[linux-l] l2tp-ipsec-vpn - Tunnel wird nicht aufgebaut

Stephan Hesse stephan.hesse at belug.de
Sa Mai 11 12:32:34 CEST 2013 

Liebe Leute,

mein Debian baut keinen L2TP Tunnel auf.

Ich nutze das Paket l2tp-ipsec-vpn mit openswan etc.

hier der tail -f -n 99 /var/log/daemon.log nach einem Verbindungsversuch:

May 11 12:05:16 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
service xl2tpd stop
May 11 12:05:16 debianwheezy xl2tpd[8410]: death_handler: Fatal signal 15
received
May 11 12:05:16 debianwheezy L2tpIPsecVpnControlDaemon: Command service
xl2tpd stop finished with exit code 0
May 11 12:05:16 debianwheezy L2tpIPsecVpnControlDaemon: Opening client
connection
May 11 12:05:16 debianwheezy L2tpIPsecVpnControlDaemon: Closing client
connection
May 11 12:05:16 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
service xl2tpd start
May 11 12:05:16 debianwheezy xl2tpd[9514]: setsockopt recvref[30]:
Protocol not available
May 11 12:05:16 debianwheezy xl2tpd[9514]: This binary does not support
kernel L2TP.
May 11 12:05:16 debianwheezy xl2tpd[9515]: xl2tpd version xl2tpd-1.3.1
started on debianwheezy PID:9515
May 11 12:05:16 debianwheezy L2tpIPsecVpnControlDaemon: Command service
xl2tpd start finished with exit code 0
May 11 12:05:16 debianwheezy xl2tpd[9515]: Written by Mark Spencer,
Copyright (C) 1998, Adtran, Inc.
May 11 12:05:16 debianwheezy xl2tpd[9515]: Forked by Scott Balmos and
David Stipp, (C) 2001
May 11 12:05:16 debianwheezy xl2tpd[9515]: Inherited by Jeff McAdams, (C)
2002
May 11 12:05:16 debianwheezy xl2tpd[9515]: Forked again by Xelerance
(www.xelerance.com) (C) 2006
May 11 12:05:16 debianwheezy xl2tpd[9515]: Listening on IP address
0.0.0.0, port 1701
May 11 12:05:17 debianwheezy L2tpIPsecVpnControlDaemon: Closing client
connection
May 11 12:05:17 debianwheezy xl2tpd[9515]: Connecting to host remote.bla,
port 1701
May 11 12:05:17 debianwheezy xl2tpd[9515]: Connection established to
111.222.123.321, 1701.  Local: 20696, Remote: 10 (ref=0/0).
May 11 12:05:17 debianwheezy xl2tpd[9515]: Calling on tunnel 20696
May 11 12:05:17 debianwheezy xl2tpd[9515]: receive_window_size_avp: RWS
not appropriate for message Incoming-Call-Reply.  Ignoring.
May 11 12:05:17 debianwheezy xl2tpd[9515]: Call established with
111.222.123.321, Local: 28767, Remote: 24, Serial: 1 (ref=0/0)
May 11 12:05:17 debianwheezy xl2tpd[9515]: start_pppd: I'm running:
May 11 12:05:17 debianwheezy xl2tpd[9515]: "/usr/sbin/pppd"
May 11 12:05:17 debianwheezy xl2tpd[9515]: "passive"
May 11 12:05:17 debianwheezy xl2tpd[9515]: "nodetach"
May 11 12:05:17 debianwheezy xl2tpd[9515]: ":"
May 11 12:05:17 debianwheezy xl2tpd[9515]: "file"
May 11 12:05:17 debianwheezy xl2tpd[9515]:
"/etc/ppp/l2tpdrueben.options.xl2tpd"
May 11 12:05:17 debianwheezy xl2tpd[9515]: "ipparam"
May 11 12:05:17 debianwheezy xl2tpd[9515]: "111.222.123.321"
May 11 12:05:17 debianwheezy xl2tpd[9515]: "/dev/pts/2"
May 11 12:05:17 debianwheezy NetworkManager[3515]:    SCPlugin-Ifupdown:
devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
May 11 12:05:17 debianwheezy NetworkManager[3515]:    SCPlugin-Ifupdown:
device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no
ifupdown configuration found.
May 11 12:05:17 debianwheezy xl2tpd[9515]: control_finish: Connection
closed to 111.222.123.321, serial 1 ()
May 11 12:05:17 debianwheezy xl2tpd[9515]: Terminating pppd: sending TERM
signal to pid 9516
May 11 12:05:17 debianwheezy xl2tpd[9515]: control_finish: Connection
closed to 111.222.123.321, port 1701 (), Local: 20696, Remote: 10
May 11 12:05:17 debianwheezy avahi-daemon[3417]: Withdrawing workstation
service for ppp0.
May 11 12:05:17 debianwheezy NetworkManager[3515]:    SCPlugin-Ifupdown:
devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)

