[FSUG PD] VPN l2tp su ubuntu, se po' fa?? Un poco prolisso...

Lun 3 Ott 2011 21:38:17 CEST

Ciao,
purtroppo per connettermi a lavoro da casa in vpn
devo avere a che fare con un diabolico cluster Checkpoint
che, ovviamente, ha smesso da un po' di supportare il pinguino
tanto per vendere a caro prezzo il suo ssl extender.

Visto che ho dovuto configurare il suddetto CP per supportare l2tp
per i &@##0 di ipod ipad iphone e ivaff... ho pensato di
cercare di provare a connettermi direttamente da Ubuntu, mollando
la virtual machine windows su cui gira il client vpn.

Ovvio che non ci sono riuscito...

Dopo avere smadonnato per un po' con questa:
http://www.jacco2.dds.nl/networking/linux-l2tp.html
guida ho provato con "L2TP over IPsec VPN Manager"
(https://launchpad.net/l2tp-ipsec-vpn) per semplificare le cose, senza
riuscire.

Da quello che son riuscito a capire la negoziazione IPSEC funziona,
e lo vedo anche su checkpoint, ma la parte point to point
(gestita da xl2tpd) no.

Tanto per chiarirmi, se lancio a manina:

sudo /usr/sbin/xl2tpd -D

il demone "pare" attivo:

xl2tpd[17301]: setsockopt recvref[22]: Protocol not available
xl2tpd[17301]: This binary does not support kernel L2TP.
xl2tpd[17301]: xl2tpd version xl2tpd-1.2.6 started on ba PID:17301
xl2tpd[17301]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17301]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17301]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17301]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[17301]: Listening on IP address 192.168.1.109, port 1701

ma appena cerco di connettermi PLOF!!!

xl2tpd[17301]: network_thread: select returned error 4 (Interrupted system call)
xl2tpd[17301]: death_handler: Fatal signal 15 received

Il log completo dell'applicazione mi dice:

ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.38-11-generic...
Sep 1 10:41:24 ba ipsec__plutorun: Starting Pluto subsystem...
Sep 1 10:41:24 ba ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
recvref[22]: Protocol not available
xl2tpd[11486]: This binary does not support kernel L2TP.
Starting xl2tpd: xl2tpd.
xl2tpd[11489]: xl2tpd version xl2tpd-1.2.6 started on ba PID:11489
xl2tpd[11489]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[11489]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[11489]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[11489]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[11489]: Listening on IP address 0.0.0.0, port 1701
Sep 1 10:41:24 ba ipsec__plutorun: 002 added connection description "WORK"
003 NAT-Traversal: Trying new style NAT-T
003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family
IPv4 (errno=19)
003 NAT-Traversal: Trying old style NAT-T
104 "WORK" #1: STATE_MAIN_I1: initiate
003 "WORK" #1: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
106 "WORK" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "WORK" #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
108 "WORK" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "WORK" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
117 "WORK" #2: STATE_QUICK_I1: initiate
003 "WORK" #2: ignoring informational payload, type
IPSEC_RESPONDER_LIFETIME msgid=107fc743
004 "WORK" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
transport mode {ESP=>0x2123226d <0x4ab10bb1 xfrm=3DES_0-HMAC_SHA1
NATOA=none NATD=none DPD=none}
xl2tpd[11489]: Connecting to host xxx.xxx.xxx.xxx, port 1701
xl2tpd[11489]: Maximum retries exceeded for tunnel 8540. Closing.

Qualche anima pia ha mai provato a tirare su una vpn siffatta?
Offresi abbondante libagione a chi mi aiuta a uscirne.

Grazie

-- 
ciao,
Paolo,
http://faredisfare.wordpress.com/
http://space.virgilio.it/0ravem