08:26:25

#tail -f /var/log/auth.log

Apr  6 08:27:42 debian3 pluto[6038]: packet from 192.168.16.234:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234 #44: responding to Main Mode from unknown peer 192.168.16.234
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234 #44: Can't authenticate: no preshared key found for `192.168.16.3' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Apr  6 08:27:42 debian3 last message repeated 2 times
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234 #44: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234 #44: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234 #44: no acceptable Oakley Transform
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234 #44: sending notification NO_PROPOSAL_CHOSEN to 192.168.16.234:500
Apr  6 08:27:42 debian3 pluto[6038]: "L2TP-PSK-NAT"[44] 192.168.16.234: deleting connection "L2TP-PSK-NAT" instance with peer 192.168.16.234 {isakmp=#0/ipsec=#0}
Apr  6 08:27:46 debian3 pluto[6038]: packet from 192.168.16.234:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr  6 08:27:46 debian3 pluto[6038]: packet from 192.168.16.234:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr  6 08:27:46 debian3 pluto[6038]: packet from 192.168.16.234:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Apr  6 08:27:46 debian3 pluto[6038]: packet from 192.168.16.234:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234 #45: responding to Main Mode from unknown peer 192.168.16.234
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234 #45: Can't authenticate: no preshared key found for `192.168.16.3' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Apr  6 08:27:46 debian3 last message repeated 2 times
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234 #45: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234 #45: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234 #45: no acceptable Oakley Transform
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234 #45: sending notification NO_PROPOSAL_CHOSEN to 192.168.16.234:500
Apr  6 08:27:46 debian3 pluto[6038]: "L2TP-PSK-NAT"[45] 192.168.16.234: deleting connection "L2TP-PSK-NAT" instance with peer 192.168.16.234 {isakmp=#0/ipsec=#0}

08:27:51

#vim /etc/ipsec.d/examples/l2tp-psk.conf

--- /tmp/l3-saved-1291.25053.16372	2009-04-06 08:28:07.000000000 +0300
+++ /etc/ipsec.d/examples/l2tp-psk.conf	2009-04-06 08:29:04.000000000 +0300
@@ -25,7 +25,7 @@
 	# l2tp-over-ipsec is transport mode
 	type=transport
 	#
-	left=192.168.20.1
+	left=192.168.16.3
 	#
 	# For updated Windows 2000/XP clients,
 	# to support old clients as well, use leftprotoport=17/%any

08:29:04

#vim /etc/ipsec.conf

08:29:12

#/etc/init.d/ipsec restart

ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...

08:31:04

#vim /etc/ipsec.secrets

--- /tmp/l3-saved-1291.15323.12312	2009-04-06 08:31:12.000000000 +0300
+++ /etc/ipsec.secrets	2009-04-06 08:31:20.000000000 +0300
@@ -8,4 +8,4 @@
 # with "ipsec showhostkey".
 #
 
-* * : PSK "12345678"
+192.168.16.3 * : PSK "12345678"

08:31:20

#/etc/init.d/ipsec restart

ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...

08:31:24

#tail -f /var/log/auth.log

Apr  6 08:31:25 debian3 pluto[6915]: added connection description "L2TP-PSK-noNAT"
Apr  6 08:31:25 debian3 pluto[6915]: connection must specify host IP address for our side
Apr  6 08:31:25 debian3 pluto[6915]: attempt to load incomplete connection
Apr  6 08:31:25 debian3 pluto[6915]: listening for IKE messages
Apr  6 08:31:25 debian3 pluto[6915]: adding interface eth0/eth0 192.168.16.3:500
Apr  6 08:31:25 debian3 pluto[6915]: adding interface eth0/eth0 192.168.16.3:4500
Apr  6 08:31:25 debian3 pluto[6915]: adding interface lo/lo 127.0.0.1:500
Apr  6 08:31:25 debian3 pluto[6915]: adding interface lo/lo 127.0.0.1:4500
Apr  6 08:31:25 debian3 pluto[6915]: adding interface lo/lo ::1:500
Apr  6 08:31:25 debian3 pluto[6915]: loading secrets from "/etc/ipsec.secrets"
...
Apr  6 08:31:33 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 08:31:37 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 08:31:37 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 08:31:37 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 08:31:45 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 08:31:45 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 08:31:45 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 08:32:01 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 08:32:01 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 08:32:01 debian3 pluto[6915]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500

08:32:26

#vim /etc/ipsec.secrets

08:32:30

#vim /etc/ipsec.

08:32:37

#vim .vimrc

--- /tmp/l3-saved-1291.1315.29697	2009-04-06 08:32:39.000000000 +0300
+++ .vimrc	2009-04-06 08:32:44.000000000 +0300
@@ -1,5 +1,4 @@
 set number
 syntax on
 colorscheme evening
-set list

08:32:50

#vim /etc/ipsec.d/examples/l2tp-psk

08:33:01

#vim /etc/ipsec.d/examples/l2tp-psk

08:33:01

#vim /etc/ipsec.d/examples/l2tp-psk-orgWIN2KXP.conf

08:33:23

#vim /etc/ipsec.d/examples/l2tp-psk

08:33:23

#vim /etc/ipsec.d/examples/l2tp-psk.conf

--- /tmp/l3-saved-1291.22005.315	2009-04-06 08:33:28.000000000 +0300
+++ /etc/ipsec.d/examples/l2tp-psk.conf	2009-04-06 08:33:52.000000000 +0300
@@ -46,11 +46,11 @@
 # The l2tpd use a leftprotoport, so they are more specific and will be used
 # first. Then, packets for the host on different ports and protocols (eg ssh)
 # will match this passthrough conn.
-conn passthrough-for-non-l2tp
-        type=passthrough
-        left=YourServerIP
-        leftnexthop=YourGwIP
-        right=0.0.0.0
-        rightsubnet=0.0.0.0/0
-        auto=route
+#conn passthrough-for-non-l2tp
+#        type=passthrough
+#        left=YourServerIP
+#        leftnexthop=YourGwIP
+#        right=0.0.0.0
+#        rightsubnet=0.0.0.0/0
+#        auto=route

