V1talya Posted August 14, 2010 Posted August 14, 2010 (edited) Не соединяется циска по л2тп с линукс сервером. ( Винда с линксом по л2тп соединяется (при выкл ipsec в винде) ) Что делать ? Linux: --- syslog Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps: no handler for atribute 5 (Tie Breaker). Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 56. Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 57. Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 110. Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 111. Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps: no handler for atribute 5 (Tie Breaker). Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 56. Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 57. Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 110. Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 111. Aug 14 01:07:43 gw-01 xl2tpd[2435]: control_finish: Peer requested tunnel 57158 twice, ignoring second one. Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps: no handler for atribute 5 (Tie Breaker). Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 56. Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 57. Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 110. Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps: dont know how to handle atribute 111. Aug 14 01:07:44 gw-01 xl2tpd[2435]: control_finish: Peer requested tunnel 57158 twice, ignoring second one. Aug 14 01:07:48 gw-01 xl2tpd[2435]: Maximum retries exceeded for tunnel 20914. Closing. Aug 14 01:07:48 gw-01 xl2tpd[2435]: Connection 57158 closed to 10.222.31.3, port 1701 (Timeout) Aug 14 01:07:48 gw-01 xl2tpd[2435]: check_control: Received out of order control packet on tunnel -1 (got 1, expected 0) Aug 14 01:07:48 gw-01 xl2tpd[2435]: handle_packet: bad control packet! Aug 14 01:07:53 gw-01 xl2tpd[2435]: Unable to deliver closing message for tunnel 20914. Destroying anyway. --- xl2tpd.conf [global] ; Global parameters: port = 1701 ; * Bind to port 1701 auth file = /etc/xl2tpd/l2tp-secrets ; * Where our challenge secrets are access control = no ; * Refuse connections without IP match rand source = dev ; Source for entropy for random [lns default] ; Our fallthrough LNS definition exclusive = no ; * Only permit one tunnel per host ip range = 10.255.253.200-10.255.253.250 ; * Allocate from this IP range lac = 0.0.0.0 ; * These can connect as LAC's ; no lac = untrusted.marko.net ; * This guy can't connect hidden bit = yes ; * Use hidden AVP's? local ip = 10.250.250.3 ; * Our local IP to use length bit = yes ; * Use length bit in payload? require chap = yes ; * Require CHAP auth. by peer refuse pap = yes ; * Refuse PAP authentication refuse chap = no ; * Refuse CHAP authentication refuse authentication = no ; * Refuse authentication altogether require authentication = no ; * Require peer to authenticate unix authentication = no ; * Use /etc/passwd for auth. name = gw-01 ; * Report this as our hostname ppp debug = no ; * Turn on PPP debugging pppoptfile = /etc/ppp/l2tpd-options ; * ppp options file call rws = 10 ; * RWS for call (-1 is valid) tunnel rws = 4 ; * RWS for tunnel (must be > 0) flow bit = yes --- l2tpd-options noipv6 logfile /var/log/l2tpd.log proxyarp nodefaultroute noipx nobsdcomp nodeflate lock --- chap-secrets test * test 10.250.250.18 Cisco: --- debug 000065: *Aug 14 01:23:17.575 Yakutsk: %LINK-3-UPDOWN: Interface Virtual-PPP10, c hanged state to up 000066: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Using vpn set call direction 000067: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Treating connection as a callout 000068: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Session handle[40000002] Session id[4] 000069: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Phase is ESTABLISHING, Active Op en 000070: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Authorization required 000071: *Aug 14 01:23:17.579 Yakutsk: Vp10 LCP: O CONFREQ [Closed] id 5 len 15 000072: *Aug 14 01:23:17.579 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000073: *Aug 14 01:23:17.579 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x050 64C79C590) 000074: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP: Timeout: State REQsent 000075: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 6 len 15 000076: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000077: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x050 64C79C590) 000078: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP: Timeout: State REQsent 000079: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 7 len 15 000080: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000081: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x05064C79C590) 000082: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP: Timeout: State REQsent 000083: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 8 len 15 000084: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000085: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x05064C79C590) 000086: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP: Timeout: State REQsent 000087: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 9 len 15 000088: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000089: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x05064C79C590) 000090: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP: Timeout: State REQsent 000091: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 10 len 15 000092: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000093: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x05064C79C590) 000094: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP: Timeout: State REQsent 000095: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 11 len 15 000096: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP: AuthProto CHAP (0x0305C22305) 000097: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP: MagicNumber 0x4C79C590 (0x05064C79C590) 000098: *Aug 14 01:23:31.675 Yakutsk: Vp10 LCP: Timeout: State REQsent --- config Building configuration... Current configuration : 2846 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname gw-kol ! boot-start-marker boot system flash c180x-adventerprisek9-mz.124-24.T1.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging message-counter syslog logging buffered 51200 logging console critical ! no aaa new-model ! ! dot11 syslog no ip source-route ! ! ! ! ip cef no ip bootp server ip domain name aigul.local ip name-server 10.222.149.194 no ipv6 cef l2tp-class class1 ! ! multilink bundle-name authenticated ! ! ! ! ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh version 2 pseudowire-class psclass1 encapsulation l2tpv2 protocol l2tpv2 class1 ip local interface FastEthernet0 ! ! ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown no atm ilmi-keepalive ! interface BRI0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress encapsulation hdlc shutdown ! interface FastEthernet0 description $ES_WAN$$ETH-WAN$ ip address dhcp client-id FastEthernet0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface Virtual-PPP10 ip address negotiated no cdp enable ppp authentication chap ppp chap hostname test ppp chap password 7 010703174F pseudowire 10.222.149.194 1 pw-class psclass1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$ ip address 10.10.10.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.222.31.1 ip route 10.222.149.194 255.255.255.255 10.222.31.1 ip http server no ip http secure-server ! ! ip nat inside source list 1 interface FastEthernet0 overload ! logging trap debugging access-list 1 remark CCP_ACL Category=2 access-list 1 permit 10.10.10.0 0.0.0.255 no cdp run ! ! ! ! ! ! control-plane ! ! line con 0 transport output none line aux 0 transport output none line vty 0 4 exec-timeout 0 0 privilege level 15 login local transport input telnet ssh ! scheduler interval 500 end Edited August 15, 2010 by V1talya Вставить ник Quote
V1talya Posted August 15, 2010 Author Posted August 15, 2010 тема закрыта. все заработало. Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.