bonjour,
Connexion impossible à un serveur VPN TMG Forefront (ou je me connecte très bien en PPTP) via L2TP , à l'aide edu network manager,
D'autre part, je m'y connecte très bien depuis mon windows, en pptp ou en L2TP
j'observe actuellement ceci dans les logs
/var/message:
Dec 4 06:17:09 bruno NetworkManager[1175]: <info> Starting VPN service 'l2tp'...
Dec 4 06:17:09 bruno NetworkManager[1175]: <info> VPN service 'l2tp' started (org.freedesktop.NetworkManager.l2tp), PID 7356
Dec 4 06:17:09 bruno NetworkManager[1175]: <info> VPN service 'l2tp' appeared; activating connections
Dec 4 06:17:09 bruno NetworkManager[1175]: <info> Auto-activating connection 'Esclave bridge0 1'.
Dec 4 06:17:09 bruno NetworkManager[1175]: <info> VPN connection 'VPN XXX L2tp' (ConnectInteractive) reply received.
Dec 4 06:17:09 bruno NetworkManager[1175]: <info> VPN plugin state changed: starting (3)
Dec 4 06:17:11 bruno kernel: [ 600.875688] AVX2 instructions are not detected.
Dec 4 06:17:11 bruno kernel: [ 600.928189] AVX2 or AES-NI instructions are not detected.
Dec 4 06:17:11 bruno NetworkManager[1175]: <info> VPN connection 'VPN XXX L2tp' (Connect) reply received.
Dec 4 06:17:11 bruno NetworkManager[1175]: <warn> VPN connection 'VPN XXX L2tp' failed to connect: 'Possible error in IPSec setup.'.
Dec 4 06:17:11 bruno NetworkManager[1175]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Dec 4 06:17:11 bruno NetworkManager[1175]: <info> Auto-activating connection 'Esclave bridge0 1'.
Dec 4 06:17:45 bruno kernel: [ 635.667188] sdf:
Dec 4 06:20:11 bruno NetworkManager[1175]: <info> VPN service 'l2tp' disappeared
Dec 4 06:20:23 bruno dbus[1037]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Dec 4 06:20:23 bruno dbus[1037]: [system] Successfully activated service 'net.reactivated.Fprint'
package installé :
libreswan.x86_64
config ipsec :
ipsec verify
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.13 (netkey) on 4.2.6-301.fc23.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax Traceback (most recent call last):
File "/usr/libexec/ipsec/verify", line 477, in <module>
main()
File "/usr/libexec/ipsec/verify", line 466, in main
plutocheck()
File "/usr/libexec/ipsec/verify", line 121, in plutocheck
ipsecsecretcheck()
File "/usr/libexec/ipsec/verify", line 375, in ipsecsecretcheck
output = output.decode(prefencoding)
AttributeError: 'str' object has no attribute 'decode'
fichier /etc/sysctl.conf:
sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.bond0.rp_filter = 0
net.ipv4.conf.enp10s0.rp_filter = 0
net.ipv4.conf.enp5s0f0.rp_filter = 0
net.ipv4.conf.enp5s0f1.rp_filter = 0
net.ipv4.conf.virbr0.rp_filter = 0
net.ipv4.conf.virbr0-nic.rp_filter = 0
net.ipv4.conf.wlp6s0.rp_filter = 0
# desactivation des envois de redirections ICMP
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.bond0.send_redirects = 0
net.ipv4.conf.enp10s0.send_redirects = 0
net.ipv4.conf.enp5s0f0.send_redirects = 0
net.ipv4.conf.enp5s0f1.send_redirects = 0
net.ipv4.conf.virbr0.send_redirects = 0
net.ipv4.conf.virbr0-nic.send_redirects = 0
net.ipv4.conf.wlp6s0.send_redirects = 0
# desactivation des acceptation de redirections ICMP
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.bond0.accept_redirects = 0
net.ipv4.conf.enp10s0.accept_redirects = 0
net.ipv4.conf.enp5s0f0.accept_redirects = 0
net.ipv4.conf.enp5s0f1.accept_redirects = 0
net.ipv4.conf.virbr0.accept_redirects = 0
net.ipv4.conf.virbr0-nic.accept_redirects = 0
net.ipv4.conf.wlp6s0.accept_redirects = 0
fichier /etc/sysctl.d/monfichier.secrets :
%any NOM_DSN_DE_MON_SERVEUR_VPN : PSK "MA_CLE__PRE_PARTAGEE"
fichier /etc/xl2tpd/l2tp-secrets :
* * MA_CLE__PRE_PARTAGEE
service ipsec enabled et started
Ports ouverts sur firewalld
500/udp
4500/udp
1701/udp
Auriez vous une idée ?
merci !
crdlt
BruniX