08:33:58

#tail -f /var/log/auth.log

[root@debian3:~]# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...
Apr  6 08:33:59 debian3 pluto[7383]:   Warning: empty directory
Apr  6 08:33:59 debian3 pluto[7383]: added connection description "L2TP-PSK-NAT"
Apr  6 08:33:59 debian3 pluto[7383]: added connection description "L2TP-PSK-noNAT"
Apr  6 08:33:59 debian3 pluto[7383]: listening for IKE messages
Apr  6 08:33:59 debian3 pluto[7383]: adding interface eth0/eth0 192.168.16.3:500
Apr  6 08:33:59 debian3 pluto[7383]: adding interface eth0/eth0 192.168.16.3:4500
Apr  6 08:33:59 debian3 pluto[7383]: adding interface lo/lo 127.0.0.1:500
...
Apr  6 08:34:09 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 08:34:11 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 08:34:11 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 08:34:11 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 08:34:15 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 08:34:15 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 08:34:15 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 08:34:23 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 08:34:23 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 08:34:23 debian3 pluto[7383]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500

08:39:49

#vim /etc/ipsec

08:39:49

#vim /etc/ipsec.conf

--- /tmp/l3-saved-1291.7564.10796	2009-04-06 08:40:08.000000000 +0300
+++ /etc/ipsec.conf	2009-04-06 08:40:31.000000000 +0300
@@ -14,7 +14,7 @@
 	# plutodebug / klipsdebug = "all", "none" or a combation from below:
 	# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
 	# eg:
-	# plutodebug="control parsing"
+	plutodebug="control parsing"
 	#
 	# enable to get logs per-peer
 	# plutoopts="--perpeerlog"

08:40:31

#/etc/init.d/ipsec restart

ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...

08:41:31

#less /var/log/auth.log

08:43:36

#ls

1234  certnew.cer  priv_key_vpn_server.pvk  server0.p12

08:44:00

#apt-get install pppd x2ltpd

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
E: Не могу найти пакет pppd

08:44:22

#apt-get install ppp

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
E: Не могу найти пакет x2ltpd

08:44:26

#apt-get install ppp x2ltp

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
E: Не могу найти пакет x2ltp

08:44:31

#apt-get install ppp xl2tpd

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
НОВЫЕ пакеты, которые будут установлены:
ppp xl2tpd
обновлено 0, установлено 2 новых пакетов, для удаления отмечено 0 пакетов, и 308 пакетов не обновлено.
Необходимо скачать 401kБ архивов.
После распаковки объем занятого дискового пространства возрастёт на 1221kB.
Получено:1 http://10.0.35.1 unstable/main ppp 2.4.4rel-10.1 [337kB]
Получено:2 http://10.0.35.1 unstable/main xl2tpd 1.2.4+dfsg-1 [63,7kB]
Получено 401kB за 0s (531kB/c)
Выбор ранее не выбранного пакета ppp.
(Чтение базы данных... на данный момент установлено 24410 файлов и каталогов.)
Распаковывается пакет ppp (из файла .../ppp_2.4.4rel-10.1_i386.deb)...
Removing any system startup links for /etc/init.d/ppp ...
Выбор ранее не выбранного пакета xl2tpd.
Распаковывается пакет xl2tpd (из файла .../xl2tpd_1.2.4+dfsg-1_i386.deb)...
Настраивается пакет ppp (2.4.4rel-10.1) ...
udev active, devices will be created in /dev/.static/dev/
Настраивается пакет xl2tpd (1.2.4+dfsg-1) ...
Starting xl2tpd: xl2tpd.

