Коллеги ,привет, прошу помощи
Поднимаю L2TP VPN-сервер Локальный-IP - 192.168.1.217
Подключение к сети VPN из локальной проходит успешно. Как только начинаю подключение из внешней сети Ошибка подключения, Логи нижепрошу помочь, направить в решение вопроса, убито уже
etc/ipsec.conf
/etc/ipsec.conf
conn rw-base
fragmentation=yes
dpdaction=clear
dpdtimeout=90s
dpddelay=30sconn l2tp-vpn
also=rw-base
ike=aes128-sha256-modp3072
esp=aes128-sha256-modp3072
leftsubnet=%dynamic[/1701]
rightsubnet=%dynamic
leftauth=psk
rightauth=psk
type=transport
auto=add
/etc/xl2tpd/xl2tpd.conf
[global]
port = 1701
auth file = /etc/ppp/chap-secrets
access control = no
ipsec saref = yes
force userspace = yes[lns default]
exclusive = no
ip range = 192.168.1.38-192.168.1.40
hidden bit = no
local ip = 192.168.1.217
length bit = yes
require authentication = yes
name = l2tp-vpn
pppoptfile = /etc/ppp/options.xl2tpd
flow bit = yes
/etc/ppp/options.xl2tpd
asyncmap 0
auth
crtscts
lock
hide-password
modem
mtu 1460
lcp-echo-interval 30
lcp-echo-failure 4
noipx
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
multilink
mppe-stateful
июл 18 13:06:37 VPN-2 charon[700]: 13[ENC] parsed INFORMATIONAL_V1 request 3375145044 [ HASH D ]
июл 18 13:06:37 VPN-2 charon[700]: 13[IKE] received DELETE for ESP CHILD_SA with SPI e63c8d84
июл 18 13:06:37 VPN-2 charon[700]: 13[IKE] closing CHILD_SA l2tp-vpn{26} with SPIs c794ea60_i (20886 bytes) e63c8d84_o (1247 bytes) and TS 192.168.1.217/32[udp/l2f] === 192.168.1.213/32[udp/l2f]
июл 18 13:06:37 VPN-2 charon[700]: 13[IKE] closing CHILD_SA l2tp-vpn{26} with SPIs c794ea60_i (20886 bytes) e63c8d84_o (1247 bytes) and TS 192.168.1.217/32[udp/l2f] === 192.168.1.213/32[udp/l2f]
июл 18 13:06:37 VPN-2 charon[700]: 14[NET] received packet: from 192.168.1.213[500] to 192.168.1.217[500] (92 bytes)
июл 18 13:06:37 VPN-2 charon[700]: 14[ENC] parsed INFORMATIONAL_V1 request 2977137729 [ HASH D ]
июл 18 13:06:37 VPN-2 charon[700]: 14[IKE] received DELETE for IKE_SA l2tp-vpn[10]
июл 18 13:06:37 VPN-2 charon[700]: 14[IKE] deleting IKE_SA l2tp-vpn[10] between 192.168.1.217[192.168.1.217]...192.168.1.213[ 192.168.1.213]
июл 18 13:06:37 VPN-2 charon[700]: 14[IKE] deleting IKE_SA l2tp-vpn[10] between 192.168.1.217[192.168.1.217]...192.168.1.213[ 192.168.1.213]
июл 18 13:06:38 VPN-2 pppd[1000]: Exit.
