Connexion VPN OpenSwan (L2TP/IPSec/PSK) depuis Windows 8
Bonjour à tous,
Je me suis monté un VPN (OpenSwan) il y a quelques jours sur un VPS (distrib : Debian Squeeze). Je l'ai testé avec mon iMac (10.8.3), et une tablette Androïd et aucuns problèmes, tout fonctionne à la perfection.
Seul bémol, j'ai essayé de m'y connecter avec un PC sous Windows 8 (sur le même réseau auxquels sont reliés ma tablette Androïd et mon iMac) et là rien à faire, la connexion ne veut pas s'établir.
Après environ 20-30 secondes avec le message "Connexion en cours", j'ai le droit à une erreur 809. J'ai donc vérifié si les services de Windows comme "Agent de stratégie IPSec" étaient bien démarrés et c'est le cas.
J'ai ouvert les différents ports dans le pare-feu intégré à Windows nécessaires à la connexion au VPN (TCP : 1723, UDP : 1701, 500) et j'ai même essayé une solution qui visiblement fonctionnait sous Windows 7 : http://vkelk.wordpress.com/2012/10/2...-809-l2tp-vpn/
Mais rien à faire, toujours la même erreur ...
Je me suis donc connecté sur le VPS et je suis allé vérifier ce qui se passait quand j'essayais de me connecter au VPN avec Windows dans le fichier /var/log/auth.log :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: received Vendor ID payload [RFC 3947] method set to=109
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 13:42:55 VPN pluto[1595]: packet from 92.156.91.143:500: ignoring Vendor ID payload [IKE CGA version 1]
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: responding to Main Mode from unknown peer 92.156.91.143
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.17'
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[28] 92.156.91.143 #61: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: deleting connection "L2TP-PSK-NAT" instance with peer 92.156.91.143 {isakmp=#0/ipsec=#0}
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: new NAT mapping for #61, was 92.156.91.143:500, now 92.156.91.143:4500
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: the peer proposed: 46.167.245.137/32:17/1701 -> 192.168.1.17/32:17/0
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: responding to Quick Mode proposal {msgid:01000000}
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: us: 46.167.245.137<46.167.245.137>[+S=C]:17/1701---46.167.245.254
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: them: 92.156.91.143[192.168.1.17,+S=C]:17/1701===192.168.1.17/32
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 24 13:42:55 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #62: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xe82c1726 <0x1dfaf6ec xfrm=AES_128-HMAC_SHA1 NATOA=192.168.1.17 NATD=92.156.91.143:4500 DPD=none}
Apr 24 13:42:57 VPN pluto[1595]: initiate on demand from 46.167.245.137:1701 to 92.156.91.143:1701 proto=17 state: fos_start because: acquire
Apr 24 13:43:30 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: received Delete SA(0xe82c1726) payload: deleting IPSEC State #62
Apr 24 13:43:30 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
Apr 24 13:43:30 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: received and ignored informational message
Apr 24 13:43:30 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143 #61: received Delete SA payload: deleting ISAKMP State #61
Apr 24 13:43:30 VPN pluto[1595]: "L2TP-PSK-NAT"[29] 92.156.91.143: deleting connection "L2TP-PSK-NAT" instance with peer 92.156.91.143 {isakmp=#0/ipsec=#0}
Apr 24 13:43:30 VPN pluto[1595]: packet from 92.156.91.143:4500: received and ignored informational message |
Et là je ne vois vraiment pas ce qui cloche puis qu’apparemment Windows envoit bien des requêtes de connexion au VPN mais j'ai l'impression qu'elles sont pour la plupart rejetées ou ignorées par le VPN et je ne comprends pas pourquoi ...
Quelqu'un aurait-il une idée car là je cherche depuis 9H ce matin et j'avance vraiment pas ...
Merci d'avance :)
