я уже поднимал эту тему раньше ( помогите сконфигурировать racoon, xl2tpd. ), но результатов добился с настройкой racoon-a. Сейчас IPsec тоннель нормально работает:
13:22:17.488446 IP XXX.XXX.XXX.XXX > iptest.local: ESP(spi=0x0d45c8b0,seq=0x4), length 100
13:22:18.480749 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0x5), length 100
13:22:18.492333 IP XXX.XXX.XXX.XXX > iptest.local: ESP(spi=0x0d45c8b0,seq=0x5), length 100
13:22:19.482671 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0x6), length 100
13:22:19.488171 IP XXX.XXX.XXX.XXX > iptest.local: ESP(spi=0x0d45c8b0,seq=0x6), length 100
но при попытке запустить xl2tp l2tp соединение не поднимается. в логе почти ничего нет:
Oct 21 13:22:28 iptest xl2tpd[2404]: This binary does not support kernel L2TP.
Oct 21 13:22:28 iptest xl2tpd[2405]: xl2tpd version xl2tpd-1.2.6 started on iptest PID:2405
Oct 21 13:22:28 iptest xl2tpd[2405]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 21 13:22:28 iptest xl2tpd[2405]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 21 13:22:28 iptest xl2tpd[2405]: Inherited by Jeff McAdams, (C) 2002
Oct 21 13:22:28 iptest xl2tpd[2405]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 21 13:22:28 iptest xl2tpd[2405]: Listening on IP address 0.0.0.0, port 1701
Oct 21 13:22:28 iptest xl2tpd[2405]: get_call: allocating new tunnel for host XXX.XXX.XXX.XXX, port 1701.
Oct 21 13:22:28 iptest xl2tpd[2405]: Connecting to host XXX.XXX.XXX.XXX, port 1701
Oct 21 13:22:28 iptest xl2tpd[2405]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
Oct 21 13:22:28 iptest xl2tpd[2405]: control_finish: sending SCCRQ
Oct 21 13:22:29 iptest xl2tpd[2405]: network_thread: select timeout
Oct 21 13:22:30 iptest xl2tpd[2405]: network_thread: select timeout
Oct 21 13:22:31 iptest xl2tpd[2405]: network_thread: select timeout
Oct 21 13:22:32 iptest xl2tpd[2405]: network_thread: select timeout
Oct 21 13:22:33 iptest xl2tpd[2405]: network_thread: select timeout
Oct 21 13:22:33 iptest xl2tpd[2405]: Maximum retries exceeded for tunnel 62683. Closing.
root@iptest:/# tcpdump -i eth0 host XXX.XXX.XXX.XXX
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:25:23.231530 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0xf), length 164
13:25:24.232051 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0x10), length 164
13:25:25.233652 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0x11), length 164
13:25:26.234895 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0x12), length 164
13:25:27.235562 IP iptest.local > XXX.XXX.XXX.XXX: ESP(spi=0x88d4512f,seq=0x13), length 164
Куда копать, что смотреть? Помогите, пожалуйста, сконфигурировать.
--------------------------------------------------
конфиг xl2tpd:
[global]
access control = yes
debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lac test]
lns = XXX.XXX.XXX.XXX
redial = yes
redial timeout = 5
max redials = 10
hidden bit = yes
length bit = yes
require pap = yes
require chap = no
require authentication = no
name = l2tp
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
autodial = yes
/etc/ppp/options.xl2tpd:
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
require-pap