Как работает L2TP/IPSec?
Всем привет.
Подскажите пожалуйста простыми словами, как работает связка данных протоколов.
На данный момент для меня это выглядит как-то так
1) UDP-connection
2) ???
3) Profit!!!
буду благодарен :)
Всем привет.
Подскажите пожалуйста простыми словами, как работает связка данных протоколов.
На данный момент для меня это выглядит как-то так
1) UDP-connection
2) ???
3) Profit!!!
буду благодарен :)
Всем хеллоу.
Есть
Linux - 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux
xl2tpd version: xl2tpd-1.3.12
Linux strongSwan U5.7.2/K4.19.0-5-amd64
Dnsmasq version 2.80
/etc/ipsec.conf
config setup
charondebug="enc 0, net 0, ike 0, cfg 0, knl 0, lib 0, job 0, dmn 0"
conn vpnserver
authby=secret
auto=add
type=transport
left={ip-2}
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rekey=no
/etc/dnsmasq.conf
dhcp-range=10.1.2.3,static
dhcp-option=option:router
dhcp-option=121,10.1.2.1/32,10.1.2.2,{ip-1}/32,10.1.2.2
dhcp-option=249,10.1.2.1/32,10.1.2.2,{ip-1}/32,10.1.2.2
dhcp-option=vendor:MSFT,2,1i
/etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
[lns default]
ip range = 10.1.2.3-10.1.2.25
local ip = 10.1.2.2
require chap = yes
refuse pap = yes
require authentication = yes
pppoptfile = /etc/ppp/options.xl2tpd
/etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
debug
auth
name vpnserver
proxyarp
mtu 1372
/etc/iptables/rules.v4
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp --dport 4500 -j ACCEPT
-A INPUT -p udp --dport 500 -j ACCEPT
-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport l2tp -j ACCEPT
-A INPUT -p udp -m udp --dport l2tp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i ppp+ -s 10.1.2.0/24 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -s 8.8.8.8 -j ACCEPT
-A FORWARD -d 8.8.8.8 -j ACCEPT
-A FORWARD -j REJECT
-A OUTPUT -j ACCEPT
-A OUTPUT -p udp -m policy --dir out --pol ipsec -m udp --sport l2tp -j ACCEPT
-A OUTPUT -p udp -m udp --sport l2tp -j REJECT --reject-with icmp-port-unreachable
COMMIT
*nat
-A POSTROUTING -o ens3 -s 10.1.2.0/24 --jump MASQUERADE
#-I POSTROUTING 1 -j LOG
COMMIT
/etc/network/interfaces
auto ens3
iface ens3 inet static
address {ip-1}
netmask 255.255.255.255
gateway 10.0.0.1
pointopoint 10.0.0.1
up ip addr add {ip-2}/32 dev ens3
down ip addr del {ip-2}/32 dev ens3
auto dummy0
iface dummy0 inet static
address 10.1.2.1
netmask 255.255.255.0
pre-up ip link add dummy0 type dummy
/etc/modules
dummy
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.ip_forward = 1
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:57:d7:ec brd ff:ff:ff:ff:ff:ff
inet {ip-1} peer 10.0.0.1/32 brd {ip-1} scope global ens3
valid_lft forever preferred_lft forever
inet {ip-2}/32 scope global ens3
valid_lft forever preferred_lft forever
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether f6:ed:c9:9f:fc:ef brd ff:ff:ff:ff:ff:ff
inet 10.1.2.1/24 brd 10.1.2.255 scope global dummy0
valid_lft forever preferred_lft forever
В результате всего этого имеем
Aug 7 03:46:43 - charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug 7 03:46:43 - ipsec[585]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.0-5-amd64, x86_64)
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 7 03:46:43 - ipsec[585]: 00[CFG] loaded IKE secret for {ip-2}
Aug 7 03:46:43 - ipsec[585]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug 7 03:46:43 - ipsec[585]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 7 03:46:43 - ipsec[585]: 00[JOB] spawning 16 worker threads
Aug 7 03:46:43 - ipsec[585]: 05[CFG] received stroke: add connection 'vpnserver'
Aug 7 03:46:43 - ipsec[585]: 05[CFG] added configuration 'vpnserver'
Aug 7 03:46:43 - ipsec[585]: 00[DMN] signal of type SIGINT received. Shutting down
Aug 7 03:46:43 - ipsec[585]: charon stopped after 200 ms
Aug 7 03:46:43 - ipsec[585]: ipsec starter stopped
Aug 7 03:46:43 - systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf...
