VPN IPsec raspbian ( debian raspberry Pi )Résolu/Fermé

Question

Bonjour, 

j'essaye depuis hier soir de configurer un serveur VPN sur mon raspberry Pi qui tourne sous DEBIAN mais impossible de le faire fonctionné.

pourtant j'installe la même chose sur un pc portable a coté et cela marche trés bien, voici mes logs :

Jul 27 18:05:57 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:00 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:03 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:06 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:09 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:12 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:15 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:18 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #2: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:06:21 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #1: received Delete SA payload: deleting ISAKMP State #1
Jul 27 18:06:21 raspberrypi pluto[5213]: packet from 192.168.0.254:4500: received and ignored informational message
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [RFC 3947] method set to=115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] meth=114, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08] meth=113, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07] meth=112, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06] meth=111, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05] meth=110, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04] meth=109, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Jul 27 18:07:53 raspberrypi pluto[5213]: packet from 192.168.0.254:500: received Vendor ID payload [Dead Peer Detection]
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: responding to Main Mode from unknown peer 192.168.0.254
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.32'
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: new NAT mapping for #3, was 192.168.0.254:500, now 192.168.0.254:4500
Jul 27 18:07:53 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: the peer proposed: 82.233.144.104/32:17/1701 -> 192.168.0.32/32:17/60920
Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: responding to Quick Mode proposal {msgid:47547df5}
Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4:     us: 192.168.0.1<192.168.0.1>:17/1701
Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4:   them: 192.168.0.254[192.168.0.32]:17/60920===192.168.0.32/32
Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: ERROR: netlink response for Add SA esp.dd017ee@192.168.0.254 included errno 93: Protocol not supported
Jul 27 18:07:55 raspberrypi pluto[5213]: | setup_half_ipsec_sa() hit fail:
Jul 27 18:07:55 raspberrypi pluto[5213]: | failed to install outgoing SA: 0
Jul 27 18:07:58 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:01 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:04 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:07 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:10 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:13 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:16 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:19 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:22 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: discarding duplicate packet; already STATE_QUICK_R0
Jul 27 18:08:25 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #3: received Delete SA payload: deleting ISAKMP State #3
Jul 27 18:08:25 raspberrypi pluto[5213]: packet from 192.168.0.254:4500: received and ignored informational message

si quelqu'un peu m'aider a y voir plus clair je suis preneur.

merci par avance de votre aide.

cordialement,

Drazik64

Configuration: Raspbian sur Raspberry Pi

synopsis8 · Answer

Non, c'est trop compliqué ton problème, reviens avec une question plus facile s'il te plaît.

À part ça dans tes logs, il apparaît que tu utilises une encryption qui n'est pas supportée.

Jul 27 18:07:55 raspberrypi pluto[5213]: "L2TP-PSK-NAT"[2] 192.168.0.254 #4: ERROR: netlink response for Add SA esp.dd017ee@192.168.0.254 included errno 93: Protocol not supported 

Il te manque pas des librairaies ?

drazik64 · Answer

merci synopsis8 pour ta réponse aussi rapide.

que puis je te fournir pour t'aider a "m'aider" ?

merci

synopsis8 · Answer

Tiens, j'ai trouvé ça https://www.google.fr/?gws_rd=ssl#q=included+errno+93:+Protocol+not+supported&hl=fr&safe=off&biw=987&bih=818&fp=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&cad=b
qui dit en gros que tu n'es pas tout seul à avoir ce problème. Ça fait plaisir non ? :-D

Est-ce que tu as activé le support IPv6 ?

drazik64 · Answer

je vais regarder ca, 

heu ... le support de l'IP V6 ? on fais ca comment ?

synopsis8 · Answer

Ben ça, c'est avec ton Kernel, mais regarde si ton machin rapberry l'a bien activé.

http://www.admin-linux.fr/?p=3674

drazik64 · Answer

je vien de faire un :

nano /proc/net/if_inet6

et j'ai obtenue ca :

2a010e352e990680ba27ebfffefa8274 02 40 00 00     eth0
fe80000000000000ba27ebfffefa8274 02 40 20 80     eth0
00000000000000000000000000000001 01 80 10 80       lo

donc si je comprend bien l' IP V6 est bien pris en compte par mon kernel ?

synopsis8 · Answer

oui à priori, c'est bon.

donne moi le résultat de la commande ifconfig

t'as trouvé qq chose sinon sur google ?

drazik64 · Answer

voici le résultat de la commande ifconfig :


eth0      Link encap:Ethernet  HWaddr b8:27:eb:fa:82:74
          inet adr:192.168.0.1  Bcast:192.168.0.255  Masque:255.255.255.0
          adr inet6: 2a01:e35:2e99:680:ba27:ebff:fefa:8274/64 Scope:Global
          adr inet6: fe80::ba27:ebff:fefa:8274/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:91 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          RX bytes:9504 (9.2 KiB)  TX bytes:12615 (12.3 KiB)

lo        Link encap:Boucle locale
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


je n'ai rien trouvé sur google non, et ce n'est pas faute de chercher...

synopsis8 · Answer

http://comments.gmane.org/gmane.network.openswan.user/16824

Lis ça s'il te plait.

drazik64 · Answer

heu... c'est un peu trop en anglais pour moi, je ne comprend pas tout...

bidouilleur · Answer

voici un petit tutoriel qui peu repondre a tes attentes :

http://bidouiller.fr/2013/03/01/tuto-mettre-en-place-un-serveur-vpn-sur-un-raspberry-pi/

VPN IPsec raspbian ( debian raspberry Pi )

11 réponses

Discussions similaires

Newsletters