cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (CLOUDSTACK-9943) Remote access VPN fails to establish from Windows Machine.
Date Thu, 29 Jun 2017 05:52:00 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-9943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jayapal Reddy reassigned CLOUDSTACK-9943:
-----------------------------------------

    Assignee: Jayapal Reddy

> Remote access VPN fails to establish from Windows Machine.
> ----------------------------------------------------------
>
>                 Key: CLOUDSTACK-9943
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9943
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.10.0.0
>            Reporter: DeepthiMachiraju
>            Assignee: Jayapal Reddy
>            Priority: Blocker
>              Labels: pvr
>             Fix For: 4.10.0.0
>
>         Attachments: management-server.log
>
>
> - Create an isolated Network N1 and deploy a VM.
> - On the Source Nat IP enable Remote Access VPN.
> - Configure the VPN connection from a window machine by providing the Public IP of VR
, TYpe of VPN : L2TP / IPSec and provide preshared key for authentication.
> - Try connecting by providing the VPN users details.
> Observation : 
> Remote access VPn fails to establish .
> ==============================================
> Please find the relevant logs below :
> root@r-42-VM:/etc/cloudstack# ipsec --version
> Linux strongSwan U5.2.1/K3.2.0-4-amd64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> ===================================================
> root@r-42-VM:/etc/cloudstack# ipsec status
> Security Associations (0 up, 0 connecting):
>   none
> ====================auth.log==========================
> Jun  6 09:54:44 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main Mode IKE_SA
> Jun  6 09:54:44 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[1] established between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> Jun  6 09:54:44 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c217d307_i
dc6d5497_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:44 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{1} established with SPIs cbeda395_i
21bba84d_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:44 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c217d307_i
(0 bytes) dc6d5497_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:47 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c9a8105d_i
28d44ba0_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:47 r-42-VM charon: 13[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs cbeda395_i
(0 bytes) 21bba84d_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:51 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{1} established with SPIs ccd1db39_i
17c5c576_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:51 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c9a8105d_i
(0 bytes) 28d44ba0_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:59 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c3dcf5e4_i
40af5f4d_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:54:59 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs ccd1db39_i
(0 bytes) 17c5c576_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session opened for user root
by (uid=0)
> Jun  6 09:55:01 r-42-VM CRON[8238]: pam_unix(cron:session): session closed for user root
> Jun  6 09:55:09 r-42-VM charon: 16[IKE] CHILD_SA L2TP-PSK{1} established with SPIs c8d60ec4_i
f675adb5_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:09 r-42-VM charon: 05[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c3dcf5e4_i
(0 bytes) 40af5f4d_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:19 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{1} with SPIs c8d60ec4_i
(0 bytes) f675adb5_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:55:19 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[1] between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> ====================auth.log==========================
> IPsec status when ike is established : 
> root@r-42-VM:/etc/cloudstack# ipsec status
> Security Associations (1 up, 0 connecting):
>     L2TP-PSK[3]: ESTABLISHED 31 seconds ago, 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
>     L2TP-PSK{3}:  INSTALLED, TRANSPORT, ESP in UDP SPIs: c6066660_i a020e46f_o
>     L2TP-PSK{3}:   10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> ====================daemon.log=======================