Aug 7 03:46:43 - systemd[1]: strongswan.service: Succeeded.
Aug 7 03:46:43 - systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
Aug 7 03:46:43 - systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
Aug 7 03:46:43 - ipsec[684]: Starting strongSwan 5.7.2 IPsec [starter]...
Aug 7 03:46:43 - systemd[1]: Stopping LSB: layer 2 tunelling protocol daemon...
Aug 7 03:46:43 - xl2tpd[613]: death_handler: Fatal signal 15 received
Aug 7 03:46:43 - xl2tpd[694]: Stopping xl2tpd: xl2tpd.
Aug 7 03:46:43 - systemd[1]: xl2tpd.service: Succeeded.
Aug 7 03:46:43 - systemd[1]: Stopped LSB: layer 2 tunelling protocol daemon.
Aug 7 03:46:43 - systemd[1]: Starting LSB: layer 2 tunelling protocol daemon...
Aug 7 03:46:43 - charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.0-5-amd64, x86_64)
Aug 7 03:46:43 - xl2tpd[711]: Enabling IPsec SAref processing for L2TP transport mode SAs
Aug 7 03:46:43 - xl2tpd[711]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes
Aug 7 03:46:43 - xl2tpd[711]: setsockopt recvref[30]: Protocol not available
Aug 7 03:46:43 - xl2tpd[711]: Not looking for kernel support.
Aug 7 03:46:43 - xl2tpd[703]: Starting xl2tpd: xl2tpd.
Aug 7 03:46:43 - systemd[1]: Started LSB: layer 2 tunelling protocol daemon.
Aug 7 03:46:43 - xl2tpd[712]: xl2tpd version xl2tpd-1.3.12 started on -.info PID:712
Aug 7 03:46:43 - xl2tpd[712]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug 7 03:46:43 - xl2tpd[712]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 7 03:46:43 - xl2tpd[712]: Inherited by Jeff McAdams, (C) 2002
Aug 7 03:46:43 - xl2tpd[712]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Aug 7 03:46:43 - xl2tpd[712]: Listening on IP address 0.0.0.0, port 1701
Aug 7 03:46:43 - charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 7 03:46:43 - charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 7 03:46:43 - charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 7 03:46:43 - charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 7 03:46:43 - charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 7 03:46:43 - charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 7 03:46:43 - charon: 00[CFG] loaded IKE secret for {ip-2}
Aug 7 03:46:43 - charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug 7 03:46:43 - charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 7 03:46:43 - charon: 00[JOB] spawning 16 worker threads
Aug 7 03:46:43 - systemd[1]: Stopping dnsmasq - A lightweight DHCP and caching DNS server...
Aug 7 03:46:43 - ipsec[684]: charon (710) started after 40 ms
Aug 7 03:46:43 - charon: 05[CFG] received stroke: add connection 'vpnserver'
Aug 7 03:46:43 - charon: 05[CFG] added configuration 'vpnserver'
Aug 7 03:46:43 - dnsmasq[649]: exiting on receipt of SIGTERM
Aug 7 03:46:43 - systemd[1]: dnsmasq.service: Succeeded.
Aug 7 03:46:43 - systemd[1]: Stopped dnsmasq - A lightweight DHCP and caching DNS server.
Aug 7 03:46:43 - systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Aug 7 03:46:43 - dnsmasq[740]: dnsmasq: syntax check OK.
