[GUIDA] xl2tpd/strongSwan per VPN L2TP/IPsec su DGA413x/TG78x

  • 196 Risposte
  • 14927 Visite

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline a1pollo

  • Membro Anziano
  • ***
  • 132
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #90 il: 05 Dicembre 2019, 18:25 »
Ciao, @LuKePicci, innanzitutto grazie per tutto il lavoraccio che hai fatto per me(e forse per qualcun'altro), a partire dal root,  fino ad ora.
Per la velocita' e' piu' che ottima,non faro' mai streaming. Ho rimesso a posto anche la configurazione del ddns, mi dava errore perche' cercava di autenticarsi in continuazione.Quindi ho rigenerato i certificati con il mio dominio ddns,messi nel posto giusto ed e' tutto ok,ho sostituito anche l'opzione rightca con quella rightcert, cosi' il sistema e' gia' pronto anche per gli altri utenti.

Cit. " E fu' cosi' che il guerriero della strada si arrese e mi fece entrare"  :clap:

Offline guyshi1995

  • Nuovo Iscritto
  • *
  • 16
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #91 il: 09 Febbraio 2020, 23:30 »
Ciao Ragazzi,

sono riuscito ad installare tutto senza problemi. Inizialmente ho provato a collegarmi utilizzando il client VPN integrato in android in modalità PSK, ed ha subito funzionato. Comunque poi ho eseguito lo script setup.sh che alla fine mi ha generato il file .p12 che ho importato in android.
Ho scaricato l'applicazione ( https://play.google.com/store/apps/details?id=org.strongswan.android ) ed ho creato il nuovo profilo ma non riesce a collegarsi. Dai log continuo a leggere

Codice: [Seleziona]
[IKE] establishing IKE_SA failed, peer not responding
[IKE] unable to terminate IKE_SA : ID 3 not found


Dai log router vedo :
Codice: [Seleziona]
un Feb  9 22:21:51 2020 daemon.info ipsec: 09[CFG]   using trusted ca certificate "C=US, O=Technicolor, CN=CATechnicolor"
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[CFG] checking certificate status of "C=US, O=Technicolor, CN=myvpnclient"
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[CFG] checking certificate status of "C=US, O=Technicolor, CN=myvpnclient"
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[CFG] certificate status is not available
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[CFG] certificate status is not available
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[CFG]   reached self-signed root ca with a path length of 0
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[CFG]   reached self-signed root ca with a path length of 0
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[CFG]   using trusted certificate "C=US, O=Technicolor, CN=myvpnclient"
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[CFG]   using trusted certificate "C=US, O=Technicolor, CN=myvpnclient"
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[IKE] authentication of 'C=US, O=Technicolor, CN=myvpnclient' with RSA_EMSA_PKCS1_SHA256 successful
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[IKE] authentication of 'C=US, O=Technicolor, CN=myvpnclient' with RSA_EMSA_PKCS1_SHA256 successful
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Sun Feb  9 22:21:51 2020 authpriv.info ipsec: 09[IKE] peer supports MOBIKE
Sun Feb  9 22:21:51 2020 daemon.info ipsec: 09[IKE] peer supports MOBIKE

Certificate status is not available. Potrebbe essere questo il problema?

Offline LuKePicci

  • Global Moderator
  • VIP
  • *****
  • 2196
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #92 il: 10 Febbraio 2020, 00:43 »
No, il problema è quello sotto. Hai selezionato "IKEv2 Certificate" sull'app o hai messo qualcos'altro tipo EAP?

Offline guyshi1995

  • Nuovo Iscritto
  • *
  • 16
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #93 il: 10 Febbraio 2020, 00:50 »
In VPN Type seleziono IKEv2 Certificate, ed ho come risultato quei log.
Se invece seleziono "IKEv2 Certificate + EAP (Username e password)" ed inserisco le credenziali contenute nel file /etc/ipsec.secrets, mi restituisce AUTHENTICATION_FAILED notify error

