[V1talya]

Не соединяется циска по л2тп с линукс сервером.

( Винда с линксом по л2тп соединяется (при выкл ipsec в винде) )

Что делать ?

 

Linux:

--- syslog

Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps:  no handler for atribute 5 (Tie Breaker).
Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 56.
Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 57.
Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 110.
Aug 14 01:07:41 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 111.
Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps:  no handler for atribute 5 (Tie Breaker).
Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 56.
Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 57.
Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 110.
Aug 14 01:07:43 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 111.
Aug 14 01:07:43 gw-01 xl2tpd[2435]: control_finish: Peer requested tunnel 57158 twice, ignoring second one.
Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps:  no handler for atribute 5 (Tie Breaker).
Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 56.
Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 57.
Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 110.
Aug 14 01:07:44 gw-01 xl2tpd[2435]: handle_avps:  dont know how to handle atribute 111.
Aug 14 01:07:44 gw-01 xl2tpd[2435]: control_finish: Peer requested tunnel 57158 twice, ignoring second one.
Aug 14 01:07:48 gw-01 xl2tpd[2435]: Maximum retries exceeded for tunnel 20914.  Closing.
Aug 14 01:07:48 gw-01 xl2tpd[2435]: Connection 57158 closed to 10.222.31.3, port 1701 (Timeout)
Aug 14 01:07:48 gw-01 xl2tpd[2435]: check_control: Received out of order control packet on tunnel -1 (got 1, expected 0)
Aug 14 01:07:48 gw-01 xl2tpd[2435]: handle_packet: bad control packet!
Aug 14 01:07:53 gw-01 xl2tpd[2435]: Unable to deliver closing message for tunnel 20914. Destroying anyway.

 

--- xl2tpd.conf

[global]                                                                ; Global parameters:
port = 1701                                                     ; * Bind to port 1701
auth file = /etc/xl2tpd/l2tp-secrets    ; * Where our challenge secrets are
access control = no                                     ; * Refuse connections without IP match
rand source = dev                     ; Source for entropy for random

[lns default]                                                   ; Our fallthrough LNS definition
exclusive = no                                          ; * Only permit one tunnel per host
ip range = 10.255.253.200-10.255.253.250        ; * Allocate from this IP range
lac = 0.0.0.0           ; * These can connect as LAC's
; no lac = untrusted.marko.net                  ; * This guy can't connect
hidden bit = yes                                                ; * Use hidden AVP's?
local ip = 10.250.250.3                         ; * Our local IP to use
length bit = yes                                                ; * Use length bit in payload?
require chap = yes                                      ; * Require CHAP auth. by peer
refuse pap = yes                                                ; * Refuse PAP authentication
refuse chap = no                                                ; * Refuse CHAP authentication
refuse authentication = no                      ; * Refuse authentication altogether
require authentication = no                     ; * Require peer to authenticate
unix authentication = no                                ; * Use /etc/passwd for auth.
name = gw-01                                            ; * Report this as our hostname
ppp debug = no                                          ; * Turn on PPP debugging
pppoptfile = /etc/ppp/l2tpd-options     ; * ppp options file
call rws = 10                                                   ; * RWS for call (-1 is valid)
tunnel rws = 4                                          ; * RWS for tunnel (must be > 0)
flow bit = yes                      

 

--- l2tpd-options

noipv6
logfile /var/log/l2tpd.log
proxyarp
nodefaultroute
noipx
nobsdcomp
nodeflate
lock

 

--- chap-secrets

test            *       test            10.250.250.18

 

 

Cisco:

--- debug

000065: *Aug 14 01:23:17.575 Yakutsk: %LINK-3-UPDOWN: Interface Virtual-PPP10, c                                      hanged state to up
000066: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Using vpn set call direction
000067: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Treating connection as a callout
000068: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Session handle[40000002] Session                                       id[4]
000069: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Phase is ESTABLISHING, Active Op                                      en
000070: *Aug 14 01:23:17.579 Yakutsk: Vp10 PPP: Authorization required
000071: *Aug 14 01:23:17.579 Yakutsk: Vp10 LCP: O CONFREQ [Closed] id 5 len 15
000072: *Aug 14 01:23:17.579 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000073: *Aug 14 01:23:17.579 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x050                                      64C79C590)
000074: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP: Timeout: State REQsent
000075: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 6 len 15
000076: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000077: *Aug 14 01:23:19.579 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x050                                      64C79C590)
000078: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP: Timeout: State REQsent
000079: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 7 len 15
000080: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000081: *Aug 14 01:23:21.595 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x05064C79C590)
000082: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP: Timeout: State REQsent
000083: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 8 len 15
000084: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000085: *Aug 14 01:23:23.611 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x05064C79C590)
000086: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP: Timeout: State REQsent
000087: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 9 len 15
000088: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000089: *Aug 14 01:23:25.627 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x05064C79C590)
000090: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP: Timeout: State REQsent
000091: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 10 len 15
000092: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000093: *Aug 14 01:23:27.643 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x05064C79C590)
000094: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP: Timeout: State REQsent
000095: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP: O CONFREQ [REQsent] id 11 len 15
000096: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP:    AuthProto CHAP (0x0305C22305)
000097: *Aug 14 01:23:29.659 Yakutsk: Vp10 LCP:    MagicNumber 0x4C79C590 (0x05064C79C590)
000098: *Aug 14 01:23:31.675 Yakutsk: Vp10 LCP: Timeout: State REQsent

 

--- config

Building configuration...

Current configuration : 2846 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gw-kol
!
boot-start-marker
boot system flash c180x-adventerprisek9-mz.124-24.T1.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
!
no aaa new-model
!
!
dot11 syslog
no ip source-route
!
!
!
!
ip cef
no ip bootp server
ip domain name aigul.local
ip name-server 10.222.149.194
no ipv6 cef
l2tp-class class1

!
!
multilink bundle-name authenticated
!
!
!

! 
!
!
archive
log config
 hidekeys
!
!
ip tcp synwait-time 10
ip ssh version 2
pseudowire-class psclass1
encapsulation l2tpv2
protocol l2tpv2 class1
ip local interface FastEthernet0
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
encapsulation hdlc
shutdown
!
interface FastEthernet0
description $ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Virtual-PPP10
ip address negotiated
no cdp enable
ppp authentication chap
ppp chap hostname test
ppp chap password 7 010703174F
pseudowire 10.222.149.194 1 pw-class psclass1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.222.31.1
ip route 10.222.149.194 255.255.255.255 10.222.31.1
ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
no cdp run

!
!
!
!
!
!
control-plane
!
!
line con 0
transport output none
line aux 0
transport output none
line vty 0 4
exec-timeout 0 0
privilege level 15
login local
transport input telnet ssh
!
scheduler interval 500
end

Изменено 15 августа, 2010 пользователем V1talya

[V1talya]

тема закрыта.

все заработало.