08:44:59

#vim /etc/xl2tpd/

08:44:59

#vim /etc/xl2tpd/xl2tpd.conf

08:45:11

#cp /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf-distr

08:45:17

#vim /etc/xl2tpd/xl2tpd.conf

08:45:47

#vim /tmp/xl2tpd.conf

08:53:28

#vim /etc/xl2tpd/xl2tpd.conf

--- /tmp/l3-saved-1291.7140.29443	2009-04-06 08:53:32.000000000 +0300
+++ /etc/xl2tpd/xl2tpd.conf	2009-04-06 08:55:26.000000000 +0300
@@ -1,3 +1,4 @@
+
 ;
 ; Sample l2tpd configuration file
 ;
@@ -8,9 +9,9 @@
 ;
 ; You most definitely don't have to spell out everything as it is done here
 ;
-; [global]								; Global parameters:
+[global]								; Global parameters:
 ; port = 1701						 	; * Bind to port 1701
-; auth file = /etc/l2tpd/l2tp-secrets 	; * Where our challenge secrets are
+; auth file = /etc/xl2tpd/l2tp-secrets
 ; access control = yes					; * Refuse connections without IP match
 ; rand source = dev                     ; Source for entropy for random
 ;                                       ; numbers, options are:
@@ -19,29 +20,40 @@
 ;                                       ; egd - reads from egd socket
 ;                                       ; egd is not yet implemented
 ;
-; [lns default]							; Our fallthrough LNS definition
-; exclusive = no						; * Only permit one tunnel per host
+[lns default]							; Our fallthrough LNS definition
+ip range = 192.168.20.200-192.168.20.220
+local ip = 192.168.20.199
+require chap = yes
+refuse pap = yes
+require authentication = yes
+name = Debian VPN-test Server
+ppp debug = yes
+pppoptfile = /etc/ppp/options.l2tpd.lns
+length bit = yes
+
+
+exclusive = no						; * Only permit one tunnel per host
 ; ip range = 192.168.0.1-192.168.0.20	; * Allocate from this IP range
 ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
 ; ip range = 192.168.0.5				; * But this one is okay
 ; ip range = lac1-lac2					; * And anything from lac1 to lac2's IP
 ; lac = 192.168.1.4 - 192.168.1.8		; * These can connect as LAC's
 ; no lac = untrusted.marko.net			; * This guy can't connect
-; hidden bit = no						; * Use hidden AVP's?
+hidden bit = yes						; * Use hidden AVP's?
 ; local ip = 192.168.1.2				; * Our local IP to use
-; length bit = yes						; * Use length bit in payload?
+length bit = yes						; * Use length bit in payload?
 ; require chap = yes					; * Require CHAP auth. by peer
 ; refuse pap = yes						; * Refuse PAP authentication
 ; refuse chap = no						; * Refuse CHAP authentication
 ; refuse authentication = no			; * Refuse authentication altogether
-; require authentication = yes			; * Require peer to authenticate
+; require authentication = no			; * Require peer to authenticate
 ; unix authentication = no				; * Use /etc/passwd for auth.
 ; name = myhostname						; * Report this as our hostname
 ; ppp debug = no						; * Turn on PPP debugging
 ; pppoptfile = /etc/ppp/options.l2tpd.lns	; * ppp options file
 ; call rws = 10							; * RWS for call (-1 is valid)
 ; tunnel rws = 4						; * RWS for tunnel (must be > 0)
-; flow bit = yes						; * Include sequence numbers
+flow bit = yes						; * Include sequence numbers
 ; challenge = yes						; * Challenge authenticate peer ; 
 ;
 ; [lac marko]							; Example VPN LAC definition

08:55:26

#cp /tmp/options.l2tpd.lns /etc/ppp/

08:56:15

#vim /etc/ppp/options

08:56:45

#/etc/init.d/xl2tpd restart

  5 lcp-echo-failure 8
  6 require-mppe-128
  7 logfile /var/log/pppd
  8 nodeflate
  9 nobsdcomp
 10 nopcomp
 11 noaccomp
 12 noproxyarp
 13 defaultroute
 14 lock
...
~
~
~
~
~
~
~
~
"/etc/ppp/options.l2tpd.lns" 18L, 230C записано                                                                     сь
Restarting xl2tpd: xl2tpd.

08:57:16

#/etc/init.d/ipsec restart

[root@debian3:~]# less /var/log/daemon.log
...skipping...
Apr  6 08:31:22 debian3 ipsec_setup: Stopping Openswan IPsec....26.21 offset 2.190440 sec
Apr  6 08:31:23 debian3 ipsec_setup: ...Openswan IPsec stopped
Apr  6 08:31:23 debian3 ipsec_setup: Using NETKEY(XFRM) stack0.124.5 offset 0.209064 sec
Apr  6 08:31:23 debian3 ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...
Apr  6 08:31:24 debian3 ipsec_setup: ...Openswan IPsec started1>\202<D1>\201<D1>\217 запи<D1>\201а<D1>\202<D1>\214 в /var/lib/gdm
Apr  6 08:31:24 debian3 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr  6 08:31:25 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Apr  6 08:31:25 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
...
Apr  6 08:57:07 debian3 xl2tpd[8184]: setsockopt recvref[22]: Protocol not available ipv4/tunnel4.ko
Apr  6 08:57:07 debian3 xl2tpd[8184]: This binary does not support kernel L2TP. /net/ipv4/xfrm4_tunnel.ko
Apr  6 08:57:07 debian3 xl2tpd[8185]: xl2tpd version xl2tpd-1.2.4 started on debian3 PID:8185 _user.ko
Apr  6 08:57:07 debian3 xl2tpd[8185]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr  6 08:57:07 debian3 xl2tpd[8185]: Forked by Scott Balmos and David Stipp, (C) 2001 /des.ko
Apr  6 08:57:07 debian3 xl2tpd[8185]: Inherited by Jeff McAdams, (C) 2002 kernel/crypto/aes.ko
Apr  6 08:57:07 debian3 xl2tpd[8185]: Forked again by Xelerance (www.xelerance.com) (C) 2006 r is not within a section -- `re
Apr  6 08:57:07 debian3 xl2tpd[8185]: Listening on IP address 0.0.0.0, port 1701
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...

