Не поднимается соединение l2tp+ipsec на debian(accel-ppp + strongswan)

1

0

Решил потренироваться на виртуалке (VMware) настраивать VPN. У меня 2 машины: Windows 10 и Debian 12. На Debian поставил accel-ppp и настроил соединение PPTP, получилось легко. Сейчас уже 5 день не могу настроить L2TP+IPsec.

Установка Accel-PPP

Файл конфигурации accel-ppp.conf:

[modules]
log_file
pptp
l2tp
ippool
chap-secrets
auth_mschap_v2
auth_mschap_v1
auth_chap_md5

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[auth]
#chap=true
#mschap-v2=true 
#timeout=5
#interval=0
#max-failure=3
#any-login=1
#noauth=1
#challenge-name=accel-ppp

[ppp]
verbose=1
mtu=1500
mru=1500
#accomp=deny
#pcomp=deny
#ccp=0
mppe=prefer
ipv4=prefer
ipv6=deny
#lcp-echo-interval=20
#lcp-echo-failure=3
#lcp-echo-timeout=120
#unit-cache=1
#unit-preallocate=1

[pptp]
verbose=1
bind=0.0.0.0
#mppe=deny
#auth=chap
#echo-interval=30
ip-pool=pool

[l2tp]
verbose=1
bind=0.0.0.0
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
secret=l2tp
ip-pool=pool

[client-ip-range]
192.168.10.0/26

[ip-pool]
gw-ip-address=192.168.10.2
#vendor=Cisco
#attr=Cisco-AVPair
#attr=Framed-Pool
#192.168.0.2-255
192.168.10.200-250,name=pool
#192.168.2.1-255,name=pool2
#192.168.3.1-255,name=pool3
#192.168.4.1-255,name=pool4,next=pool1
#192.168.4.0/24

[chap-secrets]
gw-ip-address=192.168.10.2
chap-secrets=/etc/ppp/chap-secrets
#encrypted=0
#username-hash=md5

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
log-debug=/var/log/accel-debug.log
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=5

[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
#password=123
#sessions-columns=ifname,username,ip,ip6,ip6-dp,type,state,uptime,uptime-raw,calling-sid,called-sid,sid,comp,inbound-if,service-name,rx-bytes,tx-bytes,rx-bytes-raw,tx-bytes-raw,rx-pkts,tx-pkts,netns,vrf

Установка StrongSwan

Файл конфигурации ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

config setup
  # Нужно ли требовать неистекший лист отзывов для проведения аутентификации клиента
	charondebug=dmn 0, mgr 0, ike 4, chd 0, job 0, cfg 0, knl 0, net 4, asn 0, enc 4, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0
  strictcrlpolicy=no
 # include /var/lib/strongswan/ipsec.conf.inc

conn %default
  ikelifetime=1440m
  keylife=60m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  authby=xauthpsk
  dpdaction=clear
  fragmentation=yes
  rekey=no
  ike=aes128-sha1-modp1024,aes-cbc,3des-cbc
  esp=aes128-sha1,aes-cbc,3des-cbc

conn L2TP_Accel-PPP
  authby=psk
  rekey=no
  type=transport
  esp=aes128-sha1,md5,aes-cbc,3des-cbc
  ike=aes128-sha1-modp1024,md5,aes-cbc,3des-cbc
  left=192.168.10.2
  leftsubnet=0.0.0.0/0
  leftprotoport=17/%any
  right=%any
  rightprotoport=17/%any
  auto=add
  dpddelay=30
  dpdtimeout=120
  dpdaction=clear
  forceencaps=yes

Настройка Windows

В Windows (192.168.10.63):

Ввел адрес сервера (192.168.10.2).
Выбрал тип VPN: L2TP/IPsec с общим ключом.
Ввел ключ из файла /etc/ipsec.secrets:
: PSK "l2tp"
Ввел логин и пароль из файла /etc/ppp/chap-secrets.

Ошибка при подключении

При подключении выдает ошибку:

Попытка L2TP-подключения не удалась из-за ошибки, произошедшей на уровне безопасности во время согласований с удаленным ПК.