> Jun  6 09:57:03 r-42-VM charon: 14[NET] received packet: from 10.233.89.32[500] to 10.147.30.117[500]
(384 bytes)
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor
ID
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] received FRAGMENTATION vendor ID
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
> Jun  6 09:57:03 r-42-VM charon: 14[IKE] 10.233.89.32 is initiating a Main Mode IKE_SA
> Jun  6 09:57:03 r-42-VM charon: 14[ENC] generating ID_PROT response 0 [ SA V V V ]
> Jun  6 09:57:03 r-42-VM charon: 14[NET] sending packet: from 10.147.30.117[500] to 10.233.89.32[500]
(136 bytes)
> Jun  6 09:57:03 r-42-VM charon: 15[NET] received packet: from 10.233.89.32[500] to 10.147.30.117[500]
(388 bytes)
> Jun  6 09:57:03 r-42-VM charon: 15[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D
]
> Jun  6 09:57:03 r-42-VM charon: 15[IKE] faking NAT situation to enforce UDP encapsulation
> Jun  6 09:57:03 r-42-VM charon: 15[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D
]
> Jun  6 09:57:03 r-42-VM charon: 15[NET] sending packet: from 10.147.30.117[500] to 10.233.89.32[500]
(372 bytes)
> Jun  6 09:57:03 r-42-VM charon: 16[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:03 r-42-VM charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH ]
> Jun  6 09:57:03 r-42-VM charon: 16[CFG] looking for pre-shared key peer configs matching
10.147.30.117...10.233.89.32[10.233.89.32]
> Jun  6 09:57:03 r-42-VM charon: 16[CFG] selected peer config "L2TP-PSK"
> Jun  6 09:57:03 r-42-VM charon: 16[IKE] IKE_SA L2TP-PSK[2] established between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> Jun  6 09:57:03 r-42-VM charon: 16[ENC] generating ID_PROT response 0 [ ID HASH ]
> Jun  6 09:57:03 r-42-VM charon: 16[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(76 bytes)
> Jun  6 09:57:03 r-42-VM charon: 04[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(332 bytes)
> Jun  6 09:57:03 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID
NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 04[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:03 r-42-VM charon: 04[IKE] received 250000000 lifebytes, configured 0
> Jun  6 09:57:03 r-42-VM charon: 04[ENC] generating QUICK_MODE response 1 [ HASH SA No
ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 04[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(204 bytes)
> Jun  6 09:57:03 r-42-VM charon: 03[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(60 bytes)
> Jun  6 09:57:03 r-42-VM charon: 03[ENC] parsed QUICK_MODE request 1 [ HASH ]
> Jun  6 09:57:03 r-42-VM charon: 03[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cbff1661_i
9c25b6cc_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:03 r-42-VM charon: 02[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(332 bytes)
> Jun  6 09:57:03 r-42-VM charon: 02[ENC] parsed QUICK_MODE request 2 [ HASH SA No ID ID
NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 02[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:03 r-42-VM charon: 02[IKE] received 250000000 lifebytes, configured 0
> Jun  6 09:57:03 r-42-VM charon: 02[IKE] detected rekeying of CHILD_SA L2TP-PSK{2}
> Jun  6 09:57:03 r-42-VM charon: 02[ENC] generating QUICK_MODE response 2 [ HASH SA No
ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:03 r-42-VM charon: 02[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(204 bytes)
> Jun  6 09:57:03 r-42-VM charon: 01[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(60 bytes)
> Jun  6 09:57:03 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 2 [ HASH ]
> Jun  6 09:57:03 r-42-VM charon: 01[IKE] CHILD_SA L2TP-PSK{2} established with SPIs c25a7f96_i
0abe04de_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:03 r-42-VM charon: 11[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:03 r-42-VM charon: 11[ENC] parsed INFORMATIONAL_V1 request 103224265 [ HASH
D ]
> Jun  6 09:57:03 r-42-VM charon: 11[IKE] received DELETE for ESP CHILD_SA with SPI 9c25b6cc
> Jun  6 09:57:03 r-42-VM charon: 11[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cbff1661_i
(0 bytes) 9c25b6cc_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:06 r-42-VM charon: 06[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(332 bytes)
> Jun  6 09:57:06 r-42-VM charon: 06[ENC] parsed QUICK_MODE request 3 [ HASH SA No ID ID
NAT-OA NAT-OA ]
> Jun  6 09:57:06 r-42-VM charon: 06[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:06 r-42-VM charon: 06[IKE] received 250000000 lifebytes, configured 0