июл 18 13:16:09 VPN-2 charon[700]: 05[NET] received packet: from 192.168.1.1[500] to 192.168.1.217[500] (384 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
июл 18 13:16:09 VPN-2 ipsec[700]: 16[NET] received packet: from 192.168.1.213[500] to 192.168.1.217[500] (60 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 16[ENC] parsed QUICK_MODE request 1 [ HASH ]
июл 18 13:16:09 VPN-2 ipsec[700]: 16[IKE] CHILD_SA l2tp-vpn{26} established with SPIs c794ea60_i e63c8d84_o and TS 192.168.1. 217/32[udp/l2f] === 192.168.1.213/32[udp/l2f]
июл 18 13:16:09 VPN-2 ipsec[700]: 08[KNL] interface ppp0 activated
июл 18 13:16:09 VPN-2 ipsec[700]: 10[KNL] fe80::3563:eb73:c7b0:8e33 appeared on ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 12[KNL] flags changed for fe80::3563:eb73:c7b0:8e33 on ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 06[KNL] 10.2.2.1 appeared on ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 05[KNL] 10.2.2.1 disappeared from ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 08[KNL] 10.2.2.1 appeared on ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 15[KNL] 10.2.2.1 disappeared from ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 05[KNL] fe80::3563:eb73:c7b0:8e33 disappeared from ppp0
июл 18 13:16:09 VPN-2 ipsec[700]: 11[KNL] interface ppp0 deactivated
июл 18 13:16:09 VPN-2 ipsec[700]: 12[KNL] interface ppp0 deleted
июл 18 13:16:09 VPN-2 ipsec[700]: 13[NET] received packet: from 192.168.1.213[500] to 192.168.1.217[500] (76 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 13[ENC] parsed INFORMATIONAL_V1 request 3375145044 [ HASH D ]
июл 18 13:16:09 VPN-2 ipsec[700]: 13[IKE] received DELETE for ESP CHILD_SA with SPI e63c8d84
июл 18 13:16:09 VPN-2 ipsec[700]: 13[IKE] closing CHILD_SA l2tp-vpn{26} with SPIs c794ea60_i (20886 bytes) e63c8d84_o (1247 b ytes) and TS 192.168.1.217/32[udp/l2f] === 192.168.1.213/32[udp/l2f]
июл 18 13:16:09 VPN-2 ipsec[700]: 14[NET] received packet: from 192.168.1.213[500] to 192.168.1.217[500] (92 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 14[ENC] parsed INFORMATIONAL_V1 request 2977137729 [ HASH D ]
июл 18 13:16:09 VPN-2 ipsec[700]: 14[IKE] received DELETE for IKE_SA l2tp-vpn[10]
июл 18 13:16:09 VPN-2 ipsec[700]: 14[IKE] deleting IKE_SA l2tp-vpn[10] between 192.168.1.217[192.168.1.217]...192.168.1.213[1 92.168.1.213]
июл 18 13:16:09 VPN-2 ipsec[700]: 05[NET] received packet: from 192.168.1.1[500] to 192.168.1.217[500] (384 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
июл 18 13:16:09 VPN-2 ipsec[700]: 05[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
июл 18 13:16:09 VPN-2 ipsec[700]: 05[IKE] received NAT-T (RFC 3947) vendor ID
июл 18 13:16:09 VPN-2 ipsec[700]: 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
июл 18 13:16:09 VPN-2 ipsec[700]: 05[IKE] received FRAGMENTATION vendor ID
июл 18 13:16:09 VPN-2 ipsec[700]: 05[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
июл 18 13:16:09 VPN-2 ipsec[700]: 05[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
июл 18 13:16:09 VPN-2 ipsec[700]: 05[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
июл 18 13:16:09 VPN-2 ipsec[700]: 05[IKE] 192.168.1.1 is initiating a Main Mode IKE_SA
июл 18 13:16:09 VPN-2 ipsec[700]: 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
июл 18 13:16:09 VPN-2 charon[700]: 05[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
июл 18 13:16:09 VPN-2 ipsec[700]: 05[ENC] generating ID_PROT response 0 [ SA V V V V ]
июл 18 13:16:09 VPN-2 ipsec[700]: 05[NET] sending packet: from 192.168.1.217[500] to 192.168.1.1[500] (160 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 07[NET] received packet: from 192.168.1.1[500] to 192.168.1.217[500] (228 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 07[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
июл 18 13:16:09 VPN-2 ipsec[700]: 07[IKE] local host is behind NAT, sending keep alives
июл 18 13:16:09 VPN-2 ipsec[700]: 07[IKE] remote host is behind NAT
июл 18 13:16:09 VPN-2 ipsec[700]: 07[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