Вырезки логов charon:

Nov  1 09:21:54 00[KNL] known interfaces and IP addresses:
Nov  1 09:21:54 00[KNL]   lo
Nov  1 09:21:54 00[KNL]     127.0.0.1 
Nov  1 09:21:54 00[KNL]     ::1
Nov  1 09:21:54 00[KNL]   ens33
Nov  1 09:21:54 00[KNL]     192.168.10.2
Nov  1 09:21:54 00[KNL]     fe80::20c:29ff:fedf:4477
Nov  1 09:21:54 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS
Nov  1 09:21:54 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Nov  1 09:21:54 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Nov  1 09:21:54 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
Nov  1 09:21:54 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
Nov  1 09:21:54 00[NET] using forecast interface ens33
Nov  1 09:21:54 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Nov  1 09:21:54 00[NET] forwarding multicast group 224.0.0.1
Nov  1 09:21:54 00[NET] forwarding multicast group 224.0.0.22
Nov  1 09:21:54 00[NET] forwarding multicast group 224.0.0.251
Nov  1 09:21:54 00[NET] forwarding multicast group 224.0.0.252
Nov  1 09:21:54 00[NET] forwarding multicast group 239.255.255.250
Nov  1 09:21:54 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov  1 09:21:54 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov  1 09:21:54 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov  1 09:21:54 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov  1 09:21:54 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov  1 09:21:54 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov  1 09:21:54 00[CFG]   loaded IKE secret for %any
Nov  1 09:21:54 00[CFG] loaded 0 RADIUS server configurations
Nov  1 09:21:54 00[CFG] HA config misses local/remote address
Nov  1 09:21:54 00[LIB] feature CUSTOM:ha in plugin 'ha' failed to load
Nov  1 09:21:54 00[LIB] unloading plugin 'ha' without loaded features
Nov  1 09:21:54 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf gmp agent xcbc hmac kdf gcm drbg attr kernel-netlink resolve socket-default connmark forecast farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
Nov  1 09:21:54 00[LIB] unable to load 6 plugin features (5 due to unmet dependencies)
Nov  1 09:21:54 00[LIB] dropped capabilities, running as uid 0, gid 0
Nov  1 09:21:54 00[JOB] spawning 16 worker threads
Nov  1 09:21:54 01[LIB] created thread 01 [995]

Nov  1 09:21:54 15[JOB] no events, waiting
Nov  1 09:21:54 02[JOB] watcher going to poll() 9 fds
Nov  1 09:21:54 02[JOB] watcher got notification, rebuilding
Nov  1 09:21:54 02[JOB] watcher going to poll() 9 fds
Nov  1 09:21:54 03[NET] waiting for data on sockets
Nov  1 09:21:54 02[JOB] watched FD 21 ready to read
Nov  1 09:21:54 02[JOB] watcher going to poll() 8 fds
Nov  1 09:21:54 05[CFG] received stroke: add connection 'L2TP_Accel-PPP'
Nov  1 09:21:54 02[JOB] watcher got notification, rebuilding
Nov  1 09:21:54 05[CFG] conn L2TP_Accel-PPP
Nov  1 09:21:54 05[CFG]   left=192.168.10.2
Nov  1 09:21:54 02[JOB] watcher going to poll() 9 fds
Nov  1 09:21:54 05[CFG]   leftsubnet=0.0.0.0/0
Nov  1 09:21:54 05[CFG]   leftauth=psk
Nov  1 09:21:54 05[CFG]   right=%any
Nov  1 09:21:54 05[CFG]   rightauth=psk
Nov  1 09:21:54 05[CFG]   ike=aes128-sha1-modp1024,md5,aes-cbc,3des-cbc
Nov  1 09:21:54 05[CFG]   esp=aes128-sha1,md5,aes-cbc,3des-cbc
Nov  1 09:21:54 05[CFG]   dpddelay=30
Nov  1 09:21:54 05[CFG]   dpdtimeout=120
Nov  1 09:21:54 05[CFG]   dpdaction=1
Nov  1 09:21:54 05[CFG]   sha256_96=no
Nov  1 09:21:54 05[CFG]   mediation=no
Nov  1 09:21:54 05[CFG]   keyexchange=ikev1
Nov  1 09:21:54 05[CFG] a DH group is mandatory in IKE proposals
Nov  1 09:21:54 05[CFG] skipped invalid proposal string: md5
Nov  1 09:21:55 02[JOB] watched FD 18 ready to read
Nov  1 09:21:55 02[JOB] watcher going to poll() 8 fds
Nov  1 09:21:55 07[KNL] flags changed for fe80::20c:29ff:fedf:4477 on ens33
Nov  1 09:21:55 15[JOB] next event in 99ms, waiting
Nov  1 09:21:55 02[JOB] watcher got notification, rebuilding
Nov  1 09:21:55 02[JOB] watcher going to poll() 9 fds
Nov  1 09:21:55 02[JOB] watched FD 18 ready to read
Nov  1 09:21:55 02[JOB] watcher going to poll() 8 fds
Nov  1 09:21:55 02[JOB] watcher got notification, rebuilding
Nov  1 09:21:55 02[JOB] watcher going to poll() 9 fds
Nov  1 09:21:55 15[JOB] got event, queuing job for execution
Nov  1 09:21:55 15[JOB] no events, waiting
Nov  1 09:21:55 10[KNL] creating roam job due to address/link change
Nov  1 09:21:55 10[NET] using forecast interface ens33
Nov  1 09:21:55 10[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Nov  1 09:22:02 02[JOB] watched FD 8 ready to read