Aug 7 03:46:43 - dnsmasq[748]: started, version 2.80 cachesize 150
Aug 7 03:46:43 - dnsmasq[748]: DNS service limited to local subnets
Aug 7 03:46:43 - dnsmasq[748]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile
Aug 7 03:46:43 - dnsmasq-dhcp[748]: DHCP, static leases only on 10.1.2.3, lease time 1h
Aug 7 03:46:43 - dnsmasq[748]: reading /etc/resolv.conf
Aug 7 03:46:43 - dnsmasq[748]: using nameserver 8.8.8.8#53
Aug 7 03:46:43 - dnsmasq[748]: using nameserver 8.8.4.4#53
Aug 7 03:46:43 - dnsmasq[748]: read /etc/hosts - 5 addresses
Aug 7 03:46:43 - systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Aug 7 03:46:55 - charon: 07[NET] received packet: from {ip-client}[15822] to {ip-2}[500] (408 bytes)
Aug 7 03:46:55 - charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Aug 7 03:46:55 - charon: 07[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Aug 7 03:46:55 - charon: 07[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Aug 7 03:46:55 - charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Aug 7 03:46:55 - charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 7 03:46:55 - charon: 07[IKE] received FRAGMENTATION vendor ID
Aug 7 03:46:55 - charon: 07[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug 7 03:46:55 - charon: 07[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Aug 7 03:46:55 - charon: 07[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Aug 7 03:46:55 - charon: 07[IKE] {ip-client} is initiating a Main Mode IKE_SA
Aug 7 03:46:55 - charon: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Aug 7 03:46:55 - charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Aug 7 03:46:55 - charon: 07[NET] sending packet: from {ip-2}[500] to {ip-client}[15822] (160 bytes)
Aug 7 03:46:55 - charon: 08[NET] received packet: from {ip-client}[15822] to {ip-2}[500] (228 bytes)
Aug 7 03:46:55 - charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 7 03:46:55 - charon: 08[IKE] remote host is behind NAT
Aug 7 03:46:55 - charon: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug 7 03:46:55 - charon: 08[NET] sending packet: from {ip-2}[500] to {ip-client}[15822] (212 bytes)
Aug 7 03:46:55 - charon: 09[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (76 bytes)
Aug 7 03:46:55 - charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
Aug 7 03:46:55 - charon: 09[CFG] looking for pre-shared key peer configs matching {ip-2}...{ip-client}[192.168.98.25]
Aug 7 03:46:55 - charon: 09[CFG] selected peer config "vpnserver"
Aug 7 03:46:55 - charon: 09[IKE] IKE_SA vpnserver[1] established between {ip-2}[{ip-2}]...{ip-client}[192.168.98.25]
Aug 7 03:46:55 - charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
Aug 7 03:46:55 - charon: 09[NET] sending packet: from {ip-2}[4500] to {ip-client}[15823] (76 bytes)
Aug 7 03:46:55 - charon: 11[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (444 bytes)
Aug 7 03:46:55 - charon: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug 7 03:46:55 - charon: 11[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 7 03:46:55 - charon: 11[IKE] received 3600s lifetime, configured 0s
Aug 7 03:46:55 - charon: 11[IKE] received 250000000 lifebytes, configured 0
Aug 7 03:46:55 - charon: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug 7 03:46:55 - charon: 11[NET] sending packet: from {ip-2}[4500] to {ip-client}[15823] (204 bytes)
Aug 7 03:46:55 - charon: 12[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (60 bytes)
Aug 7 03:46:55 - charon: 12[ENC] parsed QUICK_MODE request 1 [ HASH ]
Aug 7 03:46:55 - charon: 12[IKE] CHILD_SA vpnserver{1} established with SPIs c14bb892_i 06c946b0_o and TS {ip-2}/32[udp/l2f] === {ip-client}/32[udp/l2f]
Aug 7 03:46:56 - xl2tpd[712]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
Aug 7 03:46:58 - xl2tpd[712]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
Aug 7 03:47:02 - xl2tpd[712]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
Aug 7 03:47:10 - xl2tpd[712]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
Aug 7 03:47:20 - xl2tpd[712]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
Aug 7 03:47:26 - xl2tpd[712]: Maximum retries exceeded for tunnel 35573. Closing.