08:57:25

#less /var/log/daemon.log

08:57:32

#less /var/log/auth.log

08:58:15

#wget -c ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz

--08:58:33--  ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz
           => `ppp-2.4.4.tar.gz'
Распознаётся ftp.samba.org... 216.251.47.16
Устанавливается соединение с ftp.samba.org|216.251.47.16|:21... соединение установлено.
Выполняется вход под именем anonymous ... Выполнен вход в систему!
==> SYST ... готово.  ==> PWD ... готово.
==> TYPE I ... готово.   ==> CWD /pub/ppp ... готово.
==> PASV ... готово.  ==> RETR ppp-2.4.4.tar.gz ... готово.
Длина: 688.763 (673K) (не достоверно)
100%[=================================================================================>] 688.763      393.52K/s
08:58:39 (392.34 KB/s) - `ppp-2.4.4.tar.gz' сохранён [688763]

08:58:39

#tar xvzf ppp-2.4.4.tar.gz

ppp-2.4.4/pppd/plugins/rp-pppoe/Makefile.linux
ppp-2.4.4/pppd/plugins/rp-pppoe/common.c
ppp-2.4.4/pppd/plugins/rp-pppoe/config.h
ppp-2.4.4/pppd/plugins/rp-pppoe/debug.c
ppp-2.4.4/pppd/plugins/rp-pppoe/discovery.c
ppp-2.4.4/pppd/plugins/rp-pppoe/pppoe-discovery.c
ppp-2.4.4/pppd/plugins/rp-pppoe/pppoe.h
ppp-2.4.4/pppd/plugins/Makefile.linux
ppp-2.4.4/pppd/plugins/passprompt.c
ppp-2.4.4/pppd/plugins/Makefile.sol2
...
ppp-2.4.4/README.MPPE
ppp-2.4.4/README.MSCHAP81
ppp-2.4.4/README.cbcp
ppp-2.4.4/README.eap-srp
ppp-2.4.4/README.linux
ppp-2.4.4/README.pppoe
ppp-2.4.4/README.pwfd
ppp-2.4.4/README.sol2
ppp-2.4.4/SETUP
ppp-2.4.4/configure

08:58:41

#cd ppp-2.4.4/

08:59:46

#rm url\?sa\=t

[root@debian3:~]# 74.125.39.106, 74.125.39.147, 74.125.39.99, ...
Устанавливается соединение с www.google.com.ua|74.125.39.106|:80... соединение установлено.
Запрос HTTP послан, ожидается ответ... 200 OK
Длина: нет информации [text/html]
    [ <=>                                                                              ] 1.292         --.--K/s
08:59:43 (123.21 MB/s) - `url?sa=t' сохранён [1292]
[1]+  Done                    wget -c http://www.google.com.ua/url?sa=t

08:59:52

#ls

1234  certnew.cer  ppp-2.4.4  ppp-2.4.4.tar.gz  priv_key_vpn_server.pvk  server0.p12

08:59:53

#wget -c http://www.nikhef.nl/~janjust/ppp/ppp-2.4.4-eaptls-mppe-0.94.patch

--09:00:08--  http://www.nikhef.nl/~janjust/ppp/ppp-2.4.4-eaptls-mppe-0.94.patch
           => `ppp-2.4.4-eaptls-mppe-0.94.patch'
Распознаётся www.nikhef.nl... 192.16.199.166
Устанавливается соединение с www.nikhef.nl|192.16.199.166|:80... соединение установлено.
Запрос HTTP послан, ожидается ответ... 200 OK
Длина: 76.214 (74K) [text/plain]
100%[=================================================================================>] 76.214       310.49K/s
09:00:09 (309.56 KB/s) - `ppp-2.4.4-eaptls-mppe-0.94.patch' сохранён [76214/76214]

09:00:09

#cd -

/root/ppp-2.4.4

09:00:11

#patch -p1 < ../ppp-2.4.4-eaptls-mppe-0.94.patch

patching file README.eap-tls
patching file etc.ppp/eaptls-client
patching file etc.ppp/eaptls-server
patching file linux/Makefile.top
patching file pppd/Makefile.linux
patching file pppd/auth.c
patching file pppd/ccp.c
patching file pppd/chap-md5.c
patching file pppd/eap-tls.c
patching file pppd/eap-tls.h
patching file pppd/eap.c
patching file pppd/eap.h
patching file pppd/main.c
patching file pppd/md5.c
patching file pppd/md5.h
patching file pppd/options.c
patching file pppd/pathnames.h
patching file pppd/pppd.h

09:00:22

#./configure

Configuring for Linux
Creating Makefiles.
  Makefile <= linux/Makefile.top
  pppd/Makefile <= pppd/Makefile.linux
  pppstats/Makefile <= pppstats/Makefile.linux
  chat/Makefile <= chat/Makefile.linux
  pppdump/Makefile <= pppdump/Makefile.linux
  pppd/plugins/Makefile <= pppd/plugins/Makefile.linux
  pppd/plugins/rp-pppoe/Makefile <= pppd/plugins/rp-pppoe/Makefile.linux
  pppd/plugins/radius/Makefile <= pppd/plugins/radius/Makefile.linux
  pppd/plugins/pppoatm/Makefile <= pppd/plugins/pppoatm/Makefile.linux

09:00:26

#./configure

Configuring for Linux
Creating Makefiles.
  Makefile <= linux/Makefile.top
  pppd/Makefile <= pppd/Makefile.linux
  pppstats/Makefile <= pppstats/Makefile.linux
  chat/Makefile <= chat/Makefile.linux
  pppdump/Makefile <= pppdump/Makefile.linux
  pppd/plugins/Makefile <= pppd/plugins/Makefile.linux
  pppd/plugins/rp-pppoe/Makefile <= pppd/plugins/rp-pppoe/Makefile.linux
  pppd/plugins/radius/Makefile <= pppd/plugins/radius/Makefile.linux
  pppd/plugins/pppoatm/Makefile <= pppd/plugins/pppoatm/Makefile.linux

