagyjabol jonak tunik (mostanaban napoi szinten debuggolok l2tp-t, igaz szerver oldalon).
ez mondjuk ekeg fura:
May 17 17:37:49 makina pppd[36454]: Sent 472425815 bytes, received 0 bytes.
nem csak a 0 received, de a 472 meganyi kuldott is....
azt nezd meg meg, hogy amikor beconnecteltel, es mondjuk pingelsz valamit odaat, utana a 'ipsec statusall' parancs mit ir ki (meg disconnect elott). ott latszanak-e a bejovo csomagok?
ami meg fura nekem, ilyennel eddig nem talalkoztam (szervereken):
May 17 17:37:06 makina pppd[36454]: Plugin pppol2tp.so loaded.
May 17 17:37:06 makina pppd[36454]: Plugin /usr/lib/pppd/2.4.9/nm-l2tp-pppd-plugin.so loaded.
Jó(!) IPSEC könyvet keresnék. Papír alapúnak jobban hiszek (legyen ISBN száma), mint a bárki által összecsapott PDF-et elnevezem "book"-nak.
Első körben gyártófüggetlent, lehetőleg az aktuális évtizedből. A 2000-es évek elején írt könyvekkel tele az Amazon, de ikev2 és egy csomó hozadéka nyilván nincs bennük. A hozzászólások alapján a többség helykitöltőként kopipésztelte az RFC-t 100 oldalakon keresztül. Azt meg én is ki tudom nyomtatni ha azt akarnám olvasni, és nem az emészthető, példákkal ábrákkalt illusztrált értelmezett verziót.
de miert? tenyleg ott az RFC ha a reszletek erdekelnek, es meg az is bugos (ugye a hires sha256 hash hossz eliras benne ami miatt szenvedes van ezzel mindenutt).
amugy meg implementacio fuggo minden, engem pl. jobban erdekelne egy jo strongswan leiras, mert meg a sajat oldalukon is zavaros es sokszor elavult a doksi meg a peldak...
IT-ben amugy van meg letjogosultsaga a nyomatott konyveknek? neha nezem a packt free ebooks-t, ahol 2-3 eves konyveket raknak ki ingyen, es mar ami azokban van is elavult rendesen... en biztos nem vennek mar konyvter IT temakorben semmirol, mert mire ideer mar elavult.
Teljesen jogos amit mondasz. De akkora katyvasz ez az ipsec, hogy alapozó könyv kéne, amiben legalább az elméletet helyreteszi a fejemben. Aztán jöhetnének az implementáció-beli elbaszások amik miatt mégsem működik az elmélet a gyakorlatban, de legalább látná az ember h. nem ő a hülye hanem az összes gyártó.
Amúgy strongswan könyvnek én is valóban jobban örülnék, mert azzal szopok szerver és kliens oldalon is. De az ilyen openszósz garázsprojekteknél ez kb sosem teljesül, mert az a mondás h. minek neked könyv ha ott van a (szar olvashatatlan értelmezhetetlen) manuál, olvasgasd azt kisköcsög!
Holnap megnézem. A ping ment a KFKI NTP-re, miközben elindítottam a VPN-t.
Ez egy tűzfal amire becsatlakozik, lehet, azért fura a log. Ugyanerre egy androiddal becsatlakozva minden ok.