Aug 7 03:47:26 - xl2tpd[712]: Connection 13 closed to {ip-client}, port 1701 (Timeout)
Aug 7 03:47:30 - charon: 15[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (76 bytes)
Aug 7 03:47:30 - charon: 15[ENC] parsed INFORMATIONAL_V1 request 3378750910 [ HASH D ]
Aug 7 03:47:30 - charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 06c946b0
Aug 7 03:47:30 - charon: 15[IKE] closing CHILD_SA vpnserver{1} with SPIs c14bb892_i (648 bytes) 06c946b0_o (0 bytes) and TS {ip-2}/32[udp/l2f] === {ip-client}/32[udp/l2f]
Aug 7 03:47:30 - charon: 16[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (92 bytes)
Aug 7 03:47:30 - ipsec[684]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.0-5-amd64, x86_64)
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 7 03:47:30 - ipsec[684]: 00[CFG] loaded IKE secret for {ip-2}
Aug 7 03:47:30 - ipsec[684]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug 7 03:47:30 - ipsec[684]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 7 03:47:30 - ipsec[684]: 00[JOB] spawning 16 worker threads
Aug 7 03:47:30 - ipsec[684]: 05[CFG] received stroke: add connection 'vpnserver'
Aug 7 03:47:30 - ipsec[684]: 05[CFG] added configuration 'vpnserver'
Aug 7 03:47:30 - ipsec[684]: 07[NET] received packet: from {ip-client}[15822] to {ip-2}[500] (408 bytes)
Aug 7 03:47:30 - ipsec[684]: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Aug 7 03:47:30 - ipsec[684]: 07[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
Aug 7 03:47:30 - ipsec[684]: 07[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Aug 7 03:47:30 - ipsec[684]: 07[IKE] received NAT-T (RFC 3947) vendor ID
Aug 7 03:47:30 - ipsec[684]: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 7 03:47:30 - ipsec[684]: 07[IKE] received FRAGMENTATION vendor ID
Aug 7 03:47:30 - ipsec[684]: 07[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug 7 03:47:30 - ipsec[684]: 07[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Aug 7 03:47:30 - ipsec[684]: 07[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Aug 7 03:47:30 - ipsec[684]: 07[IKE] {ip-client} is initiating a Main Mode IKE_SA
Aug 7 03:47:30 - ipsec[684]: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Aug 7 03:47:30 - ipsec[684]: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Aug 7 03:47:30 - ipsec[684]: 07[NET] sending packet: from {ip-2}[500] to {ip-client}[15822] (160 bytes)
Aug 7 03:47:30 - ipsec[684]: 08[NET] received packet: from {ip-client}[15822] to {ip-2}[500] (228 bytes)
Aug 7 03:47:30 - ipsec[684]: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 7 03:47:30 - charon: 16[ENC] parsed INFORMATIONAL_V1 request 1455205357 [ HASH D ]
Aug 7 03:47:30 - ipsec[684]: 08[IKE] remote host is behind NAT
Aug 7 03:47:30 - ipsec[684]: 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug 7 03:47:30 - ipsec[684]: 08[NET] sending packet: from {ip-2}[500] to {ip-client}[15822] (212 bytes)
Aug 7 03:47:30 - ipsec[684]: 09[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (76 bytes)
Aug 7 03:47:30 - ipsec[684]: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
Aug 7 03:47:30 - ipsec[684]: 09[CFG] looking for pre-shared key peer configs matching {ip-2}...{ip-client}[192.168.98.25]
Aug 7 03:47:30 - ipsec[684]: 09[CFG] selected peer config "vpnserver"