Questo è il mio ipsec.conf:
Codice: [Seleziona]
config setup

conn %default
 keyexchange=ikev2

conn roadwarrior
 left=%any
 leftauth=pubkey
 leftcert=serverCert.pem
 [email protected]
 leftsubnet=0.0.0.0/0,::/0
 right=%any
 [email protected]
 rightsourceip=%dhcp
 rightauth=pubkey
 rightcert=clientCert.pem
 #rightauth2=eap-mschapv2
 auto=add

include /var/ipsec/ipsec.conf
« Ultima modifica: 10 Febbraio 2020, 22:17 da MisterFTTH »

Offline LuKePicci

  • Global Moderator
  • VIP
  • *****
  • 2196
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #94 il: 10 Febbraio 2020, 01:55 »
Se la config è per sola pubkey è normale che non ti funzioni selezionando "IKEv2 Certificate + EAP" per quello ti servirebbe il secondo round.

Comunque fai sempre riferimento alla guida originale che è più aggiornata: https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior

Offline guyshi1995

  • Nuovo Iscritto
  • *
  • 16
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #95 il: 10 Febbraio 2020, 22:00 »
Niente da fare... alla fine nei log ho questo ma non vuole collegarsi

Codice: [Seleziona]
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[IKE] received end entity cert "C=US, O=Technicolor, CN=myvpnclient"
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[CFG] looking for peer configs matching 123.456.789.123[%any]...123.456.789.123[C=US, O=Technicolor, CN=myvpnclient]
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[CFG] selected peer config 'roadwarriorPUBKEY'
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[IKE] peer supports MOBIKE
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Mon Feb 10 20:58:02 2020 daemon.info syslog: 14[NET] sending packet: from 123.456.789.123[4500] to 123.456.789.123[14463] (80 bytes)
« Ultima modifica: 10 Febbraio 2020, 22:17 da MisterFTTH »

Offline LuKePicci

  • Global Moderator
  • VIP
  • *****
  • 2196
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #96 il: 11 Febbraio 2020, 02:12 »
Ma stai provando a connetterti da remoto vero? Sei sicuro che l'host usato per la config combaci con quello nel certificato? Cos'è quel "@mio.dominio.it" che vedo nella config?
« Ultima modifica: 11 Febbraio 2020, 02:18 da LuKePicci »

Offline a1pollo

  • Membro Anziano
  • ***
  • 132
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #97 il: 11 Febbraio 2020, 05:52 »
Devi mettere leftid=il tuo dominio senza @

sulla app :

nome e server il tuo dominio

Offline LuKePicci

  • Global Moderator
  • VIP
  • *****
  • 2196
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #98 il: 11 Febbraio 2020, 12:21 »
Esattamente, o al limite puoi metterci un ip se ce l'hai statico.

Offline kitt1997

  • Nuovo Iscritto
  • *
  • 38
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #99 il: 01 Marzo 2020, 14:36 »
Buongiorno a tutti!

Ho installato questa mod sul mio TG789vac con GUI Ansuel configurandola come una L2TP/IPSec con PSK e funziona tutto alla grande.
C'è solo un problemino: quando mi connetto con il client Android nativo, dopo 65-70 secondi la connessione viene terminata, qualsiasi cosa stia facendo. Collegandomi invece da un pc Windows non ho nessun problema di questo tipo. È un problema noto per caso?

Un'altra cosa, ci sarebbe modo di installare direttamente questa mod da GUI Ansuel? Più che altro perché tutte le volte che la GUI si aggiorna si deve andare a ricaricare a mano le card in \www perché l'aggiornamento fa il clean di tutta la cartella www...

Grazie!

Offline satigno

  • Membro Giovane
  • **
  • 78
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #100 il: 16 Marzo 2020, 13:31 »
Salve a tutti,

ho DGA4132 con 2.2.0 e GUI Ansuel.

