FreeBSD L2TP / IPsec不会将stream量路由到vpn服务器

我已经在我的FreeBSD服务器上configuration了一个VPN服务器，它似乎都在运行，但是VPNstream量没有路由到本地VPN服务器，我不知道为什么。 所以我的问题是，我目前的设置有什么问题？ 注意防火墙禁用testing目的。

我的服务器IP是172.10.10.240，DNS的IP地址是192.168.155.2，最后我想要的IP地址范围是“172.10.10.150 – > 172.10.10.199”

所以我试图连接到我的服务器从Android手机（IPV6地址蒙面），我连接，这是wireshark转储

13:33:16.467067 IP XXX-XXX-h-15-6.XXX.02.XXX.54600 > 172.10.10.240.l2f: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *HOST_NAME(anonymous) *FRAMING_CAP(AS) *ASSND_TUN_ID(35359) *RECV_WIN_SIZE(1) 13:33:16.467162 IP XXX-XXX-h-15-6.XXX.02.XXX.54600 > 172.10.10.240.l2f: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(35359) *RESULT_CODE(6) 

在这里，你可以看到服务器正在从设备获取连接，进入，但没有别的。

• 如何取消绑定以仅使用DNSSEC？
• 从安装和定制的FreeBSD 10.1构build定制的可启动镜像
• freebsd第一次无法启动mysql
• 两个相同的服务器，其中一个有两个CPU负载
• SVN与HTTPS合并挂在FreeBSD上

我的racoon.log

 2014-12-23 12:07:22: INFO: @(#)ipsec-tools 0.8.1 (http://ipsec-tools.sourceforge.net) 2014-12-23 12:07:22: INFO: @(#)This product linked OpenSSL 1.0.1j-freebsd 15 Oct 2014 (http://www.openssl.org/) 2014-12-23 12:07:22: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" 2014-12-23 12:07:22: INFO: 172.10.10.240[4500] used for NAT-T 2014-12-23 12:07:22: INFO: 172.10.10.240[4500] used as isakmp port (fd=4) 2014-12-23 12:07:22: INFO: 172.10.10.240[500] used for NAT-T 2014-12-23 12:07:22: INFO: 172.10.10.240[500] used as isakmp port (fd=5) 

没有在这里，让我们看看我的racoon.conf

 path pre_shared_key "/usr/local/etc/racoon/psk.txt"; listen { isakmp 172.10.10.240 [500]; isakmp_natt 172.10.10.240 [4500]; strict_address; } remote anonymous { exchange_mode main; passive on; proposal_check obey; support_proxy on; nat_traversal on; ike_frag on; dpd_delay 20; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { encryption_algorithm aes,3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; pfs_group modp1024; } 

mpd.conf

 startup: # configure mpd users set user super adminpassword admin # configure the console set console self 127.0.0.1 5005 set console open # configure the web server set web self 0.0.0.0 5006 set web open default: load l2tp_server l2tp_server: # Define dynamic IP address pool. set ippool add pool_l2tp 172.10.10.150 172.10.10.199 # Create clonable bundle template named B_l2tp create bundle template B_l2tp set iface enable proxy-arp set iface enable tcpmssfix set ipcp yes vjcomp # Specify IP address pool for dynamic assigment. set ipcp ranges 172.10.10.0/24 ippool pool_l2tp set ipcp dns 192.168.155.2 # Create clonable link template named L_l2tp create link template L_l2tp l2tp set link action bundle B_l2tp set link mtu 1230 set link keep-alive 0 0 set link yes acfcomp protocomp set link no pap chap eap set link enable chap # Configure L2TP set l2tp self 172.10.10.240 set l2tp disable dataseq # Allow to accept calls set link enable incoming 

setkey.conf

 flush; spdflush; spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in ipsec esp/transport//require; spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require; 

sysctl.conf的

 net.link.tap.up_on_open=1 net.inet.tcp.tso=0 net.inet.ipsec.filtertunnel=0 net.inet6.ipsec6.filtertunnel=0 

自定义内核选项

 device crypto options IPSEC_DEBUG options IPSEC_NAT_T 

在/etc/rc.conf

 gateway_enable="YES" ipsec_enable="YES" ipsec_program="/usr/local/sbin/setkey" ipsec_file="/usr/local/etc/racoon/setkey.conf" racoon_enable="YES" racoon_flags="-l /var/log/racoon.log" mpd_enable="YES" 

最后是一些debugging

 # setkey -D No SAD entries. 

/usr/local/etc/racoon/psk.txt

 cat /usr/local/etc/racoon/psk.txt * testpsk