Aug 7 03:47:30 - ipsec[684]: 09[IKE] IKE_SA vpnserver[1] established between {ip-2}[{ip-2}]...{ip-client}[192.168.98.25]
Aug 7 03:47:30 - ipsec[684]: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
Aug 7 03:47:30 - ipsec[684]: 09[NET] sending packet: from {ip-2}[4500] to {ip-client}[15823] (76 bytes)
Aug 7 03:47:30 - ipsec[684]: 11[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (444 bytes)
Aug 7 03:47:30 - ipsec[684]: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug 7 03:47:30 - ipsec[684]: 11[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 7 03:47:30 - ipsec[684]: 11[IKE] received 3600s lifetime, configured 0s
Aug 7 03:47:30 - ipsec[684]: 11[IKE] received 250000000 lifebytes, configured 0
Aug 7 03:47:30 - ipsec[684]: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug 7 03:47:30 - ipsec[684]: 11[NET] sending packet: from {ip-2}[4500] to {ip-client}[15823] (204 bytes)
Aug 7 03:47:30 - ipsec[684]: 12[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (60 bytes)
Aug 7 03:47:30 - ipsec[684]: 12[ENC] parsed QUICK_MODE request 1 [ HASH ]
Aug 7 03:47:30 - ipsec[684]: 12[IKE] CHILD_SA vpnserver{1} established with SPIs c14bb892_i 06c946b0_o and TS {ip-2}/32[udp/l2f] === {ip-client}/32[udp/l2f]
Aug 7 03:47:30 - ipsec[684]: 15[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (76 bytes)
Aug 7 03:47:30 - ipsec[684]: 15[ENC] parsed INFORMATIONAL_V1 request 3378750910 [ HASH D ]
Aug 7 03:47:30 - ipsec[684]: 15[IKE] received DELETE for ESP CHILD_SA with SPI 06c946b0
Aug 7 03:47:30 - ipsec[684]: 15[IKE] closing CHILD_SA vpnserver{1} with SPIs c14bb892_i (648 bytes) 06c946b0_o (0 bytes) and TS {ip-2}/32[udp/l2f] === {ip-client}/32[udp/l2f]
Aug 7 03:47:30 - ipsec[684]: 16[NET] received packet: from {ip-client}[15823] to {ip-2}[4500] (92 bytes)
Aug 7 03:47:30 - ipsec[684]: 16[ENC] parsed INFORMATIONAL_V1 request 1455205357 [ HASH D ]
Aug 7 03:47:30 - ipsec[684]: 16[IKE] received DELETE for IKE_SA vpnserver[1]
Aug 7 03:47:30 - charon: 16[IKE] received DELETE for IKE_SA vpnserver[1]
Aug 7 03:47:30 - charon: 16[IKE] deleting IKE_SA vpnserver[1] between {ip-2}[{ip-2}]...{ip-client}[192.168.98.25]
Aug 7 03:47:57 - xl2tpd[712]: Unable to deliver closing message for tunnel 35573. Destroying anyway.
Aug 7 03:48:20 - systemd[1]: Started Session 3 of user root.
Пробовал подключение через двух разных провайдеров - результат идентичный => вряд ли провайдер блокирует что-то.
С этим конфигом всё работало на debian 9 Результат стал таким при применении обозначенных конфигов на debian 10. А может чего-то перепутано... :)
Хелп плз :)
Здравствуйте. Дело в том, что необходимо было внести некоторые изменения в openssl. Исходники были скачаны с помощью apt-get source, потом собраны с помощью debuild -b -uc -us, после чего в родительской папке появились дополнительные пакеты, в том числе libssl-dev, libssl-doc и libssl1.0.0. Установлено всё было с помощью dpkg -i *.deb. Всё установилось, заработало. В общем желаемый результат был достигнут. Но появилась проблема. Когда я запускаю apt-get update && apt-get upgrade, apt предлагает мне обновить пакеты libssl, libssl-dev и т.д., хотя они меньше минуты назад были установлены из исходников. Как это понимать?