09:00:29

#./configure

Configuring for Linux
Creating Makefiles.
  Makefile <= linux/Makefile.top
  pppd/Makefile <= pppd/Makefile.linux
  pppstats/Makefile <= pppstats/Makefile.linux
  chat/Makefile <= chat/Makefile.linux
  pppdump/Makefile <= pppdump/Makefile.linux
  pppd/plugins/Makefile <= pppd/plugins/Makefile.linux
  pppd/plugins/rp-pppoe/Makefile <= pppd/plugins/rp-pppoe/Makefile.linux
  pppd/plugins/radius/Makefile <= pppd/plugins/radius/Makefile.linux
  pppd/plugins/pppoatm/Makefile <= pppd/plugins/pppoatm/Makefile.linux

09:00:30

#make

chat.c:248: error: expected declaration specifiers before ‘size_t’
chat.c:249: error: number of arguments doesn’t match prototype
chat.c:212: error: prototype declaration
chat.c:250: warning: incompatible implicit declaration of built-in function ‘malloc’
chat.c:254: warning: incompatible implicit declaration of built-in function ‘memcpy’
chat.c: In function ‘copy_of’:
chat.c:261: warning: incompatible implicit declaration of built-in function ‘strlen’
chat.c:261: error: too many arguments to function ‘dup_mem’
chat.c: In function ‘grow’:
chat.c:268: error: expected declaration specifiers before ‘size_t’
...
chat.c: In function ‘vfmtmsg’:
chat.c:1620: warning: incompatible implicit declaration of built-in function ‘memcpy’
chat.c:1691: error: ‘errno’ undeclared (first use in this function)
chat.c:1691: warning: assignment makes pointer from integer without a cast
chat.c:1700: warning: incompatible implicit declaration of built-in function ‘strlen’
chat.c:1766: warning: incompatible implicit declaration of built-in function ‘strlen’
chat.c:1781: warning: incompatible implicit declaration of built-in function ‘memcpy’
make[1]: *** [chat.o] Ошибка 1
make[1]: Leaving directory `/root/ppp-2.4.4/chat'
make: *** [all] Ошибка 2

09:00:33

#apt-get install libcurl4-openssl-dev

Ð§ÑÐµÐ½Ð¸Ðµ ÑÐ¿Ð¸ÑÐºÐ¾Ð² Ð¿Ð°ÐºÐµÑÐ¾Ð²... ÐÐ¾ÑÐ¾Ð²Ð¾
ÐÐ¾ÑÑÑÐ¾ÐµÐ½Ð¸Ðµ Ð´ÐµÑÐµÐ²Ð° Ð·Ð°Ð²Ð¸ÑÐ¸Ð¼Ð¾ÑÑÐµÐ¹... ÐÐ¾ÑÐ¾Ð²Ð¾
ÐÑÐ´ÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½Ñ ÑÐ»ÐµÐ´ÑÑÑÐ¸Ðµ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸ÑÐµÐ»ÑÐ½ÑÐµ Ð¿Ð°ÐºÐµÑÑ:
  binutils comerr-dev libc6-dev libcomerr2 libglib2.0-0 libgssrpc4 libidn11 libidn11-dev libkadm5srv5 libkdb5-4 libkrb5-dev
  libldap2-dev libpcre3 libselinux1 libssh2-1-dev libssl-dev linux-libc-dev pkg-config zlib1g zlib1g-dev
ÐÑÐµÐ´Ð»Ð°Ð³Ð°ÐµÐ¼ÑÐµ Ð¿Ð°ÐºÐµÑÑ:
  binutils-doc doc-base glibc-doc manpages-dev libcurl3-dbg krb5-doc krb5-user
Ð ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑÐµÐ¼ÑÐµ Ð¿Ð°ÐºÐµÑÑ:
  libglib2.0-data shared-mime-info
ÐÐ°ÐºÐµÑÑ, ÐºÐ¾ÑÐ¾ÑÑÐµ Ð±ÑÐ´ÑÑ Ð£ÐÐÐinux-kernel-headers
...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ zlib1g-dev (1.2.3.3.dfsg-13) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libssl-dev (0.9.8g-16) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libglib2.0-0 (2.20.0-2) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ pkg-config (0.22-1) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libidn11-dev (1.12-1) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ comerr-dev (2.1-1.41.3-1) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libkrb5-dev (1.6.dfsg.4~beta1-12) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libssh2-1-dev (1.1-1) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libldap2-dev (2.4.15-1) ...
ÐÐ°ÑÑÑÐ°Ð¸Ð²Ð°ÐµÑÑÑ Ð¿Ð°ÐºÐµÑ libcurl4-openssl-dev (7.18.2-8.1) ...