Nov  1 09:22:30 03[NET] received packet: from 192.168.10.63[500] to 192.168.10.2[500]
Nov  1 09:22:30 03[ENC] parsing header of message
Nov  1 09:22:30 03[ENC] parsing HEADER payload, 408 bytes left
Nov  1 09:22:30 03[ENC]   parsing rule 0 IKE_SPI
Nov  1 09:22:30 03[ENC]   parsing rule 1 IKE_SPI
Nov  1 09:22:30 03[ENC]   parsing rule 2 U_INT_8
Nov  1 09:22:30 03[ENC]   parsing rule 3 U_INT_4
Nov  1 09:22:30 03[ENC]   parsing rule 4 U_INT_4
Nov  1 09:22:30 03[ENC]   parsing rule 5 U_INT_8
Nov  1 09:22:30 03[ENC]   parsing rule 6 RESERVED_BIT
Nov  1 09:22:30 03[ENC]   parsing rule 7 RESERVED_BIT
Nov  1 09:22:30 03[ENC]   parsing rule 8 FLAG
Nov  1 09:22:30 03[ENC]   parsing rule 9 FLAG
Nov  1 09:22:30 03[ENC]   parsing rule 10 FLAG
Nov  1 09:22:30 03[ENC]   parsing rule 11 FLAG
Nov  1 09:22:30 03[ENC]   parsing rule 12 FLAG
Nov  1 09:22:30 03[ENC]   parsing rule 13 FLAG
Nov  1 09:22:30 03[ENC]   parsing rule 14 U_INT_32
Nov  1 09:22:30 03[ENC]   parsing rule 15 HEADER_LENGTH
Nov  1 09:22:30 03[ENC] parsing HEADER payload finished
Nov  1 09:22:30 03[ENC] parsed a ID_PROT message header
Nov  1 09:22:30 03[NET] waiting for data on sockets
Nov  1 09:22:30 06[MGR] checkout IKEv1 SA by message with SPIs 4eae2998944693c4_i 0000000000000000_r
Nov  1 09:22:30 06[MGR] created IKE_SA (unnamed)[1]
Nov  1 09:22:30 06[NET] <1> received packet: from 192.168.10.63[500] to 192.168.10.2[500] (408 bytes)
Nov  1 09:22:30 06[ENC] <1> parsing body of message, first payload is SECURITY_ASSOCIATION_V1
Nov  1 09:22:30 06[ENC] <1> starting parsing a SECURITY_ASSOCIATION_V1 payload
Nov  1 09:22:30 06[ENC] <1> parsing SECURITY_ASSOCIATION_V1 payload, 380 bytes left
Nov  1 09:22:30 06[ENC] <1>   parsing rule 0 U_INT_8
Nov  1 09:22:30 06[ENC] <1>   parsing rule 1 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 2 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 3 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 4 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 5 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 6 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 7 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 8 RESERVED_BIT
Nov  1 09:22:30 06[ENC] <1>   parsing rule 9 PAYLOAD_LENGTH
Nov  1 09:22:30 06[ENC] <1>   parsing rule 10 U_INT_32
Nov  1 09:22:30 06[ENC] <1>   parsing rule 11 U_INT_32
Nov  1 09:22:30 06[ENC] <1>   parsing rule 12 (1259)
Nov  1 09:22:30 06[ENC] <1>   200 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE_V1
Nov  1 09:22:30 06[ENC] <1> parsing PROPOSAL_SUBSTRUCTURE_V1 payload, 368 bytes left

