L2TP VPN консольный клиент

0

1

Пытаюсь настроить удалёнку из дома к работе. На работе в качестве шлюза стоит UserGate. VPN — L2TP IPSec. NetworkManager использовать не хочу.

Использовал разные инструкции (напр., 1, 2, 3).

Результат:

$ sudo ipsec up l2tp
initiating Main Mode IKE_SA l2tp[1] to 11.22.33.44
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
giving up after 5 retransmits
peer not responding, trying again (2/3)
initiating Main Mode IKE_SA l2tp[1] to 11.22.33.44
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
giving up after 5 retransmits
peer not responding, trying again (3/3)
initiating Main Mode IKE_SA l2tp[1] to 11.22.33.44
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 192.168.88.10[500] to 11.22.33.44[500] (252 bytes)
giving up after 5 retransmits
establishing IKE_SA failed, peer not responding
establishing connection 'l2tp' failed

Конфиги:

/etc/ipsec.conf:

conn l2tp
    auto=add
    keyexchange=ikev1
    authby=secret
    type=transport
    dpddelay=60s
    ikelifetime=24h
    lifetime=24h
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701
    right=11.22.33.44
    ike=aes128-sha1-modp2048
    esp=aes128-sha1,3des-sha1,aes128-md5,3des-md5

/etc/ipsec.secrets:

: PSK "MyPSK"

/etc/ppp/options.l2tpd.client:

ipcp-accept-local
ipcp-accept-remote
refuse-mschap
refuse-mschap-v2
require-pap
noccp
noauth
logfile /var/log/xl2tpd.log
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name "MyLogin"
password "MyPassword"

/etc/xl2tpd/xl2tpd.conf:

[lac l2tp]
lns = 11.22.33.44
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

Похожие темы