Seguendo le indicazioni del primo post ottengo questo output:

Codice: [Seleziona]
[email protected]:~# opkg update
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/base/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_base
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_luci
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_routing
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_telephony
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/target/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_core
[email protected]:~# opkg install xl2tpd strongswan-default
Package xl2tpd (1.3.12-1) installed in root is up to date.
Package strongswan-default (5.6.3-3) installed in root is up to date.
[email protected]:~# curl -s https://raw.githubusercontent.com/FrancYescO/sharing_tg
789/modgui-vpn/modgui-vpn_1.0-0_all.ipk -o /tmp/modgui-vpn_1.0-0_all.ipk
curl: error while loading shared libraries: libmbedtls.so.10: cannot open shared object file: No such file or directory
[email protected]:~# opkg install /tmp/modgui-vpn_1.0-0_all.ipk
Collected errors:
 * wfopen: /tmp/modgui-vpn_1.0-0_all.ipk: No such file or directory.
 * pkg_init_from_file: Failed to extract control file from /tmp/modgui-vpn_1.0-0_all.ipk.
[email protected]:~# rm /tmp/modgui-vpn_1.0-0_all.ipk
rm: can't remove '/tmp/modgui-vpn_1.0-0_all.ipk': No such file or directory
[email protected]:~# curl -s https://raw.githubusercontent.com/FrancYescO/sharing_tg
789/modgui-vpn/modgui-vpn_1.0-0_all.ipk -o /tmp/modgui-vpn_1.0-0_all.ipk
curl: error while loading shared libraries: libmbedtls.so.10: cannot open shared object file: No such file or directory
[email protected]:~# opkg install /tmp/modgui-vpn_1.0-0_all.ipk
Collected errors:
 * wfopen: /tmp/modgui-vpn_1.0-0_all.ipk: No such file or directory.
 * pkg_init_from_file: Failed to extract control file from /tmp/modgui-vpn_1.0-0_all.ipk.
[email protected]:~# rm /tmp/modgui-vpn_1.0-0_all.ipk
rm: can't remove '/tmp/modgui-vpn_1.0-0_all.ipk': No such file or directory

Una mano? Grazie mille a tutti!
« Ultima modifica: 16 Marzo 2020, 13:42 da MisterFTTH »

Offline a1pollo

  • Membro Anziano
  • ***
  • 132
Re:[Testing] VPN L2TP/IPSec DGA413x/TG78x
« Risposta #101 il: 16 Marzo 2020, 15:07 »
Ciao, scaricalo a mano col browser: https://github.com/FrancYescO/sharing_tg789/blob/modgui-vpn/modgui-vpn_1.0-0_all.ipk ,cerca la voce download, poi lo carichi nella cartella tmp con winscp, poi dai solo la seconda parte del comando.

Offline satigno

  • Membro Giovane
  • **
  • 78
Re:[Testing] xl2tpd/strongSwan per L2TP/IPsec su DGA413x/TG78x
« Risposta #102 il: 16 Marzo 2020, 17:09 »
Grazie! Credo di aver fatto rimbambire il router e ho preferito reinstallare la GUI da zero. E' bastato scaricare il file e installare come da tue indicazioni ed è andato tutto ok: è spuntata la casella Server VPN sulla GUI.

Codice ottenuto all'atto dell'installazione:

Codice: [Seleziona]
[email protected]:~# opkg update
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/base/Pac             kages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_base
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/luci/Pac             kages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_luci
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/routing/             Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_routing
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/telephon             y/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_telephony
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/target/p             ackages/Packages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_core
Downloading http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm63xx-tch/VANTW             /packages/Packages.gz
wget: server returned error: HTTP/1.1 404 Not Found
*** Failed to download the package list from http://downloads.openwrt.org/chaos_             calmer/15.05.1/brcm63xx-tch/VANTW/packages/Packages.gz

