NAT 之后的 l2tpd 服务端问题

coolzsb · 发表于 2004-6-18 11:18:40

服务端为 strongswan+l2tpd做的ipsec/l2tp vpn（l2tpd的版本是0.69），在直接连接的情况下，客户端连接测试一切正常，因为本单位网络情况所限，该服务器只能通过NAT给外网提供服务，于是作了个测试环境

ipsec/l2tp vpnserver ====== NAT gateway ====== 2000/xp ipsec/l2tp client
192.168.1.2 192.168.1.1 10.6.88.221 10.6.88.222
(gw=192.168.1.1)

通过iptables的DNAT，将对10.6.88.221的 udp 500,udp 4500,udp 1701,esp访问请求转发到192.168.1.2
此时，客户端可以同服务端建立ipsec tunnel，l2tpd段也接收到了客户端的请求，可是无法建立l2tp tunnel

l2tpd的log如下，请对l2tpd有经验的朋友多多指教

Jun 17 22:57:45 HomeVpn l2tpd[707]: ourtid = 9011, entropy_buf = 2333
Jun 17 22:57:45 HomeVpn l2tpd[707]: ourcid = 60246, entropy_buf = eb56
Jun 17 22:57:45 HomeVpn l2tpd[707]: check_control: control, cid = 0, Ns = 0, Nr = 0
Jun 17 22:57:45 HomeVpn l2tpd[707]: handle_avps: handling avp's for tunnel 9011, call 60246
Jun 17 22:57:45 HomeVpn l2tpd[707]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Jun 17 22:57:45 HomeVpn l2tpd[707]: protocol_version_avp: peer is using version 1, revision 0.
Jun 17 22:57:45 HomeVpn l2tpd[707]: framing_caps_avp: supported peer frames: sync
Jun 17 22:57:45 HomeVpn l2tpd[707]: bearer_caps_avp: supported peer bearers:
Jun 17 22:57:45 HomeVpn l2tpd[707]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Jun 17 22:57:45 HomeVpn l2tpd[707]: hostname_avp: peer reports hostname 'coolzsb'
Jun 17 22:57:45 HomeVpn l2tpd[707]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Jun 17 22:57:45 HomeVpn l2tpd[707]: assigned_tunnel_avp: using peer's tunnel 42
Jun 17 22:57:45 HomeVpn l2tpd[707]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Jun 17 22:57:46 HomeVpn l2tpd[707]: ourtid = 15722, entropy_buf = 3d6a
Jun 17 22:57:46 HomeVpn l2tpd[707]: ourcid = 52297, entropy_buf = cc49
Jun 17 22:57:46 HomeVpn l2tpd[707]: check_control: control, cid = 0, Ns = 0, Nr = 0
Jun 17 22:57:46 HomeVpn l2tpd[707]: handle_avps: handling avp's for tunnel 15722, call 52297
Jun 17 22:57:46 HomeVpn l2tpd[707]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Jun 17 22:57:46 HomeVpn l2tpd[707]: protocol_version_avp: peer is using version 1, revision 0.
Jun 17 22:57:46 HomeVpn l2tpd[707]: framing_caps_avp: supported peer frames: sync
Jun 17 22:57:46 HomeVpn l2tpd[707]: bearer_caps_avp: supported peer bearers:
Jun 17 22:57:46 HomeVpn l2tpd[707]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Jun 17 22:57:46 HomeVpn l2tpd[707]: hostname_avp: peer reports hostname 'coolzsb'
Jun 17 22:57:46 HomeVpn l2tpd[707]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Jun 17 22:57:46 HomeVpn l2tpd[707]: assigned_tunnel_avp: using peer's tunnel 42
Jun 17 22:57:46 HomeVpn l2tpd[707]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Jun 17 22:57:46 HomeVpn l2tpd[707]: control_finish: Peer requested tunnel 42 twice, ignoring second one.
Jun 17 22:57:48 HomeVpn l2tpd[707]: ourtid = 26414, entropy_buf = 672e
Jun 17 22:57:48 HomeVpn l2tpd[707]: ourcid = 16412, entropy_buf = 401c
Jun 17 22:57:48 HomeVpn l2tpd[707]: check_control: control, cid = 0, Ns = 0, Nr = 0
Jun 17 22:57:48 HomeVpn l2tpd[707]: handle_avps: handling avp's for tunnel 26414, call 16412
Jun 17 22:57:48 HomeVpn l2tpd[707]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Jun 17 22:57:48 HomeVpn l2tpd[707]: protocol_version_avp: peer is using version 1, revision 0.
Jun 17 22:57:48 HomeVpn l2tpd[707]: framing_caps_avp: supported peer frames: sync