> Jun  6 09:57:06 r-42-VM charon: 06[IKE] detected rekeying of CHILD_SA L2TP-PSK{2}
> Jun  6 09:57:06 r-42-VM charon: 06[ENC] generating QUICK_MODE response 3 [ HASH SA No
ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:06 r-42-VM charon: 06[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(204 bytes)
> Jun  6 09:57:06 r-42-VM charon: 12[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(60 bytes)
> Jun  6 09:57:06 r-42-VM charon: 12[ENC] parsed QUICK_MODE request 3 [ HASH ]
> Jun  6 09:57:06 r-42-VM charon: 12[IKE] CHILD_SA L2TP-PSK{2} established with SPIs c9e9610c_i
83b1c870_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:06 r-42-VM charon: 12[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:06 r-42-VM charon: 12[ENC] parsed INFORMATIONAL_V1 request 1590197566 [
HASH D ]
> Jun  6 09:57:06 r-42-VM charon: 12[IKE] received DELETE for ESP CHILD_SA with SPI 0abe04de
> Jun  6 09:57:06 r-42-VM charon: 12[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs c25a7f96_i
(0 bytes) 0abe04de_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:10 r-42-VM charon: 05[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(332 bytes)
> Jun  6 09:57:10 r-42-VM charon: 05[ENC] parsed QUICK_MODE request 4 [ HASH SA No ID ID
NAT-OA NAT-OA ]
> Jun  6 09:57:10 r-42-VM charon: 05[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:10 r-42-VM charon: 05[IKE] received 250000000 lifebytes, configured 0
> Jun  6 09:57:10 r-42-VM charon: 05[IKE] detected rekeying of CHILD_SA L2TP-PSK{2}
> Jun  6 09:57:10 r-42-VM charon: 05[ENC] generating QUICK_MODE response 4 [ HASH SA No
ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:10 r-42-VM charon: 05[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(204 bytes)
> Jun  6 09:57:10 r-42-VM charon: 04[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(60 bytes)
> Jun  6 09:57:10 r-42-VM charon: 04[ENC] parsed QUICK_MODE request 4 [ HASH ]
> Jun  6 09:57:10 r-42-VM charon: 04[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cffce783_i
16ad4fef_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:10 r-42-VM charon: 03[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:10 r-42-VM charon: 03[ENC] parsed INFORMATIONAL_V1 request 2703531821 [
HASH D ]
> Jun  6 09:57:10 r-42-VM charon: 03[IKE] received DELETE for ESP CHILD_SA with SPI 83b1c870
> Jun  6 09:57:10 r-42-VM charon: 03[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs c9e9610c_i
(0 bytes) 83b1c870_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:18 r-42-VM charon: 01[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(332 bytes)
> Jun  6 09:57:18 r-42-VM charon: 01[ENC] parsed QUICK_MODE request 5 [ HASH SA No ID ID
NAT-OA NAT-OA ]
> Jun  6 09:57:18 r-42-VM charon: 01[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:18 r-42-VM charon: 01[IKE] received 250000000 lifebytes, configured 0
> Jun  6 09:57:18 r-42-VM charon: 01[IKE] detected rekeying of CHILD_SA L2TP-PSK{2}
> Jun  6 09:57:18 r-42-VM charon: 01[ENC] generating QUICK_MODE response 5 [ HASH SA No
ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:18 r-42-VM charon: 01[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(204 bytes)
> Jun  6 09:57:18 r-42-VM charon: 11[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(60 bytes)
> Jun  6 09:57:18 r-42-VM charon: 11[ENC] parsed QUICK_MODE request 5 [ HASH ]
> Jun  6 09:57:18 r-42-VM charon: 11[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cd088e05_i
381bd68f_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:18 r-42-VM charon: 06[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:18 r-42-VM charon: 06[ENC] parsed INFORMATIONAL_V1 request 4078387132 [
HASH D ]
> Jun  6 09:57:18 r-42-VM charon: 06[IKE] received DELETE for ESP CHILD_SA with SPI 16ad4fef
> Jun  6 09:57:18 r-42-VM charon: 06[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cffce783_i
(0 bytes) 16ad4fef_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:28 r-42-VM charon: 14[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(332 bytes)
> Jun  6 09:57:28 r-42-VM charon: 14[ENC] parsed QUICK_MODE request 6 [ HASH SA No ID ID
NAT-OA NAT-OA ]
> Jun  6 09:57:28 r-42-VM charon: 14[IKE] received 3600s lifetime, configured 0s
> Jun  6 09:57:28 r-42-VM charon: 14[IKE] received 250000000 lifebytes, configured 0
> Jun  6 09:57:28 r-42-VM charon: 14[IKE] detected rekeying of CHILD_SA L2TP-PSK{2}
> Jun  6 09:57:28 r-42-VM charon: 14[ENC] generating QUICK_MODE response 6 [ HASH SA No