июл 18 13:16:09 VPN-2 ipsec[700]: 07[NET] sending packet: from 192.168.1.217[500] to 192.168.1.1[500] (212 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 08[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (76 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 08[ENC] parsed ID_PROT request 0 [ ID HASH ]
июл 18 13:16:09 VPN-2 ipsec[700]: 08[CFG] looking for pre-shared key peer configs matching 192.168.1.217...192.168.1.1[192.16 8.1.213]
июл 18 13:16:09 VPN-2 ipsec[700]: 08[CFG] selected peer config "l2tp-vpn"
июл 18 13:16:09 VPN-2 ipsec[700]: 08[IKE] IKE_SA l2tp-vpn[11] established between 192.168.1.217[192.168.1.217]...192.168.1.1[ 192.168.1.213]
июл 18 13:16:09 VPN-2 ipsec[700]: 08[IKE] scheduling reauthentication in 10239s
июл 18 13:16:09 VPN-2 ipsec[700]: 08[IKE] maximum IKE_SA lifetime 10779s
июл 18 13:16:09 VPN-2 ipsec[700]: 08[IKE] DPD not supported by peer, disabled
июл 18 13:16:09 VPN-2 ipsec[700]: 08[ENC] generating ID_PROT response 0 [ ID HASH ]
июл 18 13:16:09 VPN-2 ipsec[700]: 08[NET] sending packet: from 192.168.1.217[4500] to 192.168.1.1[4500] (76 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 11[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (332 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 ipsec[700]: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
июл 18 13:16:09 VPN-2 ipsec[700]: 11[IKE] received 250000000 lifebytes, configured 0
июл 18 13:16:09 VPN-2 ipsec[700]: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 ipsec[700]: 11[NET] sending packet: from 192.168.1.217[4500] to 192.168.1.1[4500] (204 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 10[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (60 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 10[ENC] parsed QUICK_MODE request 1 [ HASH ]
июл 18 13:16:09 VPN-2 ipsec[700]: 10[IKE] CHILD_SA l2tp-vpn{27} established with SPIs c0c99bcc_i 078a755a_o and TS 192.168.1. 217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
июл 18 13:16:09 VPN-2 ipsec[700]: 12[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (332 bytes)
июл 18 13:16:09 VPN-2 ipsec[700]: 12[ENC] parsed QUICK_MODE request 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 ipsec[700]: 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
июл 18 13:16:09 VPN-2 charon[700]: 05[IKE] received NAT-T (RFC 3947) vendor ID
июл 18 13:16:09 VPN-2 ipsec[700]: 12[IKE] received 250000000 lifebytes, configured 0
июл 18 13:16:09 VPN-2 charon[700]: 05[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
июл 18 13:16:09 VPN-2 charon[700]: 05[IKE] received FRAGMENTATION vendor ID
июл 18 13:16:09 VPN-2 charon[700]: 05[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
июл 18 13:16:09 VPN-2 charon[700]: 05[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
июл 18 13:16:09 VPN-2 charon[700]: 05[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
июл 18 13:16:09 VPN-2 charon[700]: 05[IKE] 192.168.1.1 is initiating a Main Mode IKE_SA
июл 18 13:16:09 VPN-2 charon[700]: 05[IKE] 192.168.1.1 is initiating a Main Mode IKE_SA
июл 18 13:16:09 VPN-2 charon[700]: 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
июл 18 13:16:09 VPN-2 charon[700]: 05[ENC] generating ID_PROT response 0 [ SA V V V V ]
июл 18 13:16:09 VPN-2 charon[700]: 05[NET] sending packet: from 192.168.1.217[500] to 192.168.1.1[500] (160 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 07[NET] received packet: from 192.168.1.1[500] to 192.168.1.217[500] (228 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 07[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
июл 18 13:16:09 VPN-2 charon[700]: 07[IKE] local host is behind NAT, sending keep alives
июл 18 13:16:09 VPN-2 charon[700]: 07[IKE] remote host is behind NAT
июл 18 13:16:09 VPN-2 charon[700]: 07[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
июл 18 13:16:09 VPN-2 charon[700]: 07[NET] sending packet: from 192.168.1.217[500] to 192.168.1.1[500] (212 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 08[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (76 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 08[ENC] parsed ID_PROT request 0 [ ID HASH ]