Jun 17 22:57:48 HomeVpn l2tpd[707]: bearer_caps_avp: supported peer bearers:
Jun 17 22:57:48 HomeVpn l2tpd[707]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Jun 17 22:57:48 HomeVpn l2tpd[707]: hostname_avp: peer reports hostname 'coolzsb'
Jun 17 22:57:48 HomeVpn l2tpd[707]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Jun 17 22:57:48 HomeVpn l2tpd[707]: assigned_tunnel_avp: using peer's tunnel 42
Jun 17 22:57:48 HomeVpn l2tpd[707]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Jun 17 22:57:48 HomeVpn l2tpd[707]: control_finish: Peer requested tunnel 42 twice, ignoring second one.
Jun 17 22:57:50 HomeVpn l2tpd[707]: control_xmit: Maximum retries exceeded for tunnel 9011.  Closing.
Jun 17 22:57:52 HomeVpn l2tpd[707]: ourtid = 38352, entropy_buf = 95d0
Jun 17 22:57:52 HomeVpn l2tpd[707]: ourcid = 19902, entropy_buf = 4dbe
Jun 17 22:57:52 HomeVpn l2tpd[707]: check_control: control, cid = 0, Ns = 0, Nr = 0
Jun 17 22:57:52 HomeVpn l2tpd[707]: handle_avps: handling avp's for tunnel 38352, call 19902
Jun 17 22:57:52 HomeVpn l2tpd[707]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Jun 17 22:57:52 HomeVpn l2tpd[707]: protocol_version_avp: peer is using version 1, revision 0.
Jun 17 22:57:52 HomeVpn l2tpd[707]: framing_caps_avp: supported peer frames: sync
Jun 17 22:57:52 HomeVpn l2tpd[707]: bearer_caps_avp: supported peer bearers:
Jun 17 22:57:52 HomeVpn l2tpd[707]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Jun 17 22:57:52 HomeVpn l2tpd[707]: hostname_avp: peer reports hostname 'coolzsb'
Jun 17 22:57:52 HomeVpn l2tpd[707]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Jun 17 22:57:52 HomeVpn l2tpd[707]: assigned_tunnel_avp: using peer's tunnel 42
Jun 17 22:57:52 HomeVpn l2tpd[707]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Jun 17 22:57:52 HomeVpn l2tpd[707]: control_finish: Peer requested tunnel 42 twice, ignoring second one.
Jun 17 22:57:55 HomeVpn l2tpd[707]: control_xmit: Unable to deliver closing message for tunnel 9011. Destroying anyway.
Jun 17 22:58:00 HomeVpn l2tpd[707]: ourtid = 16235, entropy_buf = 3f6b
Jun 17 22:58:00 HomeVpn l2tpd[707]: ourcid = 21069, entropy_buf = 524d
Jun 17 22:58:00 HomeVpn l2tpd[707]: check_control: control, cid = 0, Ns = 0, Nr = 0
Jun 17 22:58:00 HomeVpn l2tpd[707]: handle_avps: handling avp's for tunnel 16235, call 21069
Jun 17 22:58:00 HomeVpn l2tpd[707]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Jun 17 22:58:00 HomeVpn l2tpd[707]: protocol_version_avp: peer is using version 1, revision 0.
Jun 17 22:58:00 HomeVpn l2tpd[707]: framing_caps_avp: supported peer frames: sync
Jun 17 22:58:00 HomeVpn l2tpd[707]: bearer_caps_avp: supported peer bearers:
Jun 17 22:58:00 HomeVpn l2tpd[707]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Jun 17 22:58:00 HomeVpn l2tpd[707]: hostname_avp: peer reports hostname 'coolzsb'
Jun 17 22:58:00 HomeVpn l2tpd[707]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Jun 17 22:58:00 HomeVpn l2tpd[707]: assigned_tunnel_avp: using peer's tunnel 42
Jun 17 22:58:00 HomeVpn l2tpd[707]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Jun 17 22:58:05 HomeVpn l2tpd[707]: control_xmit: Maximum retries exceeded for tunnel 16235.  Closing.
Jun 17 22:58:10 HomeVpn l2tpd[707]: control_xmit: Unable to deliver closing message for tunnel 16235. Destroying anyway.

		自动登录	找回密码
密码			注册