webporoh
@webporoh
Бывший Сисадмин, начинающий программист...

Почему возникает ошибка 789?

Доброго времени суток.
Не могу понять почему не работает xl2tpd + openswan...
Есть 2 системы (оба сервера на debian 9.5), одну настраивал давно и она работает, а теперь купил vps вне россии, делаю всё по той же инструкции, но ничего не работает.
До проверки логина\пароля не доходит и вылетает ошибка 789.
Помогите разобраться.

my_ext_ip - это мой внешний IP сервера
файлы конфигураций:
/etc/ipsec.conf
config setup
 nat_traversal = yes
 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
 oe=off
 protostack=netkey
 nhelpers=0
conn L2TP-PSK-NAT
 rightsubnet=vhost:%priv
 also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
 authby=secret
 pfs=no
 auto=add
 keyingtries=3
 rekey=no
 dpddelay=30
 dpdtimeout=120
 dpdaction=clear
 ikelifetime=8h
 keylife=1h
 type=transport
 left=my_ext_ip
 leftprotoport=17/1701
 right=%any
 rightprotoport=17/%any
 forceencaps=yes
/etc/ipsec.secret
my_ext_ip %any: PSK "my_pass"
/etc/sysctl.conf
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.ens3.send_redirects = 0
net.ipv4.conf.ens3.accept_redirects = 0
/etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = my_ext_ip
port = 1701
ipsec saref = no
debug tunnel = yes
debug avp = yes
debug packet = yes
debug network = yes
debug state = yes
auth file = /etc/ppp/chap-secrets
;
[lns default]
ip range = 172.16.254.1-172.16.254.253 ; Диапазон IP-адресов, которые выдаются подключающимся клиентам
local ip = 172.16.254.254 ; Локальный IP-адрес сервера для VPN-клиентов
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
name = VPN
assign ip = yes
/etc/ppp/chap-secrets.conf
webporoh        VPN     my_pass   *
test     VPN     testtest        *
/etc/ppp/options.xl2tpd
require-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
idle 1800
mtu 1200
mru 1200
lock
hide-password
local
debug
name VPN
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
grep pluto /var/log/auth.log
root@he3apa3a:~# grep pluto /var/log/auth.log
Sep 26 08:53:42 he3apa3a ipsec__plutorun: Starting Pluto subsystem...
Sep 26 08:53:42 he3apa3a pluto[20631]: Starting Pluto (Openswan Version 2.6.50.1; Vendor ID OSWI~E[im}hv) pid:20631
Sep 26 08:53:42 he3apa3a pluto[20631]: LEAK_DETECTIVE support [disabled]
Sep 26 08:53:42 he3apa3a pluto[20631]: OCF support for IKE [disabled]
Sep 26 08:53:42 he3apa3a pluto[20631]: SAref support [disabled]: Protocol not available
Sep 26 08:53:42 he3apa3a pluto[20631]: SAbind support [disabled]: Protocol not available
Sep 26 08:53:42 he3apa3a pluto[20631]: NSS support [disabled]
Sep 26 08:53:42 he3apa3a pluto[20631]: HAVE_STATSD notification support not compiled in
Sep 26 08:53:42 he3apa3a pluto[20631]: Setting NAT-Traversal port-4500 floating to on
Sep 26 08:53:42 he3apa3a pluto[20631]:    port floating activation criteria nat_t=1/port_float=1
Sep 26 08:53:42 he3apa3a pluto[20631]:    NAT-Traversal support  [enabled]
Sep 26 08:53:42 he3apa3a pluto[20631]: using /dev/urandom as source of random entropy
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Sep 26 08:53:42 he3apa3a pluto[20631]: no helpers will be started, all cryptographic operations will be done inline
Sep 26 08:53:42 he3apa3a pluto[20631]: Using Linux XFRM/NETKEY IPsec interface code on 4.9.0-6-amd64