09:01:37

#make install

cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o buildreq.o buildreq.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o config.o config.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o dict.o dict.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o ip_util.o ip_util.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o clientid.o clientid.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o sendserver.o sendserver.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o lock.o lock.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o util.o util.c
cc -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -DCHAPMS=1 -DMPPE=1 -DMAXOCTETS=1   -c -o md5.o md5.c
ar rv libradiusclient.a avpair.o buildreq.o config.o dict.o ip_util.o clientid.o sendserver.o lock.o util.o md5.o
...
make[1]: Entering directory `/root/ppp-2.4.4/pppdump'
mkdir -p /usr/local/sbin /usr/local/share/man/man8
install -s -c pppdump /usr/local/sbin
install -c -m 444 pppdump.8 /usr/local/share/man/man8
make[1]: Leaving directory `/root/ppp-2.4.4/pppdump'
cd pppd; make  install-devel
make[1]: Entering directory `/root/ppp-2.4.4/pppd'
mkdir -p /usr/local/include/pppd
install -c -m 644 ccp.h chap-new.h ecp.h fsm.h ipcp.h ipxcp.h lcp.h magic.h md5.h patchlevel.h pathnames.h pppd.h upap.h eap.h md4.h chap_ms.h sha1.h eap-tls.h pppcrypt.h tdb.h spinlock.h /usr/local/include/pppd
make[1]: Leaving directory `/root/ppp-2.4.4/pppd'

09:01:40

#make install -etcppp

make: invalid option -- 'c'
ÐÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ðµ: make [ÐÐÐ¦ÐÐ                      Ignored for compatibility.
  -B, --always-make           Unconditionally make all targets.
  -C DIRECTORY, --directory=DIRECTORY
                              Change to DIRECTORY before doing anything.
  -d                          Print lots of debugging information.
  --debug[=FLAGS]             Print various types of debugging information.
  -e, --environment-overrides
                              Environment variables override makefiles.
  -f FILE, --file=FILE, --makefile=FILE
...
.VARIABLES :=
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
SSH_CLIENT = 192.168.16.254 49471 22
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
MAIL = /var/mail/root
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
L3_PARENT_TTY = /dev/ttyp0
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
L3_HOME = /root/.lilalo/
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ

09:01:47

#mv /usr/sbin/pppd /usr/sbin/pppd-real

09:02:04

#mv /usr/lib/pppd /usr/lib/pppd-real

09:02:16

#ln -s /usr/local/sbin/pppd /usr/sbin/pppd

09:02:21

#ln -s /usr/lib/pppd /usr/local/lib/pppd

09:02:33

#vim /etc/ppp/eaptls-server

09:03:09

#make install -etcppp

make: invalid option -- 'c'
ÐÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ðµ: make [ÐÐÐ¦ÐÐ                      Ignored for compatibility.
  -B, --always-make           Unconditionally make all targets.
  -C DIRECTORY, --directory=DIRECTORY
                              Change to DIRECTORY before doing anything.
  -d                          Print lots of debugging information.
  --debug[=FLAGS]             Print various types of debugging information.
  -e, --environment-overrides
                              Environment variables override makefiles.
  -f FILE, --file=FILE, --makefile=FILE
...
.VARIABLES :=
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
SSH_CLIENT = 192.168.16.254 49471 22
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
MAIL = /var/mail/root
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
L3_PARENT_TTY = /dev/ttyp0
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ
L3_HOME = /root/.lilalo/
# Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð° Ð² ÑÑÐµÐ´Ðµ

09:03:12

#vim /etc/ppp/eaptls-server

--- /dev/null	2009-04-06 06:40:34.411619877 +0300
+++ /etc/ppp/eaptls-server	2009-04-06 09:04:59.000000000 +0300
@@ -0,0 +1 @@
+* * -  /root/certnew.cer /root/server0.p12 /root/priv_key_vpn_server.pvk *

09:05:53

#vim /etc/ppp/options.l2tpd.lns

09:06:04

#/etc/init.d/xl2tpd restart

Restarting xl2tpd: xl2tpd.

09:06:28

#vim /etc/default/

09:06:28

#vim /etc/default/xl2tpd

09:06:46

#tail -f /var/log/daemon.log

Apr  6 09:01:04 debian3 init: Trying to re-exec init
Apr  6 09:06:10 debian3 xl2tpd[8185]: death_handler: Fatal signal 15 received
Apr  6 09:06:11 debian3 xl2tpd[9477]: setsockopt recvref[22]: Protocol not available
Apr  6 09:06:11 debian3 xl2tpd[9477]: This binary does not support kernel L2TP.
Apr  6 09:06:11 debian3 xl2tpd[9478]: xl2tpd version xl2tpd-1.2.4 started on debian3 PID:9478
Apr  6 09:06:11 debian3 xl2tpd[9478]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr  6 09:06:11 debian3 xl2tpd[9478]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr  6 09:06:11 debian3 xl2tpd[9478]: Inherited by Jeff McAdams, (C) 2002
Apr  6 09:06:11 debian3 xl2tpd[9478]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Apr  6 09:06:11 debian3 xl2tpd[9478]: Listening on IP address 0.0.0.0, port 1701

09:07:55

#/etc/init.d/ipsec restart

ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...

09:08:03

#tail -f /var/log/daemon.log

Apr  6 09:06:11 debian3 xl2tpd[9478]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Apr  6 09:06:11 debian3 xl2tpd[9478]: Listening on IP address 0.0.0.0, port 1701
Apr  6 09:08:01 debian3 ipsec_setup: Stopping Openswan IPsec...
Apr  6 09:08:02 debian3 ipsec_setup: ...Openswan IPsec stopped
Apr  6 09:08:02 debian3 ipsec_setup: Using NETKEY(XFRM) stack
Apr  6 09:08:02 debian3 ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...
Apr  6 09:08:03 debian3 ipsec_setup: ...Openswan IPsec started
Apr  6 09:08:03 debian3 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr  6 09:08:04 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Apr  6 09:08:04 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"