Gemäß der Hilfeseite habe ich sämtliche debugs versucht aber komme nicht
weiter.
http://wiki.l2tpipsecvpn.tuxfamily.org/wiki/index.php?title=Main_Page

Hier das #ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.38-g312f1b8a-dirty/K3.2.0-4-amd64 (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

        [OK]
        [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
--------------------
/var/log/syslog:

May 11 12:15:29 debianwheezy L2tpIPsecVpnControlDaemon: Opening client
connection
May 11 12:15:29 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
ipsec setup stop
May 11 12:15:29 debianwheezy ipsec_setup: Stopping Openswan IPsec...
May 11 12:15:31 debianwheezy ipsec_setup: Error: Module
xfrm4_mode_transport is in use
May 11 12:15:31 debianwheezy ipsec_setup: Error: Module esp4 is in use
May 11 12:15:31 debianwheezy kernel: [ 5790.603517] NET: Unregistered
protocol family 15
May 11 12:15:31 debianwheezy ipsec_setup: ...Openswan IPsec stopped
May 11 12:15:31 debianwheezy L2tpIPsecVpnControlDaemon: Command ipsec
setup stop finished with exit code 0
May 11 12:15:31 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
service xl2tpd stop
May 11 12:15:31 debianwheezy xl2tpd[9665]: death_handler: Fatal signal 15
received
May 11 12:15:31 debianwheezy L2tpIPsecVpnControlDaemon: Command service
xl2tpd stop finished with exit code 0
May 11 12:15:31 debianwheezy L2tpIPsecVpnControlDaemon: Opening client
connection
May 11 12:15:31 debianwheezy L2tpIPsecVpnControlDaemon: Closing client
connection
May 11 12:15:31 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
ipsec setup start
May 11 12:15:31 debianwheezy kernel: [ 5790.855987] NET: Registered
protocol family 15
May 11 12:15:31 debianwheezy ipsec_setup: Starting Openswan IPsec
U2.6.38-g312f1b8a-dirty/K3.2.0-4-amd64...
May 11 12:15:31 debianwheezy ipsec_setup: Using NETKEY(XFRM) stack
May 11 12:15:32 debianwheezy kernel: [ 5790.941052] Initializing XFRM
netlink socket
May 11 12:15:32 debianwheezy ipsec_setup: ...Openswan IPsec started
May 11 12:15:32 debianwheezy L2tpIPsecVpnControlDaemon: Command ipsec
setup start finished with exit code 0
May 11 12:15:32 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
service xl2tpd start
May 11 12:15:32 debianwheezy pluto: adjusting ipsec.d to /etc/ipsec.d
May 11 12:15:32 debianwheezy ipsec__plutorun: adjusting ipsec.d to
/etc/ipsec.d
May 11 12:15:32 debianwheezy xl2tpd[9968]: setsockopt recvref[30]:
Protocol not available
May 11 12:15:32 debianwheezy xl2tpd[9968]: This binary does not support
kernel L2TP.
May 11 12:15:32 debianwheezy xl2tpd[9975]: xl2tpd version xl2tpd-1.3.1
started on debianwheezy PID:9975
May 11 12:15:32 debianwheezy xl2tpd[9975]: Written by Mark Spencer,
Copyright (C) 1998, Adtran, Inc.
May 11 12:15:32 debianwheezy xl2tpd[9975]: Forked by Scott Balmos and
David Stipp, (C) 2001
May 11 12:15:32 debianwheezy xl2tpd[9975]: Inherited by Jeff McAdams, (C)
2002
May 11 12:15:32 debianwheezy xl2tpd[9975]: Forked again by Xelerance
(www.xelerance.com) (C) 2006
May 11 12:15:32 debianwheezy xl2tpd[9975]: Listening on IP address
0.0.0.0, port 1701
May 11 12:15:32 debianwheezy L2tpIPsecVpnControlDaemon: Command service
xl2tpd start finished with exit code 0
May 11 12:15:32 debianwheezy ipsec__plutorun: 002 added connection
description "l2tpBugs"
May 11 12:15:32 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
ipsec auto --ready
May 11 12:15:32 debianwheezy L2tpIPsecVpnControlDaemon: Command ipsec auto
