l2tp/ipsec 从windows7连接无法成功

atmouse · 2015-03-25 14:46:04

在raspberry pi 上用openswan+xl2tpd，参考这个 https://raymii.org/s/tutorials/IPSEC_L2 … Linux.html
搭建的，没有成功
我只想求一个左边raspberry pi在内网nat端口都映射了。右边是windows的配置, 两边都在内网

我试了很多ipsec.conf都没成功，
有这样的

Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: responding to Main Mode from unknown peer [remoteip]
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.151'
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[1] [remoteip] #1: switched from "L2TP-PSK-noNAT" to "L2TP-PSK-noNAT"
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: deleting connection "L2TP-PSK-noNAT" instance with peer [remoteip] {isakmp=#0/ipsec=#0}
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: new NAT mapping for #1, was [remoteip]:500, now [remoteip]:4500
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: the peer proposed: [mywanip]/32:17/1701 -> 192.168.3.151/32:17/0
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Mar 25 06:23:21 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #2: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION
Mar 25 06:23:23 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #2: discarding duplicate packet; already STATE_QUICK_R0
Mar 25 06:23:25 alarmpi-b1 pluto[15881]: "L2TP-PSK-noNAT"[2] [remoteip] #1: received Delete SA payload: deleting ISAKMP State #1
Mar 25 06:23:25 alarmpi-b1 pluto[15881]: packet from [remoteip]:4500: received and ignored informational message

有这样的

Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: responding to Quick Mode proposal {msgid:04000000}
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5:     us: 192.168.254.181<192.168.254.181>:17/1701
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5:   them: [remoteip][192.168.3.151]:17/1701===192.168.3.151/32
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: keeping refhim=4294901761 during rekey
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: | warning: NETKEY/XFRM in transport mode accepts ALL encrypted protoport packets between the hosts in violation of RFC 4301, Secti
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #5: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x64c2de0f <0x4a90511c xfrm=AES_128-
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: received Delete SA(0x64940298) payload: deleting IPSEC State #4
Mar 25 06:04:15 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: received and ignored informational message
Mar 25 06:04:22 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: received Delete SA(0x64c2de0f) payload: deleting IPSEC State #5
Mar 25 06:04:22 alarmpi-b1 pluto[15090]: | warning: NETKEY/XFRM in transport mode accepts ALL encrypted protoport packets between the hosts in violation of RFC 4301, Secti
Mar 25 06:04:22 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2:
Mar 25 06:04:23 alarmpi-b1 pluto[15090]: | warning: NETKEY/XFRM in transport mode accepts ALL encrypted protoport packets between the hosts in violation of RFC 4301, Secti
Mar 25 06:04:23 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: received and ignored informational message
Mar 25 06:04:23 alarmpi-b1 pluto[15090]: "L2TP-PSK-NAT"[2] [remoteip] #1: received Delete SA payload: deleting ISAKMP State #1

atmouse · 2015-03-26 09:22:38

不要沉

Arch Linux

#1 2015-03-25 14:46:04

l2tp/ipsec 从windows7连接无法成功

#2 2015-03-26 09:22:38

Re: l2tp/ipsec 从windows7连接无法成功

页脚