| shams |
02-07-2013 06:50 AM |
how direct all the trafic throught l2tp tunnel?
After a lot effort i configured the xl2tpd and openwan for my dialup connection with the dynamic and external interface ppp0 in debian wheezy.
The problem now is all trafic ddin't use the tunnel this is the log for xl2tpd tunnel:
this is pluto.log show ipsec connection established with the vpn server:
Quote:
added connection description "L2tp-Client"
listening for IKE messages
adding interface ppp0/ppp0 117.105.228.14:500
adding interface ppp0/ppp0 117.105.228.14:4500
adding interface eth0/eth0 192.168.1.1:500
adding interface eth0/eth0 192.168.1.1:4500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo 127.0.0.1:4500
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
"L2tp-Client" #1: initiating Main Mode
"L2tp-Client" #1: received Vendor ID payload [XAUTH]
"L2tp-Client" #1: received Vendor ID payload [Dead Peer Detection]
"L2tp-Client" #1: received Vendor ID payload [RFC 3947] method set to=109
"L2tp-Client" #1: enabling possible NAT-traversal with method 4
"L2tp-Client" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"L2tp-Client" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"L2tp-Client" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
"L2tp-Client" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"L2tp-Client" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"L2tp-Client" #1: Main mode peer ID is ID_IPV4_ADDR: '46.165.221.230'
"L2tp-Client" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"L2tp-Client" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
"L2tp-Client" #2: initiating Quick Mode PSK+ENCRYPT+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:9480cacb proposal=defaults pfsgroup=no-pfs}
"L2tp-Client" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"L2tp-Client" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xc9cc7029 <0x24b5bf92 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
|
This is the ip routing table:
Quote:
# ip route show
default dev ppp0 scope link
46.165.221.117.104.228.2230 via 117.104.228.14 dev ppp0 src 117.105.228.14
117.105.228.2 dev ppp0 proto kernel scope link src 117.105.228.14
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
|
46.165.221.230 is the vpn server ip and 117.105.228.2 my isp ip, this is the daemon.log:
Quote:
Feb 7 17:21:22 mypc xl2tpd[10555]: Terminating pppd: sending TERM signal to pid 12904
Feb 7 17:21:22 mypc avahi-daemon[2317]: Withdrawing workstation service for ppp1.
Feb 7 17:21:22 mypc NetworkManager[2161]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp1, iface: ppp1)
Feb 7 17:21:32 mypc xl2tpd[10555]: Calling on tunnel 63548
Feb 7 17:21:33 mypc xl2tpd[10555]: Call established with 46.165.221.230, Local: 23476, Remote: 48679, Serial: 93 (ref=0/0)
Feb 7 17:21:33 mypc xl2tpd[10555]: start_pppd: I'm running
Feb 7 17:21:33 mypc xl2tpd[10555]: start_pppd: I'm running:
Feb 7 17:21:33 mypc xl2tpd[10555]: "/usr/sbin/pppd"
Feb 7 17:21:33 mypc xl2tpd[10555]: "passive"
Feb 7 17:21:33 mypc xl2tpd[10555]: "nodetach"
Feb 7 17:21:33 mypc xl2tpd[10555]: ":"
Feb 7 17:21:33 mypc xl2tpd[10555]: "refuse-pap"
Feb 7 17:21:33 mypc xl2tpd[10555]: "auth"
Feb 7 17:21:33 mypc xl2tpd[10555]: "require-chap"
Feb 7 17:21:33 mypc xl2tpd[10555]: "name"
Feb 7 17:21:33 mypc xl2tpd[10555]: "client01855155"
Feb 7 17:21:33 mypc xl2tpd[10555]: "debug"
Feb 7 17:21:33 mypc xl2tpd[10555]: "file"
Feb 7 17:21:33 mypc xl2tpd[10555]: "/etc/ppp/options.xl2tpd"
Feb 7 17:21:33 mypc xl2tpd[10555]: "ipparam"
Feb 7 17:21:33 mypc xl2tpd[10555]: "46.165.221.230"
Feb 7 17:21:33 mypc xl2tpd[10555]: "/dev/pts/3"
Feb 7 17:21:33 mypc NetworkManager[2161]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp1, iface: ppp1)
Feb 7 17:21:33 mypc NetworkManager[2161]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp1, iface: ppp1): no ifupdown configuration found.
Feb 7 17:21:35 mypc avahi-daemon[2317]: Withdrawing workstation service for ppp1.
Feb 7 17:21:35 mypc NetworkManager[2161]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp1, iface: ppp1)
Feb 7 17:21:35 mypc NetworkManager[2161]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp1, iface: ppp1)
Feb 7 17:21:35 mypc NetworkManager[2161]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp1, iface: ppp1): no ifupdown configuration found.