Недавно появилась потребность во внесении некоторых изменений в один из пакетов debian. То есть скачивается исходник с помощью apt-get source, вносятся изменения, пакет собирается, устанавливается, работает. Тут всё понятно. Дело в том, что пакет рано или поздно будет обновляться, и его нужно будет снова модифицировать соответствующим образом. В связи с этим хотелось бы узнать, как сделать так, чтобы при изменении конкретного пакета в конкретном дистрибутиве (jessie) мне на почту приходило оповещение о том, что нужно совершить соответствующие действия. Можно подписаться на изменения пакета в Debian Package Tracking System (tracker.debian.org), но это не совсем то. Мне будут сообщать о всех изменениях касающегося этого пакета вообще, а не в конкретном дистрибутиве.
Если кто-то уже решал такую задачу, буду рад если поделитесь опытом.
Здравствуйте. Настраиваю сервер sendmail. Столкнулся с такой вот глупостью.
При выполнении команды sendmail -vt jhkjahskasjh@lhjakjhkdjah.skhsj < mail Происходи вот это
sjhkjahskasjh@lhjakjhkdjah.skhsj... Connecting to [127.0.0.1] via relay... 220 server ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Mon, 30 Jun 2014 19:25:58 +0800; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
EHLO server
250-server Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP
VERB
250 2.0.0 Verbose mode
MAIL From:<noisebringer@server> SIZE=17 AUTH=noisebringer@server
250 2.1.0 <noisebringer@server>... Sender ok
RCPT To:<sjhkjahskasjh@lhjakjhkdjah.skhsj>
DATA
250 2.1.5 <sjhkjahskasjh@lhjakjhkdjah.skhsj>... Recipient ok (!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!) !!!!!!!!!!!!!!!!!ЧТО ЗА ГЛУПОСТЬ КАК Recipient может быть ok
354 Enter mail, end with "." on a line by itself
.
050 <noisebringer@server>... Connecting to local... 050 <noisebringer@server>... Sent 250 2.0.0 s5UBPweF009978 Message accepted for delivery sjhkjahskasjh@lhjakjhkdjah.skhsj... Sent (s5UBPweF009978 Message accepted for delivery) Closing connection to [127.0.0.1]
QUIT
Далее на почту пользователя, от имени которого была запущено команда приходит письмо с уведомлением о том, что домена для получения этого письма на существует.
Установил Ubuntu. Начал в ней потихоньку обживаться. В начале было впечатление, что Linux дошёл до уровня, когда в нём ковыряться не надо и всё само-собой заработает. Но это только в начале.
Установил Skype. И тут начались траблы со звуком. Не со всей звуковой системой, а только в Skype. Он звук работает (запуск, уведомления и т.п.) с какими-то шумами, и после воспроизведения звука происходит повторение этого звука в шумном виде (сомневаюсь что кто-то поймет, но если поймет то хорошо).
В чём проблема не известно. Шарился в инете. Попробовал несколько how to нифига не получилось и пришел к выводу, что нужно разбираться самому.
Начал разбираться и понял, что ничего не понимаю.
