potrzebuje uruchomic polaczenie vpn w mojej firmie
a dokladnie 2 rodzaje
1. polaczenia dla pracownikow firmy by mogli latwo dostac sie do zasobow sieciowych chcialem uruchomic ipsec/l2tp
2. polaczenie z siecia firmy zewnetrzen z ktora wsolpracujemy ipsec net-to-net
postanowilem uzyc do tego OpenSwan
ale napotkalem pewien problem
gdy w pliku ipsec.conf w sekcji conn dodam auto=add
to po restarcie otrzymuje komunikat
ponizej moja konfiguracjiaSegmentation fault (core dumped)
failed to start openswan IKE daemon - the following error occured:
/etc/ipsec.conf
/etc/ipsec.secretsversion 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=auto
conn l2tp-psk
left=xxx.xxx.xxx.xxx #moje zewnetrzne ip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
pfs=no
rekey=no
type=transport
authby=secret
auto=add
/etc/xl2tpd/xl2tpd.confinclude /var/lib/openswan/ipsec.secrets.inc
xxx.xxx.xxx.xxx %any: PSK "1q2w3e4r5t6y7u8i"
/etc/xl2tpd/l2tp-secrets[global]
port = 1701
ipsec saref = yes
debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
auth file = /etc/xl2tpd/l2tp-secrets
[lns default]
ip range = 192.168.100.10-192.168.100.254
local ip = 192.168.100.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/options.xl2tpd# Secrets for authenticating l2tp tunnels
# us them secret
# * marko blah2
# zeus marko blah
# * * interop
user1 * Pa$$word *
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 209.139.209.33
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4