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 08:53:42 he3apa3a pluto[20631]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Sep 26 08:53:42 he3apa3a pluto[20631]: adding connection: "L2TP-PSK-NAT"
Sep 26 08:53:42 he3apa3a pluto[20631]: adding connection: "L2TP-PSK-noNAT"
Sep 26 08:53:42 he3apa3a pluto[20631]: listening for IKE messages
Sep 26 08:53:42 he3apa3a pluto[20631]: adding interface ens3/ens3 my_ext_ip:500 (AF_INET)
Sep 26 08:53:42 he3apa3a pluto[20631]: adding interface ens3/ens3 my_ext_ip:4500
Sep 26 08:53:42 he3apa3a pluto[20631]: adding interface lo/lo 127.0.0.1:500 (AF_INET)
Sep 26 08:53:42 he3apa3a pluto[20631]: adding interface lo/lo 127.0.0.1:4500
Sep 26 08:53:42 he3apa3a pluto[20631]: adding interface lo/lo ::1:500 (AF_INET6)
Sep 26 08:53:42 he3apa3a pluto[20631]: loading secrets from "/etc/ipsec.secrets"
Sep 26 09:52:47 he3apa3a ipsec__plutorun: Starting Pluto subsystem...
Sep 26 09:52:47 he3apa3a pluto[3983]: Starting Pluto (Openswan Version 2.6.50.1; Vendor ID OSWI~E[im}hv) pid:3983
Sep 26 09:52:47 he3apa3a pluto[3983]: LEAK_DETECTIVE support [disabled]
Sep 26 09:52:47 he3apa3a pluto[3983]: OCF support for IKE [disabled]
Sep 26 09:52:47 he3apa3a pluto[3983]: SAref support [disabled]: Protocol not available
Sep 26 09:52:47 he3apa3a pluto[3983]: SAbind support [disabled]: Protocol not available
Sep 26 09:52:47 he3apa3a pluto[3983]: NSS support [disabled]
Sep 26 09:52:47 he3apa3a pluto[3983]: HAVE_STATSD notification support not compiled in
Sep 26 09:52:47 he3apa3a pluto[3983]: Setting NAT-Traversal port-4500 floating to on
Sep 26 09:52:47 he3apa3a pluto[3983]:    port floating activation criteria nat_t=1/port_float=1
Sep 26 09:52:47 he3apa3a pluto[3983]:    NAT-Traversal support  [enabled]
Sep 26 09:52:47 he3apa3a pluto[3983]: using /dev/urandom as source of random entropy
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Sep 26 09:52:47 he3apa3a pluto[3983]: no helpers will be started, all cryptographic operations will be done inline
Sep 26 09:52:47 he3apa3a pluto[3983]: Using Linux XFRM/NETKEY IPsec interface code on 4.9.0-8-amd64
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Sep 26 09:52:47 he3apa3a pluto[3983]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Sep 26 09:52:47 he3apa3a pluto[3983]: adding connection: "L2TP-PSK-NAT"
Sep 26 09:52:47 he3apa3a pluto[3983]: adding connection: "L2TP-PSK-noNAT"
Sep 26 09:52:47 he3apa3a pluto[3983]: listening for IKE messages
Sep 26 09:52:47 he3apa3a pluto[3983]: adding interface ens3/ens3 my_ext_ip:500 (AF_INET)
Sep 26 09:52:47 he3apa3a pluto[3983]: adding interface ens3/ens3 my_ext_ip:4500
Sep 26 09:52:47 he3apa3a pluto[3983]: adding interface lo/lo 127.0.0.1:500 (AF_INET)
Sep 26 09:52:47 he3apa3a pluto[3983]: adding interface lo/lo 127.0.0.1:4500
Sep 26 09:52:47 he3apa3a pluto[3983]: adding interface lo/lo ::1:500 (AF_INET6)
Sep 26 09:52:47 he3apa3a pluto[3983]: loading secrets from "/etc/ipsec.secrets"

Все настройки на обоих серверах идентичны, но к одному подключаюсь за считанные секунды, а к этому не могу никак подключиться...
Подскажите куда копать...
  • Вопрос задан
  • 1122 просмотра
Пригласить эксперта
Ответы на вопрос 1
pavelcarcass
@pavelcarcass
ИТ-менеджер из г. Иркутска
Фикс ошибки 789 в Windows 7:

REGEDIT4
[HKEY_LOCAL_MACHINESystemCurrentControlSetServicesRasmanParameters]  
"ProhibitIpSec"=dword:00000001
"AllowL2TPWeakCrypto"=dword:00000001
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы