Esempio configurazione per L2TP over IPSec

Ho provato una REMOTE ACCESS con L2TP over IPSec.

Ho creato la connessione VPN su windows 7, specificando L2TP over IPSec.

Ma quando clicco su connetti, leggo solo CONNESSIONE A ******x ed e' fermo fino ad un errore.

Come se non riuscisse a contattare il firewall.

La stessa connessione se la cambio in PPTP funziona subito e bene.

Dove sbaglio?

Grazie.

Parents

0 felicebalsamo over 14 years ago

Sul client di windows da questo messaggio:

Errore 789: Tentativo di connessone L2TP non riuscito.
Il livello di sicurezza ha rilevato un errore di elaborazione durante le negoziazioni iniziali del computer remoto.

Questo il LOG del client di windows:
[4204] 05-05 09:00:54:075: DwQueryIkeStatus: retcode=0x0, status=0x78b
[4204] 05-05 09:00:54:075: DwQueryIkeStatus: Freeing IkeInitiateContext handle 0x5721fa8
[4204] 05-05 09:00:54:213: ReferenceCustomCount
[4204] 05-05 09:00:54:213: ReferenceCustomCount done. 0
[5848] 05-05 09:00:54:220: RefConnection: 0x30000
[5848] 05-05 09:00:54:221: refcount=0, maxports=6, ports=1
[5848] 05-05 09:00:54:221: RefConnection: ref on 0x30000 = 0
[5848] 05-05 09:00:54:222: PortDisconnectRequest - calling CheckIfAllowedToManageConnection
[5848] 05-05 09:00:54:228: DwSendNotificationInternal(ENTRY_DISCONNECTING) returned 0x0
[5848] 05-05 09:00:54:228: QueueCloseConnections: no dependent connections
[5848] 05-05 09:00:54:228: PortDisconnectRequest on VPN2-1 Connection=0x6fd78e8 ,RasmanReceiveFlags=0x0
[5848] 05-05 09:00:54:228: PortDisconnectRequest: Disconnecting VPN2-1
[5848] 05-05 09:00:54:228: Disconnecting Port 0xVPN2-1, reason 0
[5848] 05-05 09:00:54:228: QueueCloseConnections: no dependent connections
[5848] 05-05 09:00:54:228: link handle for VPN2-1 = INVALID_HANDLE_VALUE
[5848] 05-05 09:00:54:228: 4. Notifying of disconnect on port 2
[5848] 05-05 09:00:54:228: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 4853: port 2 state chg: prev=4, new=4
[5848] 05-05 09:00:54:228: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 4864: port 2 async reqtype chg: prev=0, new=0
[5848] 05-05 09:00:54:230: CompleteDisconnectRequest: signalling 0x1670 for VPN2-1
[5848] 05-05 09:00:54:230: SignalPortDisconnect: pOverlapped=0x79c8b44
[5848] 05-05 09:00:54:230: PostDialEventContext:  for pid:0x948, client Event:0xd24context pointer=0x79c8b44, type=1
[5848] 05-05 09:00:54:230: AppendNewMsgToQueue:Set client Event:0xd24
[5848] 05-05 09:00:54:230: Disconnect completed on port: VPN2-1
[5848] 05-05 09:00:54:230: Disconnect request on port: VPN2-1
[5848] 05-05 09:00:54:232: PortCloseRequest - Calling CheckIfAllowedToManageConnection
[5848] 05-05 09:00:54:232: PortClose: port (2). OpenInstances = 1
[5848] 05-05 09:00:54:233: PortClose: going to clear the rasapi32 event handle
[5848] 05-05 09:00:54:233: SetDialMachineEventHandleCommon:
[5848] 05-05 09:00:54:233: SetDialEventHandleCommon: posting last event for port 2
[5848] 05-05 09:00:54:233: PostDialEventContext:  for pid:0x948, client Event:0xd24context pointer=0x79c8ba4, type=4
[5848] 05-05 09:00:54:233: PostDialEventContext: going to put the  OVEVT_DIAL_LAST message in the queue

