[ask] vpn dengan openswan

Aplikasi-aplikasi diubuntu: • Aplikasi Grafis •
Aplikasi Internet •
Aplikasi Office •
Aplikasi Sound & Video •
Aplikasi Programming
User avatar
rakyandita
Posts: 4
Joined: 22 May 2013, 10:12

[ask] vpn dengan openswan

Postby rakyandita » 22 May 2013, 10:20

mohon bantuannya para sesepuh,,

ane mengikuti tutorial web ini untuk install vpn.

berikut isi file konfigurasi saya
--/etc/ipsec.conf--

Code: Select all

config setup
    dumpdir=/var/run/pluto/
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/24,%v4:172.16.0.0/12,%v6:fd0$
    protostack=netkey

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    ikelifetime=8h
    keylife=1h
    type=transport
    left=192.168.0.200
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any


--/etc/ipsec.secrets--

Code: Select all

#include /var/lib/openswan/ipsec.secrets.inc
192.168.0.200  %any:   PSK "69EA16F2C5DCED8B29E74A7D1B0FE99E69F6BDCD3E44"


--/etc/xl2tpd/xl2tpd.conf--

Code: Select all

global]
ipsec saref = yes

[lns default]
ip range = 192.168.0.201-192.168.0.250
local ip = 192.168.0.200
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options
length bit = yes
unix authentication = yes


--/etc/pam.d/ppp--

Code: Select all

auth    required        pam_nologin.so
auth    required        pam_unix.so
account required        pam_unix.so
session required        pam_unix.so


--/etc/ppp/options--

Code: Select all

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
login


--/etc/ppp/chap-secrets--

Code: Select all

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses

  alice         l2tpd   wonderline                   *
  bob          l2tpd   marley                          *


output dari firewall

Code: Select all

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere


output ipsec verify

Code: Select all

Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.37/K3.2.0-23-generic-pae (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                                   [N/A]
 NETKEY:  Testing XFRM related proc values                 [OK]
        [OK]
        [OK]
Checking that pluto is running                                    [OK]
 Pluto listening for IKE on udp 500                              [OK]
 Pluto listening for NAT-T on udp 4500                         [OK]
Checking for 'ip' command                                           [OK]
Checking /bin/sh is not /bin/dash                                [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


client menggunakan windows7 proffesional 64bit. ketika dial muncul error

Code: Select all

Error: 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"


dan log di /var/log/auth.log muncul seperti ini :

Code: Select all

May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: received Vendor ID payload [RFC 3947] method set to=109
May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [FRAGMENTATION]
May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 21 19:04:56 ziplin pluto[2007]: packet from 192.168.0.201:500: ignoring Vendor ID payload [IKE CGA version 1]
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: responding to Main Mode from unknown peer 192.168.0.201
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: STATE_MAIN_R1: sent MR1, expecting MI2
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: STATE_MAIN_R2: sent MR2, expecting MI3
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.201'
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/0
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: kernel algorithm does not like: no alg
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: unsupported ESP Transform ESP_NULL from 192.168.0.201
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: no acceptable Proposal in IPsec SA
May 21 19:04:56 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #2: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500
May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/1701
May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: kernel algorithm does not like: no alg
May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: unsupported ESP Transform ESP_NULL from 192.168.0.201
May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: no acceptable Proposal in IPsec SA
May 21 19:04:57 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #3: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500
May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/1701
May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: kernel algorithm does not like: no alg
May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: unsupported ESP Transform ESP_NULL from 192.168.0.201
May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: no acceptable Proposal in IPsec SA
May 21 19:04:59 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #4: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500
May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #1: the peer proposed: 192.168.0.200/32:17/1701 -> 192.168.0.201/32:17/1701
May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: kernel algorithm does not like: no alg
May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: unsupported ESP Transform ESP_NULL from 192.168.0.201
May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: no acceptable Proposal in IPsec SA
May 21 19:05:03 ziplin pluto[2007]: "L2TP-PSK-NAT"[1] 192.168.0.201 #5: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.201:500


what must i do ???
dan akibat log seperti itu ane tidak bisa tidur semalem :sleep:
mohon bimbingannya dari para sesepuh donk, ini tugas besar ane di kampus soalnya :)
User avatar
rakyandita
Posts: 4
Joined: 22 May 2013, 10:12

Re: [ask] vpn dengan openswan

Postby rakyandita » 24 May 2013, 01:43

tolong di bantu donk gan ...

Return to “Aplikasi Ubuntu”

Who is online

Users browsing this forum: No registered users and 3 guests