Feb 7 17:21:35 mypc xl2tpd[10555]: control_finish: Connection closed to 46.165.221.230, serial 93 ()
Feb 7 17:21:35 mypc xl2tpd[10555]: Terminating pppd: sending TERM signal to pid 12919
Feb 7 17:21:35 mypc avahi-daemon[2317]: Withdrawing workstation service for ppp1.
Feb 7 17:21:35 mypc NetworkManager[2161]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp1, iface: ppp1
|
this is the tcpdump -i ppp0 output:
Quote:
17:15:35.442873 IP mypc.myuser.net.l2f > 46.165.221.230.l2f: l2tp:[L](8799/25120) {LCP, Term-Request (0x05), id 2, length 46}
17:15:35.451090 IP 46.165.221.230.l2f > mypc.myuser.net.l2f: l2tp:[L](63548/37428) {LCP, Term-Request (0x05), id 2, length 27}
17:15:35.451652 IP mypc.myuser.net.l2f > 46.165.221.230.l2f: l2tp:[L](8799/25120) {LCP, Term-Ack (0x06), id 2, length 6}
17:15:35.637073 IP 196.7.148.13.27088 > mypc.myuser.net.51413: UDP, length 287
17:15:35.637290 IP mypc.myuser.net.51413 > c-67-160-63-201.hsd1.wa.comcast.net.62227: UDP, length 58
17:15:35.637334 IP mypc.myuser.net.51413 > 85-168-126-230.rev.numericable.fr.51413: UDP, length 58
17:15:35.880023 IP 46.165.221.230.l2f > mypc.myuser.net.l2f: l2tp:[L](63548/37428) {LCP, Term-Ack (0x06), id 2, length 6}
17:15:35.900978 IP mypc.myuser.net.l2f > 46.165.221.230.l2f: l2tp:[L](8799/25120) {LCP, Conf-Request (0x01), id 3, length 26}
17:15:35.953044 IP 46.165.221.230.l2f > mypc.myuser.net.l2f: l2tp:[TLS](63548/37428)Ns=48,Nr=50 *MSGTYPE(CDN) *RESULT_CODE(1/0) *ASSND_SESS_ID(25120)
17:15:35.953274 IP mypc.myuser.net.l2f > 46.165.221.230.l2f: l2tp:[TLS](8799/25120)Ns=50,Nr=49 ZLB
17:15:35.982017 IP 85-168-126-230.rev.numericable.fr.51413 > mypc.myuser.net.51413: UDP, length 49
17:15:36.397919 IP 2.Red-79-155-91.dynamicIP.rima-tde.net.24948 > mypc.myuser.net.14212: UDP, length 101
525735654, win 14600, options [mss 1460,sackOK,TS val 9310587 ecr 0,nop,wscale 4], length 0
17:15:38.069654 IP 217.118.24.61.openvpn > mypc.myuser.net.43521: Flags [R.], seq 0, ack 525735655, win 0, length 0
17:15:40.423655 IP mypc.myuser.net.50427 > 208.67.222.222.domain: 14+ PTR? 201.63.160.67.in-addr.arpa. (44)
17:15:40.785210 IP 208.67.222.222.domain > mypc.myuser.net.50427: 14 1/0/0 PTR c-67-160-63-201.hsd1.wa.comcast.net. (93)
17:15:40.786112 IP mypc.myuser.net.37202 > 208.67.222.222.domain: 3981+ PTR? 230.126.168.85.in-addr.arpa. (45)
17:15:41.122153 IP 208.67.222.222.domain > mypc.myuser.net.37202: 3981 1/0/0 PTR 85-168-126-230.rev.numericable.fr. (92)
17:15:41.123265 IP mypc.myuser.net.53353 > 208.67.222.222.domain: 4648+ PTR? 2.91.155.79.in-addr.arpa. (42)
17:15:41.475082 IP 208.67.222.222.domain > mypc.myuser.net.53353: 4648 1/0/0 PTR 2.Red-79-155-91.dynamicIP.rima-tde.net. (94)
17:15:42.742874 IP cou82-4-78-249-210-57.fbx.proxad.net.45682 > mypc.myuser.net.14212: UDP, length 103
17:15:42.743522 IP mypc.myuser.net.61843 > 208.67.222.222.domain: 37644+ PTR? 57.210.249.78.in-addr.arpa. (44)
17:15:43.078836 IP 208.67.222.222.domain > mypc.myuser.net.61843: 37644 1/0/0 PTR cou82-4-78-249-210-57.fbx.proxad.net. (94)
|
How i can direct all the trafic throught the xl2tpd tunnel please? |
