LINUX.ORG.RU

Сообщения ookawaiikoto

 

L2TP over IPsec с использованием сертификатов

Я пытаюсь сделать L2TP over IPsec vpn с использованием сертификатов, с PSK у меня все получилось.

Сертификаты делал как в этой статье: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-20-04-ru

Мой ipsec.conf:

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no


conn L2TPServer
        type=transport
        keyingtries=1
        left=5.63.159.153
        leftprotoport=udp/1701

#       authby=secret
        leftcert=server-cert.pem
        leftsendcert=always
        leftid=*.*.*.*
        keyexchange=ikev1
        rightrsasigkey=%cert

        right=%any
        rightprotoport=udp/%any
        auto=add

ipsec.secrets:

: RSA "server-key.pem"

Логи с ошибкой:

Apr 23 17:08:21 5-63-159-153 charon: 07[NET] received packet: from 188.170.86.198[12966] to *.*.*.*[500] (408 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Apr 23 17:08:21 5-63-159-153 charon: 07[ENC] received unknown vendor ID: 01:52:8b:00:00:00:01
Apr 23 17:08:21 5-63-159-153 charon: 07[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 07[IKE] received FRAGMENTATION vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 07[ENC] received unknown vendor ID: fb:1d:e3:c:b7:e5:be:08:55:f1:20
Apr 23 17:08:21 5-63-159-153 charon: 07[ENC] received unknown vendor ID: 26:24:4d:38:e3:d0:cf:b8:19
Apr 23 17:08:21 5-63-159-153 charon: 07[ENC] received unknown vendor ID: e3:a5:96:6a:722:82:31:e5:ce:86:52
Apr 23 17:08:21 5-63-159-153 charon: 07[IKE] 188.170.86.198 is initiating a Main Mode IKE_SA
Apr 23 17:08:21 5-63-159-153 charon: 07[ENC] generating ID_PROT response 0 [ SA V V V V ]
Apr 23 17:08:21 5-63-159-153 charon: 07[NET] sending packet: from *.*.*.*[500] to 188.170.86.198[12966] (160 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 08[NET] received packet: from 188.170.86.198[12966] to *.*.*.*[500] (228 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 23 17:08:21 5-63-159-153 charon: 08[IKE] remote host is behind NAT
Apr 23 17:08:21 5-63-159-153 charon: 08[IKE] sending cert request for "CN=VPN root CA"
Apr 23 17:08:21 5-63-159-153 charon: 08[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
Apr 23 17:08:21 5-63-159-153 charon: 08[NET] sending packet: from *.*.*.*[500] to 188.170.86.198[12966] (241 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 09[NET] received packet: from 188.170.86.198[12966] to *.*.*.*[500] (408 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Apr 23 17:08:21 5-63-159-153 charon: 09[ENC] received unknown vendor ID: 01:52:8b:bb:96:129:ab:9a:1c:5b
Apr 23 17:08:21 5-63-159-153 charon: 09[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 09[IKE] received FRAGMENTATION vendor ID
Apr 23 17:08:21 5-63-159-153 charon: 09[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:be:08:55:f1:20
Apr 23 17:08:21 5-63-159-153 charon: 09[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:63:d0:cf:b8:19
Apr 23 17:08:21 5-63-159-153 charon: 09[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7e5:ce:86:52
Apr 23 17:08:21 5-63-159-153 charon: 09[IKE] 188.170.86.198 is initiating a Main Mode IKE_SA
Apr 23 17:08:21 5-63-159-153 charon: 09[ENC] generating ID_PROT response 0 [ SA V V V V ]
Apr 23 17:08:21 5-63-159-153 charon: 09[NET] sending packet: from *.*.*.*[500] to 188.170.86.198[12966] (160 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 10[NET] received packet: from 188.170.86.198[20725] to *.*.*.*[4500] (92 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 10[ENC] parsed INFORMATIONAL_V1 request 2213899583 [ HASH N((28)) ]
Apr 23 17:08:21 5-63-159-153 charon: 10[IKE] received (28) error notify
Apr 23 17:08:21 5-63-159-153 charon: 11[NET] received packet: from 188.170.86.198[12966] to *.*.*.*[500] (228 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 23 17:08:21 5-63-159-153 charon: 11[IKE] remote host is behind NAT
Apr 23 17:08:21 5-63-159-153 charon: 11[IKE] sending cert request for "CN=VPN root CA"
Apr 23 17:08:21 5-63-159-153 charon: 11[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
Apr 23 17:08:21 5-63-159-153 charon: 11[NET] sending packet: from *.*.*.* [500] to 188.170.86.198[12966] (241 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 12[NET] received packet: from 188.170.86.198[20725] to *.*.*.*[4500] (92 bytes)
Apr 23 17:08:21 5-63-159-153 charon: 12[ENC] parsed INFORMATIONAL_V1 request 1129329395 [ HASH N((28)) ]
Apr 23 17:08:21 5-63-159-153 charon: 12[IKE] received (28) error notify

Я просто не понимаю где у меня ошибка, просто какой-то error notify.

Еще не понимаю какой тип данных для входа выбирать на винде в vpn подключениях, логин и пароль или сертификат, я выбираю логин и пароль, ведь вход у меня идет черех секреты в xl2tpd.

 , , ,

ookawaiikoto
()

Что значит второй столбец вывода ls для каталога

Для обычных файлов это количество жеск ссылок, а для директорий это что?

drwxr-xr-x  83 root root      4096 Feb 11 13:13 etc

 ,

ookawaiikoto
()

нет iptables.service

iptables установлена, но я не могу включить ее через service:

iptables.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

может еще что-то нужно установить?

 ,

ookawaiikoto
()

Нет каталогов sites-available и sites-enabled

Нет каталогов sites-available и sites-enabled

Их нет с коробки потому что они устарели? И сейчас уже не принято?

Или их принято создавать самим?

Как делать лучше, лаконичнее поступать, прописывать сервера в nginx.conf или использовать sites-available и sites-enabled?

 ,

ookawaiikoto
()

nginx, не работаю стили css

Не работают стили css в nginx

Использую обычный шаблон с bootstrap, mime.types ипортирую

nginx.conf:

}

http {
        include /etc/nginx/mime.types;

        server {
                listen 80;
                server_name 192.168.0.228;
                root /var/www/sign-in;
        }
}

curl -I http://192.168.0.228/signin.css

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 21 Oct 2020 16:17:27 GMT
Content-Type: text/css
Content-Length: 767
Last-Modified: Wed, 21 Oct 2020 16:11:58 GMT
Connection: keep-alive
ETag: "5f905dce-2ff"
Accept-Ranges: bytes

 , , , ,

ookawaiikoto
()

RSS подписка на новые темы