Добрый день!
Прошу помощи в новой для меня тематике. Поставил себе цель - поднять l2tp сервер на ubuntu. На VPS с Ubuntu 12.04 LTS был установлен OpenSwan и XL2TPD. Производил установку по следующему алгоритму. Проблема №1: команда ipsec verify выдаёт ошибку
Checking for 'iptables' command [FAILED]
/etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey
conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no # Apple iOS doesn't send delete notify so we need dead peer detection # to detect vanishing clients dpddelay=30 dpdtimeout=120 dpdaction=clear # Set ikelifetime and keylife to same defaults windows has ikelifetime=8h keylife=1h type=transport # Replace IP address with your local IP (private, behind NAT IP is okay as well) left=%внешний_ip% # For updated Windows 2000/XP clients, # to support old clients as well, use leftprotoport=17/%any leftprotoport=17/1701 right=%any rightprotoport=17/%any #force all to be nat'ed. because of iOS forceencaps=yes
/etc/init.d/ipsec.vpn
case «$1» in start) echo «Starting my Ipsec VPN» iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done /etc/init.d/ipsec start /etc/init.d/xl2tpd start ;; stop) echo «Stopping my Ipsec VPN» iptables --table nat --flush echo 0 > /proc/sys/net/ipv4/ip_forward /etc/init.d/ipsec stop /etc/init.d/xl2tpd stop ;; restart) echo «Restarting my Ipsec VPN» iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done /etc/init.d/ipsec restart /etc/init.d/xl2tpd restart ;; *) echo «Usage: /etc/init.d/ipsec.vpn {start|stop|restart}» exit 1 ;; esac
Вывод ifconfig (если это важно)
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:%внешний_ip% Bcast:XXX.XXX.XXX.XXX Mask:255.255.255.128 inet6 addr: XXXX::XXX:XXXX:XXXX:XXXX/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46173 errors:0 dropped:0 overruns:0 frame:0 TX packets:15547 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23546730 (23.5 MB) TX bytes:3449417 (3.4 MB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Вопрос №1 - как эту ошибку побороть и на сколько она критична? P.S. Почему-то не сумел справиться с тегом [cut]...