Nov  1 09:22:30 06[ENC] <1> verifying message structure
Nov  1 09:22:30 06[ENC] <1> found payload of type SECURITY_ASSOCIATION_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> found payload of type VENDOR_ID_V1
Nov  1 09:22:30 06[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov  1 09:22:30 06[CFG] <1> looking for an IKEv1 config for 192.168.10.2...192.168.10.63
Nov  1 09:22:30 06[IKE] <1> no IKE config found for 192.168.10.2...192.168.10.63, sending NO_PROPOSAL_CHOSEN
Nov  1 09:22:30 06[ENC] <1> added payload of type NOTIFY_V1 to message
Nov  1 09:22:30 06[ENC] <1> order payloads in message
Nov  1 09:22:30 06[ENC] <1> added payload of type NOTIFY_V1 to message
Nov  1 09:22:30 06[ENC] <1> generating INFORMATIONAL_V1 request 1923549718 [ N(NO_PROP) ]
Nov  1 09:22:30 06[ENC] <1> not encrypting payloads
Nov  1 09:22:30 06[ENC] <1> generating payload of type HEADER

Nov  1 09:22:30 06[ENC] <1>   generating rule 15 CHUNK_DATA
Nov  1 09:22:30 06[ENC] <1> generating NOTIFY_V1 payload finished
Nov  1 09:22:30 06[NET] <1> sending packet: from 192.168.10.2[500] to 192.168.10.63[500] (40 bytes)
Nov  1 09:22:30 06[MGR] <1> checkin and destroy IKE_SA (unnamed)[1]
Nov  1 09:22:30 06[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => DESTROYING
Nov  1 09:22:30 06[MGR] checkin and destroy of IKE_SA successful
Nov  1 09:22:30 04[NET] sending packet: from 192.168.10.2[500] to 192.168.10.63[500]
Nov  1 09:22:31 03[NET] received packet: from 192.168.10.63[500] to 192.168.10.2[500]
Nov  1 09:22:31 03[ENC] parsing header of message
Nov  1 09:22:31 03[ENC] parsing HEADER payload, 408 bytes left
Nov  1 09:22:31 03[ENC]   parsing rule 0 IKE_SPI
Nov  1 09:22:31 03[ENC]   parsing rule 1 IKE_SPI
Nov  1 09:22:31 03[ENC]   parsing rule 2 U_INT_8
Nov  1 09:22:31 03[ENC]   parsing rule 3 U_INT_4
Nov  1 09:22:31 03[ENC]   parsing rule 4 U_INT_4
Nov  1 09:22:31 03[ENC]   parsing rule 5 U_INT_8
Nov  1 09:22:31 03[ENC]   parsing rule 6 RESERVED_BIT
Nov  1 09:22:31 03[ENC]   parsing rule 7 RESERVED_BIT
Nov  1 09:22:31 03[ENC]   parsing rule 8 FLAG
Nov  1 09:22:31 03[ENC]   parsing rule 9 FLAG
Nov  1 09:22:31 03[ENC]   parsing rule 10 FLAG
Nov  1 09:22:31 03[ENC]   parsing rule 11 FLAG
Nov  1 09:22:31 03[ENC]   parsing rule 12 FLAG
Nov  1 09:22:31 03[ENC]   parsing rule 13 FLAG
Nov  1 09:22:31 03[ENC]   parsing rule 14 U_INT_32
Nov  1 09:22:31 03[ENC]   parsing rule 15 HEADER_LENGTH
Nov  1 09:22:31 03[ENC] parsing HEADER payload finished
Nov  1 09:22:31 03[ENC] parsed a ID_PROT message header
Nov  1 09:22:31 03[NET] waiting for data on sockets
Nov  1 09:22:31 05[MGR] checkout IKEv1 SA by message with SPIs 4eae2998944693c4_i 0000000000000000_r
Nov  1 09:22:31 05[MGR] created IKE_SA (unnamed)[2]
Nov  1 09:22:31 05[NET] <2> received packet: from 192.168.10.63[500] to 192.168.10.2[500] (408 bytes)
Nov  1 09:22:31 05[ENC] <2> parsing body of message, first payload is SECURITY_ASSOCIATION_V1
Nov  1 09:22:31 05[ENC] <2> starting parsing a SECURITY_ASSOCIATION_V1 payload
Nov  1 09:22:31 05[ENC] <2> parsing SECURITY_ASSOCIATION_V1 payload, 380 bytes left
Nov  1 09:22:31 05[ENC] <2>   parsing rule 0 U_INT_8