09:08:20

#tail -f /var/log/auth.log

Apr  6 09:08:21 debian3 pluto[9790]: | our client is 192.168.16.3
Apr  6 09:08:21 debian3 pluto[9790]: | our client protocol/port is 17/1701
Apr  6 09:08:21 debian3 pluto[9790]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: the peer proposed: 192.168.16.3/32:17/1701 -> 192.168.16.234/32:17/0
Apr  6 09:08:21 debian3 pluto[9790]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: cannot respond to IPsec SA request because no connection is known for 192.168.16.3<192.168.16.3>[+S=C]:17/1701...192.168.16.234[+S=C]:17/1701
Apr  6 09:08:21 debian3 pluto[9790]: | complete state transition with (null)
Apr  6 09:08:21 debian3 pluto[9790]: "L2TP-PSK-NAT"[1] 192.168.16.234 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.168.16.234:500
Apr  6 09:08:21 debian3 pluto[9790]: | sending 68 bytes for notification packet through eth0:500 to 192.168.16.234:500 (using #1)
Apr  6 09:08:21 debian3 pluto[9790]: | state transition function for STATE_QUICK_R0 failed: INVALID_ID_INFORMATION
Apr  6 09:08:21 debian3 pluto[9790]: | * processed 0 messages from cryptographic helpers
Apr  6 09:08:21 debian3 pluto[9790]: | next event EVENT_NAT_T_KEEPALIVE in 12 seconds

09:08:27

#tail -f /var/log/daemon.log

Apr  6 09:06:11 debian3 xl2tpd[9478]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Apr  6 09:06:11 debian3 xl2tpd[9478]: Listening on IP address 0.0.0.0, port 1701
Apr  6 09:08:01 debian3 ipsec_setup: Stopping Openswan IPsec...
Apr  6 09:08:02 debian3 ipsec_setup: ...Openswan IPsec stopped
Apr  6 09:08:02 debian3 ipsec_setup: Using NETKEY(XFRM) stack
Apr  6 09:08:02 debian3 ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...
Apr  6 09:08:03 debian3 ipsec_setup: ...Openswan IPsec started
Apr  6 09:08:03 debian3 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr  6 09:08:04 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Apr  6 09:08:04 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"

09:11:38

#less /var/log/auth.log

09:14:03

#less /var/log/messages

09:14:16

#less /var/log/

09:14:16

#less /var/log/messages

09:14:44

#ppp

[root@debian3:ppp-2.4.4]# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...
pppd/            pppd-real        pppdump/         pppoe-discovery  pppstats/

09:14:44

#ppp

pppd/            pppd-real        pppdump/         pppoe-discovery  pppstats/

09:14:44

#pppd

pppd       pppd-real  pppdump

09:14:44

#pppd

pppd: pppd is unable to open the /dev/ppp device.
You need to create the /dev/ppp device node by
executing the following command as root:
        mknod /dev/ppp c 108 0

09:15:00

#mknod /dev/ppp c 108 0

09:15:12

#pppd

EAP-TLS: Cannot load or verify CA file /root/server0.p12
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.

09:15:14

#tail -f /var/log/auth.log

Apr  6 09:15:45 debian3 pluto[10193]: | next event EVENT_RETRANSMIT in 4 seconds for #2
Apr  6 09:15:45 debian3 pluto[10193]: | next event EVENT_RETRANSMIT in 4 seconds for #2
Apr  6 09:15:46 debian3 pluto[10193]: |
Apr  6 09:15:46 debian3 pluto[10193]: | *received 1300 bytes from 192.168.16.234:500 on eth0 (port=500)
Apr  6 09:15:46 debian3 pluto[10193]: | **parse ISAKMP Message:
Apr  6 09:15:46 debian3 pluto[10193]: |    initiator cookie:
Apr  6 09:15:46 debian3 pluto[10193]: |   92 a8 74 76  a1 54 a5 4a
Apr  6 09:15:46 debian3 pluto[10193]: |    responder cookie:
Apr  6 09:15:46 debian3 pluto[10193]: |   46 6d fe 06  2f c2 20 e7
Apr  6 09:15:46 debian3 pluto[10193]: |    next payload type: ISAKMP_NEXT_HASH
...
Apr  6 09:15:49 debian3 pluto[10193]: |
Apr  6 09:15:49 debian3 pluto[10193]: | next event EVENT_RETRANSMIT in 0 seconds for #2
Apr  6 09:15:49 debian3 pluto[10193]: | *time to handle event
Apr  6 09:15:49 debian3 pluto[10193]: | handling event EVENT_RETRANSMIT
Apr  6 09:15:49 debian3 pluto[10193]: | event after this is EVENT_NAT_T_KEEPALIVE in 15 seconds
Apr  6 09:15:49 debian3 pluto[10193]: | processing connection L2TP-PSK-NAT[1] 192.168.16.234
Apr  6 09:15:49 debian3 pluto[10193]: | handling event EVENT_RETRANSMIT for <invalid> "L2TP-PSK-NAT" #2
Apr  6 09:15:49 debian3 pluto[10193]: | sending 140 bytes for EVENT_RETRANSMIT through eth0:500 to 192.168.16.234:500 (using #2)
Apr  6 09:15:49 debian3 pluto[10193]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #2
Apr  6 09:15:49 debian3 pluto[10193]: | next event EVENT_NAT_T_KEEPALIVE in 15 seconds