[5848] 05-05 09:00:54:233: Freeing the notifier list for port 2
[5848] 05-05 09:00:54:233: DwInitializeIpSec: fOnFailure set to 0
[5848] 05-05 09:00:54:233: Deleting client ipsec filter on 2
[5848] 05-05 09:00:54:243: DwDeleteClientIpSecFilter: dwStatus=0x0, port=2
[5848] 05-05 09:00:54:243: DwDeleteIpSecFilter for VPN2-1 returned 0x0
[5848] 05-05 09:00:54:243: PortClose (2). OpenInstances = 0
[5848] 05-05 09:00:54:247: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 3594: port 2 async reqtype chg: prev=0, new=0
[5848] 05-05 09:00:54:247: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 3597: port 2 state chg: prev=4, new=4
[5848] 05-05 09:00:54:247: RemoveConnectionPort: port 2, fOwnerClose=1, pConn=0x6fd78e8, pConn->CB_Ports=0

[5848] 05-05 09:00:54:247: SendSensNotification(_RAS_DISCONNECT) for 0x00030000 returns 0x00000000
[5848] 05-05 09:00:54:255: DwSendNotificationInternal(ENTRY_DISCONNECTED) rc=0x0
[5848] 05-05 09:00:54:255: RemoveConnectionPort: FreeConnection hconn=0x30000, pconn=0x6fd78e8, AutoClose=0
[5848] 05-05 09:00:54:255: FreeConnection: pConn=0x6fd78e8, 0
[5848] 05-05 09:00:54:256: d:\w7rtm\net\rras\ras\rasman\rasman\request.c, 3663: Clearing the autoclose flag for port 2
[5848] 05-05 09:00:54:256: fAnyConnectedPorts: 0
[5848] 05-05 09:00:54:256: SetSystemIdleTimer: fDisable=0
[5848] 05-05 09:00:54:256: SetRasmanServiceStopControl: Enabled 1
[4204] 05-05 09:00:54:258: CleanUpDeadClientProcessBlock
[4204] 05-05 09:00:54:258: SetDialMachineEventHandleCommon:
[4204] 05-05 09:00:54:258: SetDialMachineEventHandleCommon:Error: meaningless operation
[4204] 05-05 09:00:54:265: PickOneMsgForAEvent:send context to Pid:0x948, clientEvent:0xd24
[4204] 05-05 09:00:54:265: PickOneMsgFromQueueList:
[4204] 05-05 09:00:54:265: PickOneMsgFromQueueList:Set client Event:0xd24
[5848] 05-05 09:00:54:267: PickOneMsgForAEvent:send context to Pid:0x948, clientEvent:0xd24
[5848] 05-05 09:00:54:267: PickOneMsgFromQueueList:

Le porte 4853 e 4864 su Astaro non sono aperte in packet filtering, ma anche per PPTP la stessa cosa e funziona.

Mentre su ASTARO in IPSec VPN LOG:

2010:05:05-00:27:57 ercolino pluto[2407]: forgetting secrets
2010:05:05-00:27:57 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-00:27:57 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-00:27:57 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-00:27:57 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'
2010:05:05-08:49:28 ercolino pluto[2407]: forgetting secrets
2010:05:05-08:49:28 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-08:49:28 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:49:28 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-08:49:28 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'
2010:05:05-08:56:42 ercolino pluto[2407]: forgetting secrets
2010:05:05-08:56:42 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-08:56:42 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:56:42 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-08:56:42 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'
2010:05:05-09:11:22 ercolino pluto[2407]: forgetting secrets
2010:05:05-09:11:22 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-09:11:22 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-09:11:22 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-09:11:22 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'

Grazie.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 felicebalsamo over 14 years ago

Sul client di windows da questo messaggio:

Errore 789: Tentativo di connessone L2TP non riuscito.
Il livello di sicurezza ha rilevato un errore di elaborazione durante le negoziazioni iniziali del computer remoto.