--ready finished with exit code 0
May 11 12:15:32 debianwheezy L2tpIPsecVpnControlDaemon: Executing command
ipsec auto --up l2tpBugs
May 11 12:15:33 debianwheezy L2tpIPsecVpnControlDaemon: Command ipsec auto
--up l2tpBugs finished with exit code 0
May 11 12:15:34 debianwheezy L2tpIPsecVpnControlDaemon: Closing client
connection
May 11 12:15:34 debianwheezy xl2tpd[9975]: Connecting to host remote.bla,
port 1701
May 11 12:15:34 debianwheezy xl2tpd[9975]: Connection established to
111.222.123.321, 1701.  Local: 52376, Remote: 10 (ref=0/0).
May 11 12:15:34 debianwheezy xl2tpd[9975]: Calling on tunnel 52376
May 11 12:15:34 debianwheezy xl2tpd[9975]: receive_window_size_avp: RWS
not appropriate for message Incoming-Call-Reply.  Ignoring.
May 11 12:15:34 debianwheezy xl2tpd[9975]: Call established with
111.222.123.321, Local: 51577, Remote: 28, Serial: 1 (ref=0/0)
May 11 12:15:34 debianwheezy xl2tpd[9975]: start_pppd: I'm running:
May 11 12:15:34 debianwheezy xl2tpd[9975]: "/usr/sbin/pppd"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "passive"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "nodetach"
May 11 12:15:34 debianwheezy xl2tpd[9975]: ":"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "file"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "/etc/ppp/l2tpBugs.options.xl2tpd"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "ipparam"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "111.222.123.321"
May 11 12:15:34 debianwheezy xl2tpd[9975]: "/dev/pts/2"
May 11 12:15:34 debianwheezy pppd[10048]: Plugin passprompt.so loaded.
May 11 12:15:34 debianwheezy pppd[10048]: pppd 2.4.5 started by root, uid 0
May 11 12:15:34 debianwheezy pppd[10048]: Using interface ppp0
May 11 12:15:34 debianwheezy pppd[10048]: Connect: ppp0 <--> /dev/pts/2
May 11 12:15:34 debianwheezy NetworkManager[3515]:    SCPlugin-Ifupdown:
devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
May 11 12:15:34 debianwheezy NetworkManager[3515]:    SCPlugin-Ifupdown:
device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no
ifupdown configuration found.
May 11 12:15:34 debianwheezy xl2tpd[9975]: control_finish: Connection
closed to 111.222.123.321, serial 1 ()
May 11 12:15:34 debianwheezy pppd[10048]: Modem hangup
May 11 12:15:34 debianwheezy xl2tpd[9975]: Terminating pppd: sending TERM
signal to pid 10048
May 11 12:15:34 debianwheezy pppd[10048]: Connection terminated.
May 11 12:15:34 debianwheezy xl2tpd[9975]: control_finish: Connection
closed to 111.222.123.321, port 1701 (), Local: 52376, Remote: 10
May 11 12:15:34 debianwheezy avahi-daemon[3417]: Withdrawing workstation
service for ppp0.
May 11 12:15:34 debianwheezy NetworkManager[3515]:    SCPlugin-Ifupdown:
devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
May 11 12:15:34 debianwheezy pppd[10048]: Exit.

-------------------------------------------------
Hat ggf. jemand von Euch eine laufende L2TP Lösung?
Müssen in die sysctl.conf Parameter gesetzt werden?
PPTP funktioniert problemlos am gleichen Rechner- will ich aber nicht mehr
benutzen!
L2TP funzt wie erwähnt im gleichen LAN mit anderen Rechnern aber anderen
Betriebssystemen mit der Draytek-Router per L2TP auf der Gegenseite.
Mit Ubuntu aufm Stick habe ich auch nur negativ getestet.

Hier ein Filmchen rund um das Thema und mein verwendetes Gui L2TP IPsec
VPN Manager 1.0.9.
https://www.youtube.com/watch?v=6Kjt4_mG-Q4

Danke für Tipps!

Gruß Stephan

Mehr Informationen über die Mailingliste linux-l