Nov  1 09:25:22 00[DMN] SIGINT received, shutting down
Nov  1 09:25:22 00[MGR] going to destroy IKE_SA manager and all managed IKE_SAs
Nov  1 09:25:22 00[MGR] wait for threads to leave IKE_SAs and delete and destroy them
Nov  1 09:25:22 03[JOB] terminated worker thread 03
Nov  1 09:25:22 04[JOB] terminated worker thread 04

Надеюсь на вас, уже опускаются руки.

←	Перезагружается сервис

Настройка iptables для Wireguard

→

Nov 1 09:22:30 06[IKE] <1> no IKE config found for 192.168.10.2...192.168.10.63, sending NO_PROPOSAL_CHOSEN

anc ★★★★★
(01.11.24 12:23:57 MSK)

Ответ на: комментарий от anc 01.11.24 12:23:57 MSK

Я посмотрел через wareshark и добавил aes-cbc,3des-cbc не помогло

SmiMax
(01.11.24 12:38:20 MSK) автор топика

Ответ на: комментарий от SmiMax 01.11.24 12:38:20 MSK

Есть лог, как это «не помогло» и строка с sending NO_PROPOSAL_CHOSEN пропала, а появилось что-то другое?

BOOBLIK ★★★★
(01.11.24 12:54:53 MSK)

Ответ на: комментарий от SmiMax 01.11.24 12:38:20 MSK

Я посмотрел через wareshark

Вы бы ещё через форточку посмотрели.

и добавил aes-cbc,3des-cbc не помогло

А логи вы конечно не посмотрели и нам не покажите.

anc ★★★★★
(01.11.24 12:55:12 MSK)

Ответ на: комментарий от BOOBLIK 01.11.24 12:54:53 MSK

Я эту ошибку уже видел и как я понял, что это из-за того, что алгоритмы, настроенные на паре VPN-шлюзов, не совпадают.

Я посмотрел какие параметры ike отправляет клиент на сервер и добавил их но это не помогло Этот лог последний после всех добавлений

SmiMax
(01.11.24 13:01:11 MSK) автор топика

Ответ на: комментарий от SmiMax 01.11.24 13:01:11 MSK

Вот если что ссылка на дамп https://disk.yandex.ru/d/DgvFL2llqw-GvA

SmiMax
(01.11.24 13:15:35 MSK) автор топика

Ответ

Проблема заключается в том, что клиент Windows предлагает слабую группу Диффи-Хеллмана (DH) (1024-битный MODP). Эта группа больше не используется в strongSwan, если только пользователь не настроит её явно.

Чтобы решить эту проблему, добавьте предложенную слабую группу DH (1024-битный MODP) в предложение IKE на сервере. Например, настройте что-то вроде:

ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024

Это добавит её в конец, что позволит другим клиентам использовать более надёжные группы DH.

SmiMax
(01.11.24 15:33:33 MSK) автор топика

Ответ на: комментарий от SmiMax 01.11.24 15:33:33 MSK

Для корректной настройки VPN-соединения в Windows 10 необходимо внести изменения в реестр.

Используйте следующие команды:

reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSec /t REG_DWORD /d 0x0 /f

Первая команда добавляет недостающий параметр в реестр (актуально для Windows Vista/7/8/10), позволяя устанавливать VPN-соединение даже если и сервер, и клиент находятся за NAT.

Вторая команда включает поддержку IPsec для работы VPN.

После внесения изменений перезагрузите компьютер для их применения.

SmiMax
(02.11.24 10:53:37 MSK) автор топика

Ответ на: комментарий от SmiMax 02.11.24 10:53:37 MSK

linux.org.ru

Спасибо за мануалы по настройке Windows.

BOOBLIK ★★★★
(02.11.24 18:25:21 MSK)

←	Перезагружается сервис

Admin