Questo il LOG del client di windows:
[4204] 05-05 09:00:54:075: DwQueryIkeStatus: retcode=0x0, status=0x78b
[4204] 05-05 09:00:54:075: DwQueryIkeStatus: Freeing IkeInitiateContext handle 0x5721fa8
[4204] 05-05 09:00:54:213: ReferenceCustomCount
[4204] 05-05 09:00:54:213: ReferenceCustomCount done. 0
[5848] 05-05 09:00:54:220: RefConnection: 0x30000
[5848] 05-05 09:00:54:221: refcount=0, maxports=6, ports=1
[5848] 05-05 09:00:54:221: RefConnection: ref on 0x30000 = 0
[5848] 05-05 09:00:54:222: PortDisconnectRequest - calling CheckIfAllowedToManageConnection
[5848] 05-05 09:00:54:228: DwSendNotificationInternal(ENTRY_DISCONNECTING) returned 0x0
[5848] 05-05 09:00:54:228: QueueCloseConnections: no dependent connections
[5848] 05-05 09:00:54:228: PortDisconnectRequest on VPN2-1 Connection=0x6fd78e8 ,RasmanReceiveFlags=0x0
[5848] 05-05 09:00:54:228: PortDisconnectRequest: Disconnecting VPN2-1
[5848] 05-05 09:00:54:228: Disconnecting Port 0xVPN2-1, reason 0
[5848] 05-05 09:00:54:228: QueueCloseConnections: no dependent connections
[5848] 05-05 09:00:54:228: link handle for VPN2-1 = INVALID_HANDLE_VALUE
[5848] 05-05 09:00:54:228: 4. Notifying of disconnect on port 2
[5848] 05-05 09:00:54:228: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 4853: port 2 state chg: prev=4, new=4
[5848] 05-05 09:00:54:228: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 4864: port 2 async reqtype chg: prev=0, new=0
[5848] 05-05 09:00:54:230: CompleteDisconnectRequest: signalling 0x1670 for VPN2-1
[5848] 05-05 09:00:54:230: SignalPortDisconnect: pOverlapped=0x79c8b44
[5848] 05-05 09:00:54:230: PostDialEventContext:  for pid:0x948, client Event:0xd24context pointer=0x79c8b44, type=1
[5848] 05-05 09:00:54:230: AppendNewMsgToQueue:Set client Event:0xd24
[5848] 05-05 09:00:54:230: Disconnect completed on port: VPN2-1
[5848] 05-05 09:00:54:230: Disconnect request on port: VPN2-1
[5848] 05-05 09:00:54:232: PortCloseRequest - Calling CheckIfAllowedToManageConnection
[5848] 05-05 09:00:54:232: PortClose: port (2). OpenInstances = 1
[5848] 05-05 09:00:54:233: PortClose: going to clear the rasapi32 event handle
[5848] 05-05 09:00:54:233: SetDialMachineEventHandleCommon:
[5848] 05-05 09:00:54:233: SetDialEventHandleCommon: posting last event for port 2
[5848] 05-05 09:00:54:233: PostDialEventContext:  for pid:0x948, client Event:0xd24context pointer=0x79c8ba4, type=4
[5848] 05-05 09:00:54:233: PostDialEventContext: going to put the  OVEVT_DIAL_LAST message in the queue

