以下を参考にすでに運用しているWEBサーバーをVPNサーバーにしようとしています。
https://qiita.com/nukopoint/items/45f32180af93db91b150
しかし、エラーが表示され進まない状態です。
お力添えいただければと思います
接続しようとすると以下のエラーがmacで表示されています。
「通信装置によって接続を解除されました。接続をしなおしてください。それでも問題が解決しない場合は、設定を確認してください。」
サーバー側では以下エラーが出力されています。
/var/log/openswan.log
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: responding to Main Mode from unknown peer {{ip}}
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Dec 5 15:02:45: | ISAKMP Notification Payload
Dec 5 15:02:45: | 00 00 00 1c 00 00 00 01 01 10 60 02
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: Main mode peer ID is ID_IPV4_ADDR: '{{ip}}'
Dec 5 15:02:45: "L2TP-PSK-NAT"[7] {{ip}} #7: switched from "L2TP-PSK-NAT"[7] {{ip}} to "L2TP-PSK-NAT"
Dec 5 15:02:45: "L2TP-PSK-NAT"[8] {{ip}} #7: deleting connection "L2TP-PSK-NAT"[7] {{ip}} instance with peer {{ip}} {isakmp=#0/ipsec=#0}
Dec 5 15:02:45: "L2TP-PSK-NAT"[8] {{ip}} #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 5 15:02:45: "L2TP-PSK-NAT"[8] {{ip}} #7: new NAT mapping for #7, was {{ip}}:44480, now {{ip}}:44928
Dec 5 15:02:45: "L2TP-PSK-NAT"[8] {{ip}} #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha2_256 group=MODP2048}
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #7: the peer proposed: {{ip}}/32:17/1701 -> {{ip}}/32:17/0
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #7: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: responding to Quick Mode proposal {msgid:f58b7dfb}
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: us: {{ip}}:17/1701
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: them: {{ip}}[{{ip}}]:17/54850==={{ip}}/0
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x0dc555ba <0x88c2659d xfrm=AES_256-HMAC_SHA1 NATOA={{ip}} NATD={{ip}}:44928 DPD=active}
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #8: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0dc555ba <0x88c2659d xfrm=AES_256-HMAC_SHA1 NATOA={{ip}} NATD={{ip}}:44928 DPD=active}
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #7: received Delete SA(0x0dc555ba) payload: deleting IPSEC State #8
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #7: deleting other state #8 (STATE_QUICK_R2) "L2TP-PSK-NAT"[8] {{ip}}
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}} #7: ESP traffic information: in=153B out=88B
Dec 5 15:02:46: "L2TP-PSK-NAT" #7: deleting state (STATE_MAIN_R3)
Dec 5 15:02:46: "L2TP-PSK-NAT"[8] {{ip}}: deleting connection "L2TP-PSK-NAT"[8] {{ip}} instance with peer {{ip}} {isakmp=#0/ipsec=#0}
Dec 5 15:02:46: packet from {{ip}}:44928: received and ignored empty informational notification payload
以下にはなにも出力されていません。
/var/log/xl2tpd.log
sudo ipsec verifyを実行すると以下が出力されます
Version check and ipsec on-path [OK]
Libreswan 3.20 (netkey) on 3.10.0-514.21.1.el7.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
sudo ipsec status
000 "v6neighbor-hole-out": our auth:unset, their auth:unset
000 "v6neighbor-hole-out": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "v6neighbor-hole-out": labeled_ipsec:no;
000 "v6neighbor-hole-out": policy_label:unset;
000 "v6neighbor-hole-out": ike_life: 0s; ipsec_life: 0s; replay_window: 0; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;
000 "v6neighbor-hole-out": retransmit-interval: 0ms; retransmit-timeout: 0s;
000 "v6neighbor-hole-out": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "v6neighbor-hole-out": policy: PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEGOTIATE;
000 "v6neighbor-hole-out": conn_prio: 0,0; interface: lo; metric: 0; mtu: unset; sa_prio:1; sa_tfc:none;
000 "v6neighbor-hole-out": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "v6neighbor-hole-out": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 Total IPsec connections: loaded 4, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000
000 Bare Shunt list:
000
VPNの設定自体が初めてのため、足りない情報があれば言ってください。
よろしくお願い致します。
回答1件
あなたの回答
tips
プレビュー