VPN L2TP/IPsec linux server pro Mikrotik klienty

tuxmartin

Zdravim,

potrebuji rozchodit na Ubuntu 18.04 L2TP/IPsec server a pripojovat se na nej z Mikrotik (hAp lite) klientu.

Jde mi o UDP VPN pro VoIP, proto nemuzu pouzit OpenVPN, kterou jinak mam vsude. Jako rozumna volba se mi proto zda prave L2TP/IPsec.

Na linuxu mam strongSwan a xl2tpd.

Stale vsak vidim jen tuto chybu:

Oct 31 15:27:41 vpn charon: 03[NET] waiting for data on sockets

Oct 31 15:27:41 vpn charon: 14[NET] received packet: from 77.78.90.200[500] to 88.86.113.219[500] (364 bytes)

Oct 31 15:27:41 vpn charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]

Oct 31 15:27:41 vpn charon: 14[IKE] remote host is behind NAT

Oct 31 15:27:41 vpn charon: 14[CFG] candidate "wtf", match: 1/1/28 (me/other/ike)

Oct 31 15:27:41 vpn charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]

Oct 31 15:27:41 vpn charon: 14[NET] sending packet: from 88.86.113.219[500] to 77.78.90.200[500] (372 bytes)

Oct 31 15:27:41 vpn charon: 04[NET] sending packet: from 88.86.113.219[500] to 77.78.90.200[500]

Oct 31 15:27:42 vpn charon: 03[NET] received packet: from 77.78.90.200[4500] to 88.86.113.219[4500]

Oct 31 15:27:42 vpn charon: 03[NET] waiting for data on sockets

Oct 31 15:27:42 vpn charon: 16[NET] received packet: from 77.78.90.200[4500] to 88.86.113.219[4500] (76 bytes)

Oct 31 15:27:42 vpn charon: 16[ENC] invalid ID_V1 payload length, decryption failed?

Oct 31 15:27:42 vpn charon: 16[ENC] could not decrypt payloads

Oct 31 15:27:42 vpn charon: 16[IKE] message parsing failed

Oct 31 15:27:42 vpn charon: 16[ENC] generating INFORMATIONAL_V1 request 3597591477 [ HASH N(PLD_MAL) ]

Me configy:

root@vpn:/# cat /etc/ipsec.conf

config setup

charondebug="cfg 2, dmn 2, ike 2, net 2"

uniqueids=no

conn wtf

type=transport

pfs=no

rekey=no

keyingtries=1

left=%any

leftprotoport=udp/l2tp

leftid=@88.86.113.219

right=%any

rightprotoport=udp/%any

auto=add

aggressive=yes

keyexchange=ikev1

leftauth=psk

rightauth=psk

leftauth2=xauthpsk

rightauth2=xauthpsk

root@vpn:/# cat /etc/xl2tpd/xl2tpd.conf

[global]

listen-addr = 88.86.113.219

[lns default]

ip range = 10.10.100.10-10.10.100.250

local ip = 10.10.100.1

assign ip = yes

require chap = yes

refuse pap = yes

require authentication = yes

name = TEST_VPN

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

root@vpn:/# cat /etc/ppp/options.xl2tpd

require-mschap-v2

ms-dns 8.8.8.8

auth

mtu 1200

mru 1000

crtscts

hide-password

modem

name l2tpd

proxyarp

lcp-echo-interval 30

lcp-echo-failure 4

Uz jsem uplne bezradny :-(

Uvitam jakykoliv tip, jak rozjet funkcni kombinaci L2TP/IPsec server na linuxu a Mikrotik klientu.

Radsi bych mel overovani certifikaty, ale preziju i IPsec PSK (klikatko na vpn ve winboxu mic jineho nenabizi) a jmena+hesla na L2TP.

Dekuji za pomoc.