[5848] 05-05 09:00:54:233: Freeing the notifier list for port 2
[5848] 05-05 09:00:54:233: DwInitializeIpSec: fOnFailure set to 0
[5848] 05-05 09:00:54:233: Deleting client ipsec filter on 2
[5848] 05-05 09:00:54:243: DwDeleteClientIpSecFilter: dwStatus=0x0, port=2
[5848] 05-05 09:00:54:243: DwDeleteIpSecFilter for VPN2-1 returned 0x0
[5848] 05-05 09:00:54:243: PortClose (2). OpenInstances = 0
[5848] 05-05 09:00:54:247: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 3594: port 2 async reqtype chg: prev=0, new=0
[5848] 05-05 09:00:54:247: d:\w7rtm\net\rras\ras\rasman\rasman\request.c: 3597: port 2 state chg: prev=4, new=4
[5848] 05-05 09:00:54:247: RemoveConnectionPort: port 2, fOwnerClose=1, pConn=0x6fd78e8, pConn->CB_Ports=0

[5848] 05-05 09:00:54:247: SendSensNotification(_RAS_DISCONNECT) for 0x00030000 returns 0x00000000
[5848] 05-05 09:00:54:255: DwSendNotificationInternal(ENTRY_DISCONNECTED) rc=0x0
[5848] 05-05 09:00:54:255: RemoveConnectionPort: FreeConnection hconn=0x30000, pconn=0x6fd78e8, AutoClose=0
[5848] 05-05 09:00:54:255: FreeConnection: pConn=0x6fd78e8, 0
[5848] 05-05 09:00:54:256: d:\w7rtm\net\rras\ras\rasman\rasman\request.c, 3663: Clearing the autoclose flag for port 2
[5848] 05-05 09:00:54:256: fAnyConnectedPorts: 0
[5848] 05-05 09:00:54:256: SetSystemIdleTimer: fDisable=0
[5848] 05-05 09:00:54:256: SetRasmanServiceStopControl: Enabled 1
[4204] 05-05 09:00:54:258: CleanUpDeadClientProcessBlock
[4204] 05-05 09:00:54:258: SetDialMachineEventHandleCommon:
[4204] 05-05 09:00:54:258: SetDialMachineEventHandleCommon:Error: meaningless operation
[4204] 05-05 09:00:54:265: PickOneMsgForAEvent:send context to Pid:0x948, clientEvent:0xd24
[4204] 05-05 09:00:54:265: PickOneMsgFromQueueList:
[4204] 05-05 09:00:54:265: PickOneMsgFromQueueList:Set client Event:0xd24
[5848] 05-05 09:00:54:267: PickOneMsgForAEvent:send context to Pid:0x948, clientEvent:0xd24
[5848] 05-05 09:00:54:267: PickOneMsgFromQueueList:

Le porte 4853 e 4864 su Astaro non sono aperte in packet filtering, ma anche per PPTP la stessa cosa e funziona.

Mentre su ASTARO in IPSec VPN LOG:

2010:05:05-00:27:57 ercolino pluto[2407]: forgetting secrets
2010:05:05-00:27:57 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-00:27:57 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-00:27:57 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-00:27:57 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-00:27:57 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'
2010:05:05-08:49:28 ercolino pluto[2407]: forgetting secrets
2010:05:05-08:49:28 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-08:49:28 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:49:28 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-08:49:28 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-08:49:28 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'
2010:05:05-08:56:42 ercolino pluto[2407]: forgetting secrets
2010:05:05-08:56:42 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-08:56:42 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:56:42 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-08:56:42 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-08:56:42 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'
2010:05:05-09:11:22 ercolino pluto[2407]: forgetting secrets
2010:05:05-09:11:22 ercolino pluto[2407]: loading secrets from "/etc/ipsec.secrets"
2010:05:05-09:11:22 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-09:11:22 ercolino pluto[2407]:   loaded shared key for 0.0.0.0 192.168.2.100
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/cacerts'
2010:05:05-09:11:22 ercolino pluto[2407]:   loaded CA cert file 'REF_XiNpDEiQFo.pem' (3067 bytes)
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/aacerts'
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:05:05-09:11:22 ercolino pluto[2407]: Changing to directory '/etc/ipsec.d/crls'

Grazie.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data