ID ID NAT-OA NAT-OA ]
> Jun  6 09:57:28 r-42-VM charon: 14[NET] sending packet: from 10.147.30.117[4500] to 10.233.89.32[4500]
(204 bytes)
> Jun  6 09:57:28 r-42-VM charon: 15[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(60 bytes)
> Jun  6 09:57:28 r-42-VM charon: 15[ENC] parsed QUICK_MODE request 6 [ HASH ]
> Jun  6 09:57:28 r-42-VM charon: 15[IKE] CHILD_SA L2TP-PSK{2} established with SPIs cff9a578_i
93dc756b_o and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:28 r-42-VM charon: 16[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:28 r-42-VM charon: 16[ENC] parsed INFORMATIONAL_V1 request 251215099 [ HASH
D ]
> Jun  6 09:57:28 r-42-VM charon: 16[IKE] received DELETE for ESP CHILD_SA with SPI 381bd68f
> Jun  6 09:57:28 r-42-VM charon: 16[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cd088e05_i
(0 bytes) 381bd68f_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:38 r-42-VM charon: 02[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(76 bytes)
> Jun  6 09:57:38 r-42-VM charon: 02[ENC] parsed INFORMATIONAL_V1 request 1078630831 [
HASH D ]
> Jun  6 09:57:38 r-42-VM charon: 02[IKE] received DELETE for ESP CHILD_SA with SPI 93dc756b
> Jun  6 09:57:38 r-42-VM charon: 02[IKE] closing CHILD_SA L2TP-PSK{2} with SPIs cff9a578_i
(0 bytes) 93dc756b_o (0 bytes) and TS 10.147.30.117/32[udp/l2f] === 10.233.89.32/32[udp/l2f]
> Jun  6 09:57:38 r-42-VM charon: 01[NET] received packet: from 10.233.89.32[4500] to 10.147.30.117[4500]
(92 bytes)
> Jun  6 09:57:38 r-42-VM charon: 01[ENC] parsed INFORMATIONAL_V1 request 1398070104 [
HASH D ]
> Jun  6 09:57:38 r-42-VM charon: 01[IKE] received DELETE for IKE_SA L2TP-PSK[2]
> Jun  6 09:57:38 r-42-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[2] between 10.147.30.117[10.147.30.117]...10.233.89.32[10.233.89.32]
> ========================daemon.log=========================
> ========================l2tp.conf============================
> root@r-42-VM:/etc/ipsec.d# cat l2tp.conf
> #ipsec remote access vpn configuration
> conn L2TP-PSK
>         authby=psk
>         pfs=no
>         rekey=no
>         keyingtries=3
>         keyexchange=ikev1
>         forceencaps=yes
>         leftfirewall=yes
>         leftnexthop=%defaultroute
>         type=transport
>         #
>         # ----------------------------------------------------------
>         # The VPN server.
>         #
>         # Allow incoming connections on the external network interface.
>         # If you want to use a different interface or if there is no
>         # defaultroute, you can use:   left=your.ip.addr.ess
>         #
>      left=10.147.30.117
>         #
>         leftprotoport=17/1701
>         # If you insist on supporting non-updated Windows clients,
>         # you can use:    leftprotoport=17/%any
>         #
>         # ----------------------------------------------------------
>         # The remote user(s).
>         #
>         # Allow incoming connections only from this IP address.
>         right=%any
>         # If you want to allow multiple connections from any IP address,
>         # you can use:    right=%any
>         #
>         rightprotoport=17/%any
>         #
>         # ----------------------------------------------------------
>         # Change 'ignore' to 'add' to enable this configuration.
>         #
>         rightsubnetwithin=0.0.0.0/0
>         auto=add
> ========================l2tp.conf============================
> root@r-42-VM:/etc/cloudstack# cat remoteaccessvpn.json
> {
>     "10.147.30.117": {
>         "create": true,
>         "ip_range": "10.1.2.2-10.1.2.8",
>         "local_cidr": "10.1.1.0/24",
>         "local_ip": "10.1.2.1",
>         "preshared_key": "egwnGVGcuGUQ4g4tgpum3qmp",
>         "public_interface": "eth2",
>         "type": "remoteaccessvpn",
>         "vpn_server_ip": "10.147.30.117"
>     },
>     "id": "remoteaccessvpn"
> }root@r-42-VM:/etc/cloudstack#
> ==========================================================
> root@r-42-VM:/etc/cloudstack# cat vpnuserlist.json
> {
>     "aaa": {
>         "add": true,
>         "password": "aaa",
>         "user": "aaa"
>     },
>     "abc": {
>         "add": true,
>         "password": "abc",
>         "user": "abc"
>     },
>     "id": "vpnuserlist"
> }root@r-42-VM:/etc/cloudstack#
> =================================================
> Attached MS log .



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message