Vpn l2tp/Ipsec

Todo lo relacionado con hacer funcionar a Arch como servidor de lo que sea (pagina web, ftp, archivos, firewall & router, etc...).
Responder
Avatar de Usuario
maximiliano3
Archer Extremo
Archer Extremo
Mensajes: 324
Registrado: 24 Feb 2011, 18:18

Vpn l2tp/Ipsec

Mensaje por maximiliano3 » 22 May 2014, 13:03

Buenas gente, vengo leyendo de este tema hace rataso sin poder llegar a una solución, estoy intentando conectarme por vpn a una vpn del tipo l2tp/ipsec, los datos de la misma que poseo son "IP" "nombre y usuario de vpn" "Pre Shared key", desde una vm de windows la configuración es simple y logro conectarme eh seguido varios tutos sin poder llegar a una solución empezando por la wiki de arch claro esta, principalmente el problema que tengo ahora es que el servicio de ipsec no levanta, aca la salida de mi systemd

Código: Seleccionar todo

[[email protected] ipsec.d]# journalctl -xn
-- Logs begin at mar 2014-04-15 13:48:56 ART, end at jue 2014-05-22 12:47:59 ART. --
may 22 12:47:59 Max _stackmanager[3114]: {--checkconfig]
may 22 12:47:59 Max _stackmanager[3114]: [--defaultroute <addr>] [--defaultroutenexthop <addr>]
may 22 12:47:59 Max _stackmanager[3114]: names
may 22 12:47:59 Max _stackmanager[3114]: unknown stack
may 22 12:47:59 Max systemd[1]: ipsec.service holdoff time over, scheduling restart.
may 22 12:47:59 Max systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
-- Subject: Unit ipsec.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit ipsec.service has begun shutting down.
may 22 12:47:59 Max-Laburo systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
-- Subject: Unit ipsec.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit ipsec.service has begun starting up.
may 22 12:47:59 Max-Laburo systemd[1]: ipsec.service start request repeated too quickly, refusing to start.
may 22 12:47:59 Max-Laburo systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
-- Subject: Unit ipsec.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit ipsec.service has failed.
-- 
-- The result is failed.
may 22 12:47:59 Max  systemd[1]: Unit ipsec.service entered failed state.



Por otro lado el ipsec verify me da un error que no pude resolver tampoco.

Código: Seleccionar todo

[[email protected] ipsec.d]# ipsec verify
Checking if IPsec got installed and started correctly:

Version check and ipsec on-path                         [OK]
Openswan U2.6.41/K3.14.4-1-ARCH (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel                    [OK]
 NETKEY: Testing XFRM related proc values
         ICMP default/send_redirects                    [NOT DISABLED]

  Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!

         ICMP default/accept_redirects                  [NOT DISABLED]

  Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!

         XFRM larval drop                               [OK]
Hardware random device check                            [N/A]
Two or more interfaces found, checking IP forwarding    [OK]
Checking rp_filter                                      [ENABLED]
 /proc/sys/net/ipv4/conf/default/rp_filter              [ENABLED]
 /proc/sys/net/ipv4/conf/enp3s0/rp_filter               [ENABLED]
 /proc/sys/net/ipv4/conf/virbr0/rp_filter               [ENABLED]
 /proc/sys/net/ipv4/conf/wlp2s0/rp_filter               [ENABLED]
Checking that pluto is running                          [FAILED]
Checking NAT and MASQUERADEing                          [TEST INCOMPLETE]
Checking 'ip' command                                   [OK]
Checking 'iptables' command                             [OK]

ipsec verify: encountered errors
Alguien logro establecer una conexión de este tipo??

Por otro lado me instale el

Código: Seleccionar todo

local/l2tp-ipsec-vpn 1.0.9-2
    A GUI to manage L2TP over IPsec virtual private network connections.
local/l2tp-ipsec-vpn-daemon 0.9.9-1
    A daemon to manage L2TP over IPsec virtual private network connections.
Es un programa de configuración simple con solo levantar el daemon ya corre, pero me da error 300 de negociación de ipsec, lo que supongo es por el tema del service que no levanta.

Alguna idea sugerencia??? alguien labura con alguna vpn de este tipo ?. Saludos!

Responder