Collected errors:
 * opkg_download: Failed to download http://downloads.openwrt.org/chaos_calmer/1             5.05.1/brcm63xx-tch/VANTW/packages/Packages.gz, wget returned 1.
[email protected]:~# opkg install /tmp/modgui-vpn_1.0-0_all.ipk
Installing modgui-vpn (1.0-0) to root...
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Multiple packages (librt and librt) providing same name marked HOLD or PREFER. U             sing latest.
Multiple packages (libpthread and libpthread) providing same name marked HOLD or              PREFER. Using latest.
Installing strongswan (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-charon (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-charon_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-ipsec (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-ipsec_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-aes (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-aes_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-attr (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-attr_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-connmark (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-connmark_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-constraints (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-constraints_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-des (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-des_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-dnskey (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-dnskey_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-sha1 (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-sha1_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-fips-prf (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-fips-prf_5.6.3-3_arm_cortex-a9_neon.ipk
Installing libgmp (6.1.2-1) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/base/lib             gmp_6.1.2-1_arm_cortex-a9_neon.ipk
Installing strongswan-mod-gmp (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-gmp_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-hmac (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-hmac_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-kernel-netlink (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-kernel-netlink_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-md5 (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-md5_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-nonce (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-nonce_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-pem (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-pem_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-pgp (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-pgp_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-pkcs1 (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-pkcs1_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-pubkey (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-pubkey_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-random (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-random_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-rc2 (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-rc2_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-resolve (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-resolve_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-revocation (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-revocation_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-sha2 (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-sha2_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-socket-default (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-socket-default_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-sshkey (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-sshkey_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-stroke (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-stroke_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-updown (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-updown_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-x509 (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-x509_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-xauth-generic (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-xauth-generic_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-mod-xcbc (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-mod-xcbc_5.6.3-3_arm_cortex-a9_neon.ipk
Installing strongswan-default (5.6.3-3) to root...
Downloading https://raw.githubusercontent.com/Ansuel/GUI_ipk/kernel-4.1/packages             /strongswan-default_5.6.3-3_arm_cortex-a9_neon.ipk
Configuring strongswan.
Configuring strongswan-mod-constraints.
Configuring strongswan-mod-sha1.
Configuring strongswan-mod-sha2.
Configuring strongswan-mod-connmark.
Configuring strongswan-mod-pem.
Configuring strongswan-mod-rc2.
Configuring strongswan-mod-aes.
Configuring strongswan-mod-pgp.
Configuring strongswan-mod-sshkey.
Configuring strongswan-mod-xcbc.
Configuring strongswan-mod-random.
Configuring strongswan-mod-pkcs1.
Configuring strongswan-mod-dnskey.
Configuring strongswan-mod-hmac.
Configuring strongswan-charon.
Configuring strongswan-mod-des.
Configuring strongswan-mod-fips-prf.
Configuring strongswan-mod-socket-default.
Configuring strongswan-mod-resolve.
Configuring strongswan-mod-pubkey.
Configuring strongswan-mod-kernel-netlink.
Configuring strongswan-ipsec.
Configuring strongswan-mod-attr.
Configuring libgmp.
Configuring strongswan-mod-gmp.
Configuring strongswan-mod-md5.
Configuring strongswan-mod-nonce.
Configuring strongswan-mod-revocation.
Configuring strongswan-mod-stroke.
Configuring strongswan-mod-updown.
Configuring strongswan-mod-x509.
Configuring strongswan-mod-xauth-generic.
Configuring strongswan-default.
Configuring modgui-vpn.

Ora però sto provando a connettermi tramite rete 4G da Android ma non riesce a connettersi.
Inserisco il server (mio DDNS, impostato anche su TIM HUB), chiave precondivisa, username e chiave. Non si connette purtroppo. Sto usando il protocollo L2TP/IPSEC PSK come da screen trovato in questo topic.
Come posso fare?

Offline a1pollo

  • Membro Anziano
  • ***
  • 132
Re:[Testing] xl2tpd/strongSwan per L2TP/IPsec su DGA413x/TG78x
« Risposta #103 il: 16 Marzo 2020, 18:12 »
l'esperto e' @FrancYescO , io ho installato strongswan e non la scheda, perche' non mi funziona il driver xL2TPd.
Apriti due istanze di putty,in una dai il comando:
logread -f
Nell'altra prova:

ps a | grep xl2

poi prova a riavviare il servizio:

/etc/init.d/ipsec restart

e controlla il log

« Ultima modifica: 16 Marzo 2020, 18:21 da a1pollo »

Offline satigno

  • Membro Giovane
  • **
  • 78
Re:[Testing] xl2tpd/strongSwan per L2TP/IPsec su DGA413x/TG78x
« Risposta #104 il: 16 Marzo 2020, 21:59 »
Log:

Codice: [Seleziona]
[email protected]:~# logread -f

Mon Mar 16 21:53:42 2020 daemon.warn dnsmasq[2985]: possible DNS-rebind attack detected: device7718983-dafb6237-local.wd2go.com
Mon Mar 16 21:53:42 2020 daemon.warn dnsmasq[2985]: possible DNS-rebind attack detected: device7718983-dafb6237-local.wd2go.com
Mon Mar 16 21:54:16 2020 authpriv.info ipsec: 06[NET] received packet: from INDIRIZZO IP TELEFONO[26522] to INDIRIZZO IP CASA[500] (716 bytes)
Mon Mar 16 21:54:16 2020 daemon.info ipsec: 06[NET] received packet: from INDIRIZZO IP TELEFONO[26522] to INDIRIZZO IP CASA[500] (716 bytes)
Mon Mar 16 21:54:16 2020 authpriv.info ipsec: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mon Mar 16 21:54:16 2020 daemon.info ipsec: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mon Mar 16 21:54:16 2020 authpriv.info ipsec: 06[IKE] no IKE config found for INDIRIZZO IP CASA...INDIRIZZO IP TELEFONO, sending NO_PROPOSAL_CHOSEN
Mon Mar 16 21:54:16 2020 daemon.info ipsec: 06[IKE] no IKE config found for INDIRIZZO IP CASA...INDIRIZZO IP TELEFONO, sending NO_PROPOSAL_CHOSEN
Mon Mar 16 21:54:16 2020 authpriv.info ipsec: 06[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Mon Mar 16 21:54:16 2020 daemon.info ipsec: 06[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Mon Mar 16 21:54:16 2020 authpriv.info ipsec: 06[NET] sending packet: from INDIRIZZO IP CASA[500] to INDIRIZZO IP TELEFONO[26522] (36 bytes)
Mon Mar 16 21:54:16 2020 daemon.info ipsec: 06[NET] sending packet: from INDIRIZZO IP CASA[500] to INDIRIZZO IP TELEFONO[26522] (36 bytes)
Mon Mar 16 21:54:28 2020 authpriv.info ipsec: 09[NET] received packet: from INDIRIZZO IP TELEFONO[27222] to INDIRIZZO IP CASA[500] (716 bytes)
Mon Mar 16 21:54:28 2020 daemon.info ipsec: 09[NET] received packet: from INDIRIZZO IP TELEFONO[27222] to INDIRIZZO IP CASA[500] (716 bytes)
Mon Mar 16 21:54:28 2020 authpriv.info ipsec: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mon Mar 16 21:54:28 2020 daemon.info ipsec: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mon Mar 16 21:54:28 2020 authpriv.info ipsec: 09[IKE] no IKE config found for INDIRIZZO IP CASA...INDIRIZZO IP TELEFONO, sending NO_PROPOSAL_CHOSEN
Mon Mar 16 21:54:28 2020 daemon.info ipsec: 09[IKE] no IKE config found for INDIRIZZO IP CASA...INDIRIZZO IP TELEFONO, sending NO_PROPOSAL_CHOSEN
Mon Mar 16 21:54:28 2020 authpriv.info ipsec: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Mon Mar 16 21:54:28 2020 daemon.info ipsec: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Mon Mar 16 21:54:28 2020 authpriv.info ipsec: 09[NET] sending packet: from INDIRIZZO IP CASA[500] to INDIRIZZO IP TELEFONO[27222] (36 bytes)
Mon Mar 16 21:54:28 2020 daemon.info ipsec: 09[NET] sending packet: from INDIRIZZO IP CASA[500] to INDIRIZZO IP TELEFONO[27222] (36 bytes)
Mon Mar 16 21:54:28 2020 daemon.info odhcpd[3105]: Using a RA lifetime of 0 seconds on wl0_1

Durante questo log ho mandato i seguenti comandi + provato a connettermi dal cellulare:

Codice: [Seleziona]
[email protected]:~# ps a | grep xl2
ps: invalid option -- 'a'
BusyBox v1.23.2 (2019-10-16 14:39:14 UTC) multi-call binary.

Usage: ps

Show list of processes

        w       Wide output

[email protected]:~# /etc/init.d/ipsec restart

Al comando etc/init.d/ipsec restart non è successo nulla. Solo la prima volta (non nel log) ha constatato che non era attivo il servizio e l'ha inizializzato. Grazie ragazzi!