服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Openswan + xl2tpd连接超时一会儿
Intereting Posts
审核Server 2008上Windows文件夹上的事件4656和4658 接入点争夺优势? linux的权限,当出现问题时,对于新手来说是不幸的 Netapp Filer – 我可以调整聚合? 在整个文件系统中查找包含string的文件 在Windows中启动时运行虚拟设备的选项 在Ubuntu 9.04中安装Subversion时出错 login时没有shell和启动应用程序 Windows Web Server 2008的限制? 组策略:为可移动驱动器强制执行写入caching 如何找出MYSQL5日志在哪里或是否存储在机器WHM / Cpanel上 用于高页面视图的Apacheconfiguration,长会话用户 – KeepAlive和MaxRequestvariables Linux主机不响应ICMPv6数据包太大消息而以较小的数据包大小进行重新传输 清漆3.0.2和ISPConfig 3.0.4 远程桌面和networking访问保护问题

Openswan + xl2tpd连接超时一会儿

我有一个非NAT的Openswan + xl2tpd服务器(Ubuntu 12.04),我连接到NAT后面的Windows 8。 经过一段时间的无所事事之后,客户失去了联系(30到60分钟之间,但我没有时间)。

客户端没有启用它应该杀死不活动的连接。 它也没有进入睡眠模式。 我也尝试将杀死时间设置为24小时,但这并没有帮助。

客户端所在的NAT路由器是Debian Linux, 它的路由器是一个Cisco,它将我们直接连接到服务器所在的数据中心。 我们的其他连接(如SSH)没有任何连接因没有任何活动而中断(因为廉价的路由器)。 不过我尝试打开/etc/ipsec.conf的keepalive: 

 config setup (...snip...) nat_traversal=yes force_keepalive=yes keep_alive=10

但是这并没有帮助。

正如你在后面的configuration中看到的,死对等检测的行为是清楚的。 这将是第一个需要解决的问题,但我需要清楚,因为人们将会从厨房的水槽连接到任何地方。 此外,正如我所说的,在现在的testing环境中,我看不到任何设备会中断连接。 (编辑:'重启'也有同样的效果)

这是它发生的一次: 

 Jul 18 16:18:06 host xl2tpd[1918]: Maximum retries exceeded for tunnel 49070. Closing. Jul 18 16:18:06 host xl2tpd[1918]: Terminating pppd: sending TERM signal to pid 18359 Jul 18 16:18:06 host xl2tpd[1918]: Connection 4 closed to 89.188.xy, port 1701 (Timeout) Jul 18 16:18:11 host xl2tpd[1918]: Unable to deliver closing message for tunnel 49070. Destroying anyway.

而另一个: 

 Jul 18 17:44:39 host xl2tpd[1918]: udp_xmit failed to 89.188.xy:1701 with err=-1:Operation not permitted Jul 18 17:44:43 xl2tpd[1918]: last message repeated 4 times Jul 18 17:44:43 host xl2tpd[1918]: Maximum retries exceeded for tunnel 10918. Closing. Jul 18 17:44:43 host xl2tpd[1918]: udp_xmit failed to 89.188.xy:1701 with err=-1:Operation not permitted Jul 18 17:44:43 host xl2tpd[1918]: Terminating pppd: sending TERM signal to pid 26338 Jul 18 17:44:43 host xl2tpd[1918]: Connection 6 closed to 89.188.xy, port 1701 (Timeout) Jul 18 17:44:44 host xl2tpd[1918]: udp_xmit failed to 89.188.xy:1701 with err=-1:Operation not permitted Jul 18 17:44:48 xl2tpd[1918]: last message repeated 3 times Jul 18 17:44:48 host xl2tpd[1918]: Unable to deliver closing message for tunnel 10918. Destroying anyway. Jul 18 17:44:59 host xl2tpd[1918]: Can not find tunnel 10918 (refhim=0) Jul 18 17:44:59 host xl2tpd[1918]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 10918 Dumping. Jul 18 17:45:09 host xl2tpd[1918]: Can not find tunnel 10918 (refhim=0) Jul 18 17:45:09 host xl2tpd[1918]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 10918 Dumping. Jul 18 17:45:19 host xl2tpd[1918]: Can not find tunnel 10918 (refhim=0) Jul 18 17:45:19 host xl2tpd[1918]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 10918 Dumping. Jul 18 17:45:29 host xl2tpd[1918]: Can not find tunnel 10918 (refhim=0) Jul 18 17:45:29 host xl2tpd[1918]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 10918 Dumping. Jul 18 17:45:39 host xl2tpd[1918]: Can not find tunnel 10918 (refhim=0) Jul 18 17:45:39 host xl2tpd[1918]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 10918 Dumping. Jul 18 17:45:49 host xl2tpd[1918]: Can not find tunnel 10918 (refhim=0) Jul 18 17:45:49 host xl2tpd[1918]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 10918 Dumping.

版本:

  • Ubuntu 12.04
  • Openswan:2.6.37-1
  • xl2tpd:3.1 + dfsg-1
  • 内核:3.2.0-49-generic

CONFIGS:

/etc/ipsec.conf: 

 version 2.0 # conforms to second version of ipsec.conf specification config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24 oe=off protostack=netkey force_keepalive=yes keep_alive=10 conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=2 rekey=no dpddelay=30 dpdtimeout=120 dpdaction=clear ikelifetime=8h keylife=1h type=transport left=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any

/etc/xl2tpd/xl2tpd.conf 

 [global] ipsec saref = no [lns default] ip range = 10.152.2.2-10.152.2.254 local ip = 10.152.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = no pppoptfile = /etc/ppp/options.xl2tpd length bit = yes

/etc/ppp/options.xl2tpd: 

 require-mschap-v2 refuse-mschap ms-dns 10.152.2.1 asyncmap 0 auth crtscts idle 1800 mtu 1200 mru 1200 lock hide-password local #debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4

在你的/etc/ppp/options.xl2tpd文件中有'空闲1800',即30分钟。

您可以尝试将该值设置为更高的值,或者执行如下所示的可怕操作: 

 while true; do echo "c default" 1>/var/run/xl2tpd/l2tp-control; sleep 1500; done

很可能您的会话重新build立通信没有完成。 我会先看看:
– ubuntu防火墙规则( iptables-save
– 在ubuntu机器上的ipsec相关networkingstream量( tcpdump -s 0 -w capturefile.pcap -n -i $vpn_external_interface '$remote_client_ip or icmp or ip proto 50 or udp port 500'
– 事件日志中的ipsec相关事件。 本文logging了一些事件,它是为Windows 7编写的,但也适用于Windows 8。
– Cisco路由器(如果有权访问)空闲连接超时参数。