ipsec: openswan patched.
------------------------------------------
config:
peter@team-server:ppp$ cat l2tpd.conf
# comment
# Global section (by default, we start in global mode)
global
# Load handlers
load-handler "sync-pppd.so"
load-handler "cmd.so"
# Bind address
listen-port 1701
# Configure the sync-pppd handler. You MUST have a "section sync-pppd" line
# even if you don't set any options.
section sync-pppd
pppd-path /sbin/pppd
lns-pppd-opts "require-pap 10.0.0.1:10.0.0.2 lcp-echo-interval 30 lcp-echo-failure 6"
lac-pppd-opts "user exampe name example noipdefault ipcp-accept-local ipcp-accept-remote lcp-echo-interval 30 lcp-echo-failure 6"
# Peer section
section peer
peer 172.21.33.92 #-----(1)
#secret s3cr3t ---------(2)
port 1701
hide-avps no
section cmd
------------------------
(1). please modify remote client IP correctly.
(2). if uncomment it, an error message show as: stop_conntrol on L2TP tunnel phase.?
lns-handler sync-pppd 0.002 51449/0: Peer host name is 'test-55e98b2637'
0.003 l2tp_peer_find(172.21.33.92) examining peer 172.21.33.92/32
0.004 l2tp_peer_find(172.21.33.92) found 172.21.33.92/32
0.005 auth_gen_response(secret=s3cr3t) -> a49eacc864ed2f63d48973e8571f56d7
######################################
#cat options
#noipdefault
#defaultroute
#passive
debug
refuse-eap
lcp-echo-interval 30
lcp-echo-failure 4
require-pap
maxfail 3
#user "sw2_vpn_user" #---(1)
mtu 1400
mru 1400
auth #noauth #--(2)
noaccomp
nopcomp
noccp
-am
Mar 18 19:56:43 DIR865 user.notice The remote system is required to authenticate itself
Mar 18 19:56:43 DIR865 daemon.err pppd[2848]: The remote system is required to authenticate itself
Mar 18 19:56:43 DIR865 user.notice pppd
Mar 18 19:56:43 DIR865 user.notice :
Mar 18 19:56:43 DIR865 user.notice but I couldn't find any suitable secret (password) for it to use to do so.
Mar 18 19:56:43 DIR865 daemon.err pppd[2848]: but I couldn't find any suitable secret (password) for it to use to do so.
#cat options
#noipdefault
#defaultroute
#passive
debug
refuse-eap
lcp-echo-interval 30
lcp-echo-failure 4
require-pap
maxfail 3
#user "sw2_vpn_user" #---(1)
mtu 1400
mru 1400
auth #noauth #--(2)
noaccomp
nopcomp
noccp
-am
------------------------
(1). if uncomment options "user". it will shown blow message!
Mar 18 19:56:43 DIR865 user.notice The remote system is required to authenticate itself
Mar 18 19:56:43 DIR865 daemon.err pppd[2848]: The remote system is required to authenticate itself
Mar 18 19:56:43 DIR865 user.notice pppd
Mar 18 19:56:43 DIR865 user.notice :
Mar 18 19:56:43 DIR865 user.notice but I couldn't find any suitable secret (password) for it to use to do so.
Mar 18 19:56:43 DIR865 daemon.err pppd[2848]: but I couldn't find any suitable secret (password) for it to use to do so.
(2). noauth is used to "said: I am server. and did need not PAP nor CHAP authentication, so you guy are allowed just get by IPCP.
沒有留言:
張貼留言