[ask] vpn dengan openswan

Aplikasi-aplikasi diubuntu: • Aplikasi Grafis •
Aplikasi Internet •
Aplikasi Office •
Aplikasi Sound & Video •
Aplikasi Programming
User avatar
rakyandita
Posts: 4
Joined: 22 May 2013, 10:12

[ask] vpn dengan openswan

Postby rakyandita » 22 May 2013, 10:20

mohon bantuannya para sesepuh,,

ane mengikuti tutorial web ini untuk install vpn.

berikut isi file konfigurasi saya
--/etc/ipsec.conf--

Code: Select all

config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/24,%v4:172.16.0.0/12,%v6:fd0$ protostack=netkey conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 ikelifetime=8h keylife=1h type=transport left=192.168.0.200 leftprotoport=17/1701 right=%any rightprotoport=17/%any
--/etc/ipsec.secrets--

Code: Select all

#include /var/lib/openswan/ipsec.secrets.inc 192.168.0.200 %any: PSK "69EA16F2C5DCED8B29E74A7D1B0FE99E69F6BDCD3E44"
--/etc/xl2tpd/xl2tpd.conf--

Code: Select all

global] ipsec saref = yes [lns default] ip range = 192.168.0.201-192.168.0.250 local ip = 192.168.0.200 require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options length bit = yes unix authentication = yes
--/etc/pam.d/ppp--

Code: Select all

auth required pam_nologin.so auth required pam_unix.so account required pam_unix.so session required pam_unix.so
--/etc/ppp/options--

Code: Select all

require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4 login
--/etc/ppp/chap-secrets--

Code: Select all

# Secrets for authentication using CHAP # client server secret IP addresses alice l2tpd wonderline * bob l2tpd marley *
output dari firewall

Code: Select all

# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere
output ipsec verify

Code: Select all

Version check and ipsec on-path [OK] Linux Openswan U2.6.37/K3.2.0-23-generic-pae (netkey) Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing XFRM related proc values [OK] [OK] [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [WARNING] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED]
client menggunakan windows7 proffesional 64bit. ketika dial muncul error

Code: Select all

Error: 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"
dan log di /var/log/auth.log muncul seperti ini :

Code: Select all

May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008] May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: received Vendor ID payload [RFC 3947] method set to=109 May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109 May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [FRAGMENTATION] May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable] May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [IKE CGA version 1] May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: responding to Main Mode from unknown peer 192.168.0.201 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: STATE_MAIN_R1: sent MR1, expecting MI2 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: STATE_MAIN_R2: sent MR2, expecting MI3 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.201' May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048} May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/0 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: kernel algorithm does not like: no alg May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: unsupported ESP Transform ESP_NULL from 192.168.0.201 May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: no acceptable Proposal in IPsec SA May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500 May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/1701 May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: kernel algorithm does not like: no alg May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: unsupported ESP Transform ESP_NULL from 192.168.0.201 May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: no acceptable Proposal in IPsec SA May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500 May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/1701 May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: kernel algorithm does not like: no alg May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: unsupported ESP Transform ESP_NULL from 192.168.0.201 May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: no acceptable Proposal in IPsec SA May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500 May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/1701 May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: kernel algorithm does not like: no alg May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: unsupported ESP Transform ESP_NULL from 192.168.0.201 May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: no acceptable Proposal in IPsec SA May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500
what must i do ???
dan akibat log seperti itu ane tidak bisa tidur semalem :sleep:
mohon bimbingannya dari para sesepuh donk, ini tugas besar ane di kampus soalnya :)
User avatar
rakyandita
Posts: 4
Joined: 22 May 2013, 10:12

Re: [ask] vpn dengan openswan

Postby rakyandita » 24 May 2013, 01:43

tolong di bantu donk gan ...

Who is online

Users browsing this forum: No registered users and 3 guests