В процессе устранения непонимания забрел в папку /dev/snd и написал там ls -l. Увидел следующее:
drwxr-xr-x 2 root root 80 2011-12-21 11:26 by-path
crw-rw----+ 1 root audio 116, 5 2011-12-21 11:26 controlC0
crw-rw----+ 1 root audio 116, 14 2011-12-21 11:26 controlC1
crw-rw----+ 1 root audio 116, 4 2011-12-21 11:26 hwC0D0
crw-rw----+ 1 root audio 116, 13 2011-12-21 11:26 hwC1D0
crw-rw----+ 1 root audio 116, 12 2011-12-21 11:26 hwC1D1
crw-rw----+ 1 root audio 116, 11 2011-12-21 11:26 hwC1D2
crw-rw----+ 1 root audio 116, 10 2011-12-21 11:26 hwC1D3
crw-rw----+ 1 root audio 116, 3 2011-12-21 11:38 pcmC0D0c
crw-rw----+ 1 root audio 116, 2 2011-12-21 12:02 pcmC0D0p
crw-rw----+ 1 root audio 116, 9 2011-12-21 11:37 pcmC1D3p
crw-rw----+ 1 root audio 116, 8 2011-12-21 11:37 pcmC1D7p
crw-rw----+ 1 root audio 116, 7 2011-12-21 11:26 pcmC1D8p
crw-rw----+ 1 root audio 116, 6 2011-12-21 11:26 pcmC1D9p
crw-rw----+ 1 root audio 116, 1 2011-12-21 11:26 seq
crw-rw----+ 1 root audio 116, 33 2011-12-21 11:26 timer
Потом зашел и by-path и сделал то же самое. Получил:
lrwxrwxrwx 1 root root 12 2011-12-21 11:26 pci-0000:00:1b.0 -> ../controlC0
lrwxrwxrwx 1 root root 12 2011-12-21 11:26 pci-0000:01:00.1 -> ../controlC1
После этого напросился вполне логичный вывод, что звук у меня находится на двух устройствах, подключенных к шине pci.
Вот dmesgи
noisebringer@vaio:/dev/snd/by-path$ dmesg | grep 0000:00:1b.0
[ 1.010898] pci 0000:00:1b.0: [8086:3b56] type 0 class 0x000403
[ 1.010912] pci 0000:00:1b.0: reg 10: [mem 0xde100000-0xde103fff 64bit]
[ 1.010959] pci 0000:00:1b.0: PME# supported from D0 D3hot D3cold
[ 1.010962] pci 0000:00:1b.0: PME# disabled
[ 18.003645] HDA Intel 0000:00:1b.0: PCI INT A -> GSI 22 (level, low) -> IRQ 22
[ 18.003721] HDA Intel 0000:00:1b.0: irq 43 for MSI/MSI-X
[ 18.003751] HDA Intel 0000:00:1b.0: setting latency timer to 64
[ 18.054362] input: HDA Intel Mic as /devices/pci0000:00/0000:00:1b.0/sound/card0/input6
[ 18.054415] input: HDA Intel Headphone as /devices/pci0000:00/0000:00:1b.0/sound/card0/input7
noisebringer@vaio:/dev/snd/by-path$ dmesg | grep 0000:01:00.1
[ 1.013779] pci 0000:01:00.1: [10de:0be3] type 0 class 0x000403
[ 1.013790] pci 0000:01:00.1: reg 10: [mem 0xd3000000-0xd3003fff]
[ 18.054529] HDA Intel 0000:01:00.1: PCI INT B -> GSI 17 (level, low) -> IRQ 17
[ 18.054576] HDA Intel 0000:01:00.1: setting latency timer to 64
[ 18.982821] input: HDA NVidia HDMI/DP,pcm=9 as /devices/pci0000:00/0000:00:01.0/0000:01:00.1/sound/card1/input12
[ 18.982893] input: HDA NVidia HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:01.0/0000:01:00.1/sound/card1/input13
[ 18.982930] input: HDA NVidia HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:01.0/0000:01:00.1/sound/card1/input14
[ 18.982971] input: HDA NVidia HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:01.0/0000:01:00.1/sound/card1/input15
После того как я это увидел вошел в окончательный ступор, потому что не могу понять, какое именно устройство и за что отвечает.
Это про тех часть. Ковырялся в программной. Установлен pulseaudio. Пытался всячески крутить его настройки в pavucontrol это ничего не дало. Настройка звука в параметрах системы ничего не дала.
В процессе логических размышлений и гугленья понял, что нужно создать файлик .asoundrc в ~. Только что туда писать не понятно, потому что я не могу понять как у меня вообще звук устроен на аппаратном уровне.