июл 18 13:16:09 VPN-2 charon[700]: 08[CFG] looking for pre-shared key peer configs matching 192.168.1.217...192.168.1.1[192.1 68.1.213]
июл 18 13:16:09 VPN-2 charon[700]: 08[CFG] selected peer config "l2tp-vpn"
июл 18 13:16:09 VPN-2 charon[700]: 08[IKE] IKE_SA l2tp-vpn[11] established between 192.168.1.217[192.168.1.217]...192.168.1.1 [192.168.1.213]
июл 18 13:16:09 VPN-2 charon[700]: 08[IKE] IKE_SA l2tp-vpn[11] established between 192.168.1.217[192.168.1.217]...192.168.1.1 [192.168.1.213]
июл 18 13:16:09 VPN-2 charon[700]: 08[IKE] scheduling reauthentication in 10239s
июл 18 13:16:09 VPN-2 charon[700]: 08[IKE] maximum IKE_SA lifetime 10779s
июл 18 13:16:09 VPN-2 charon[700]: 08[IKE] DPD not supported by peer, disabled
июл 18 13:16:09 VPN-2 charon[700]: 08[ENC] generating ID_PROT response 0 [ ID HASH ]
июл 18 13:16:09 VPN-2 charon[700]: 08[NET] sending packet: from 192.168.1.217[4500] to 192.168.1.1[4500] (76 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 11[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (332 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 11[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 charon[700]: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
июл 18 13:16:09 VPN-2 charon[700]: 11[IKE] received 250000000 lifebytes, configured 0
июл 18 13:16:09 VPN-2 charon[700]: 11[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 charon[700]: 11[NET] sending packet: from 192.168.1.217[4500] to 192.168.1.1[4500] (204 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 10[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (60 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 10[ENC] parsed QUICK_MODE request 1 [ HASH ]
июл 18 13:16:09 VPN-2 charon[700]: 10[IKE] CHILD_SA l2tp-vpn{27} established with SPIs c0c99bcc_i 078a755a_o and TS 192.168.1 .217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
июл 18 13:16:09 VPN-2 charon[700]: 10[IKE] CHILD_SA l2tp-vpn{27} established with SPIs c0c99bcc_i 078a755a_o and TS 192.168.1 .217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
июл 18 13:16:09 VPN-2 charon[700]: 12[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (332 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 12[ENC] parsed QUICK_MODE request 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 charon[700]: 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
июл 18 13:16:09 VPN-2 charon[700]: 12[IKE] received 250000000 lifebytes, configured 0
июл 18 13:16:09 VPN-2 charon[700]: 12[IKE] detected rekeying of CHILD_SA l2tp-vpn{27}
июл 18 13:16:09 VPN-2 charon[700]: 12[ENC] generating QUICK_MODE response 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
июл 18 13:16:09 VPN-2 charon[700]: 12[NET] sending packet: from 192.168.1.217[4500] to 192.168.1.1[4500] (204 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 13[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (60 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 13[ENC] parsed QUICK_MODE request 2 [ HASH ]
июл 18 13:16:09 VPN-2 charon[700]: 13[IKE] CHILD_SA l2tp-vpn{28} established with SPIs ca98ced8_i ee1a54b1_o and TS 192.168.1 .217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
июл 18 13:16:09 VPN-2 charon[700]: 13[IKE] CHILD_SA l2tp-vpn{28} established with SPIs ca98ced8_i ee1a54b1_o and TS 192.168.1 .217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
июл 18 13:16:09 VPN-2 charon[700]: 14[NET] received packet: from 192.168.1.1[4500] to 192.168.1.217[4500] (76 bytes)
июл 18 13:16:09 VPN-2 charon[700]: 14[ENC] parsed INFORMATIONAL_V1 request 2433558123 [ HASH D ]
июл 18 13:16:09 VPN-2 charon[700]: 14[IKE] received DELETE for ESP CHILD_SA with SPI 078a755a
июл 18 13:16:09 VPN-2 charon[700]: 14[IKE] closing CHILD_SA l2tp-vpn{27} with SPIs c0c99bcc_i (0 bytes) 078a755a_o (0 bytes) and TS 192.168.1.217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
июл 18 13:16:09 VPN-2 charon[700]: 14[IKE] closing CHILD_SA l2tp-vpn{27} with SPIs c0c99bcc_i (0 bytes) 078a755a_o (0 bytes) and TS 192.168.1.217/32[udp/l2f] === 192.168.1.1/32[udp/l2f]
Вариант для распечатки
(ok), 18-Июл-24, 12:29 