09:15:52

#less /var/log/

09:15:52

#less /var/log/daemon.log

09:17:10

#xl2tpd --help

[root@debian3:ppp-2.4.4]# tail -f /var/log/daemon.log
Apr  6 09:14:43 debian3 ipsec_setup: Using NETKEY(XFRM) stack
Apr  6 09:14:44 debian3 ipsec_setup: Starting Openswan IPsec U2.6.20/K2.6.18-5-xen-686...
Apr  6 09:14:44 debian3 ipsec_setup: ...Openswan IPsec started
Apr  6 09:14:45 debian3 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr  6 09:14:45 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"
Apr  6 09:14:45 debian3 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"
Apr  6 09:15:00 debian3 pppd[10243]: pppd is unable to open the /dev/ppp device. You need to create the /dev/ppp device node by executing the following command as root: ^Imknod /dev/ppp c 108 0
Apr  6 09:15:14 debian3 pppd[10259]: EAP-TLS: Cannot load or verify CA file /root/server0.p12
Apr  6 09:15:14 debian3 pppd[10259]: The remote system is required to authenticate itself
Apr  6 09:15:14 debian3 pppd[10259]: but I couldn't find any suitable secret (password) for it to use to do so.
xl2tpd version:  xl2tpd-1.2.4
Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]
             [-C <control file>] [-D]

09:17:20

#man xl2tpd

09:18:10

#vim /etc/ppp/options.l2tpd.lns

09:19:00

#vim /etc/ppp/eaptls-server

--- /tmp/l3-saved-1291.5380.25807	2009-04-06 09:19:12.000000000 +0300
+++ /etc/ppp/eaptls-server	2009-04-06 09:19:44.000000000 +0300
@@ -1 +1,2 @@
-* * -  /root/certnew.cer /root/server0.p12 /root/priv_key_vpn_server.pvk *
+* * - /tmp/cacert.pem  *
+

09:19:44

#vim /etc/ppp/options.l2tpd.lns

09:21:22

#pppd

~
~
~
~
~
~
~
~
~
~
...
~
~
~
~
~
~
"/etc/ppp/eaptls-server" 3L, 74C записано                                                                           сь
EAP-TLS: Cannot use private key /tmp/server_priv_key.pem
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.

09:21:24

#vim /etc/ppp/eaptls-server

09:21:54

#pppd

  9 nobsdcomp
 10 nopcomp
 11 noaccomp
 12 noproxyarp
 13 defaultroute
 14 lock
 15 auth
 16 password 7Clint77
 17 plugin radius.so
 18 plugin radattr.so
...
~
~
~
~
~
~
"/etc/ppp/options.l2tpd.lns" 18L, 230C записано                                                                     сь
EAP-TLS: Cannot use private key /tmp/server_priv_key.pem
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.

09:21:55

#ls -l /tmp

итого 24
-rw-r--r-- 1 root root 3375 2009-04-06 09:18 cacert.pem
-rw-r--r-- 1 root root  230 2009-04-06 08:56 options.l2tpd.lns
-rw-r--r-- 1 root root 2784 2009-04-06 09:20 server_cert.pem
-rw-r--r-- 1 root root  963 2009-04-06 09:20 server_priv_key.pem
-rw-r--r-- 1 root root 4133 2009-04-06 08:45 xl2tpd.conf

09:22:11

#vim /etc/ppp/options.l2tpd.lns

09:23:03

#pppd

EAP-TLS: Cannot use private key /tmp/server_priv_key.pem
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.

09:23:06

#pppd --help

pppd version 2.4.4
Usage: pppd [ options ], where options are:
        <device>        Communicate over the named device
        <speed>         Set the baud rate to <speed>
        <loc>:<rem>     Set the local and/or remote interface IP
                        addresses.  Either one may be omitted.
        asyncmap <n>    Set the desired async map to hex <n>
        auth            Require authentication from peer
        connect <p>     Invoke shell command <p> to set up the serial line
        crtscts         Use hardware RTS/CTS flow control
        defaultroute    Add default route through interface
        file <f>        Take options from file <f>
        modem           Use modem control lines
        mru <n>         Set MRU value to <n> for negotiation
See pppd(8) for more options.

09:23:09

#pppd --debug

pppd: unrecognized option '--debug'
pppd version 2.4.4
Usage: pppd [ options ], where options are:
        <device>        Communicate over the named device
        <speed>         Set the baud rate to <speed>
        <loc>:<rem>     Set the local and/or remote interface IP
                        addresses.  Either one may be omitted.
        asyncmap <n>    Set the desired async map to hex <n>
        auth            Require authentication from peer
        connect <p>     Invoke shell command <p> to set up the serial line
        crtscts         Use hardware RTS/CTS flow control
        defaultroute    Add default route through interface
        file <f>        Take options from file <f>
        modem           Use modem control lines
        mru <n>         Set MRU value to <n> for negotiation
See pppd(8) for more options.

09:24:38

#pppd

EAP-TLS: Cannot use private key /tmp/server_priv_key.pem
EAP-TLS SSL error stack:
error:0906A068:PEM routines:PEM_do_header:bad password read
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.

09:24:45

#file /tmp/server_priv_key.pem

/tmp/server_priv_key.pem: ASCII text

09:25:17

#/etc/init.d/xl2tpd restart

Restarting xl2tpd: xl2tpd.

09:25:26

#pppd debug

EAP-TLS: Cannot use private key /tmp/server_priv_key.pem
EAP-TLS SSL error stack:
error:0906A068:PEM routines:PEM_do_header:bad password read
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.

09:25:28

#vim /etc/ppp/options.l2tpd.lns

Статистика

Справка

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

Журнал лабораторных работ

Журнал

Понедельник (04/06/09)

Статистика

Справка

О программе