VPN L2TP/Ipsec : Problème en rsasig (xl2tpd/racoon)

Bonjour les gens :smiley:

Je viens vers vous car je suis bloqué sur mon serveur vpn : j’ai une erreur qui reviens en boucle quelque soit les manipulations que je fait dans mes fichiers de conf.
Enfin, il s’agit du" racoon NOTIFY the packet is retransmitted by"

Sachant que j’utilise xl2tpd et racoon, et que j’ai suivi le tutoriel ci-contre :https://wiki.debian.org/HowTo/AndroidVPNServer

Je tiens à préciser que mon serveur fonctionne lorsqu’il est configuré en presharedkey mais pas en rsasig, et qu’il tourne sur une vm.

racoon.conf:

NOTE: This file will not be used if you use racoon-tool(8) to manage your

IPsec connections. racoon-tool will process racoon-tool.conf(5) and

generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead

of this file.

Simple racoon.conf

Please look in /usr/share/doc/racoon/examples for

examples that come with the source.

Please read racoon.conf(5) for details, and alsoread setkey(8).

Also read the Linux IPSEC Howto up at

ipsec-howto.org/t1.html

log notify;
path certificate “/etc/racoon/certs”;
path pre_shared_key “/etc/racoon/psk.txt”;
#remote 172.31.1.1 {

exchange_mode main,aggressive;

proposal {

encryption_algorithm 3des;

hash_algorithm sha1;

authentication_method pre_shared_key;

dh_group modp1024;

}

generate_policy off;

#}

#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {

pfs_group modp768;

encryption_algorithm 3des;

authentication_algorithm hmac_md5;

compression_algorithm deflate;

#}
remote anonymous {
exchange_mode main;

verify_identifier off;
#my_identifier fqdn "ADLO SRV";

#certificats et clés

peers_certfile x509 "phone.pem";
certificate_type x509 "server.pem" "server_good.key";
ca_type x509 "ca.pem";

passive on;
generate_policy on;
nat_traversal on;
proposal_check obey;
dpd_delay 20;

proposal {
	encryption_algorithm aes;
	hash_algorithm md5;
	authentication_method rsasig;
	dh_group modp1024;
}

}
sainfo anonymous {
encryption_algorithm aes,3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}

xl2tpd.conf:

[global]
access control = no
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes

[lns default]
ip range = 192.168.100.100-192.168.100.110
local ip = 192.168.100.99
require authentication = yes
require chap = yes
ppp debug = yes

refuse pap = yes
length bit = yes
name = l2tpd
pppoptfile = /etc/ppp/xl2tpd-options

xl2tpd-options:

auth
nodefaultroute
lock
proxyarp
require-chap
ms-dns 8.8.8.8
ms-dns 8.8.4.4

syslog:

Feb 5 19:38:09 VPN-RSA racoon: INFO: Reading configuration from "/etc/racoon/racoon.conf"
Feb 5 19:38:09 VPN-RSA racoon: DEBUG: call pfkey_send_register for AH
Feb 5 19:38:09 VPN-RSA racoon: DEBUG: call pfkey_send_register for ESP
Feb 5 19:38:09 VPN-RSA racoon: DEBUG: call pfkey_send_register for IPCOMP
Feb 5 19:38:09 VPN-RSA racoon: DEBUG: reading config file /etc/racoon/racoon.conf
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.0[500] used for NAT-T
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.0[500] used as isakmp port (fd=8)
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.0[4500] used for NAT-T
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.0[4500] used as isakmp port (fd=9)
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.1[500] used for NAT-T
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=10)
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.1[4500] used for NAT-T
Feb 5 19:38:09 VPN-RSA racoon: INFO: 127.0.0.1[4500] used as isakmp port (fd=11)
Feb 5 19:38:09 VPN-RSA racoon: INFO: 192.168.0.26[500] used for NAT-T
Feb 5 19:38:09 VPN-RSA racoon: INFO: 192.168.0.26[500] used as isakmp port (fd=12)
Feb 5 19:38:09 VPN-RSA racoon: INFO: 192.168.0.26[4500] used for NAT-T
Feb 5 19:38:09 VPN-RSA racoon: INFO: 192.168.0.26[4500] used as isakmp port (fd=13)
Feb 5 19:38:09 VPN-RSA racoon: INFO: ::1[500] used as isakmp port (fd=14)
Feb 5 19:38:09 VPN-RSA racoon: INFO: ::1[4500] used as isakmp port (fd=15)
Feb 5 19:38:09 VPN-RSA racoon: INFO: fe80::a00:27ff:fede:17b7%eth0[500] used as isakmp port (fd=16)
Feb 5 19:38:09 VPN-RSA racoon: INFO: fe80::a00:27ff:fede:17b7%eth0[4500] used as isakmp port (fd=17)
Feb 5 19:38:16 VPN-RSA racoon: INFO: respond new phase 1 negotiation: 192.168.0.26[500]<=>192.168.0.12[500]
Feb 5 19:38:16 VPN-RSA racoon: INFO: begin Identity Protection mode.
Feb 5 19:38:16 VPN-RSA racoon: INFO: received Vendor ID: RFC 3947
Feb 5 19:38:16 VPN-RSA racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Feb 5 19:38:16 VPN-RSA racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02#012
Feb 5 19:38:16 VPN-RSA racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Feb 5 19:38:16 VPN-RSA racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Feb 5 19:38:16 VPN-RSA racoon: INFO: received Vendor ID: DPD
Feb 5 19:38:16 VPN-RSA racoon: [192.168.0.12] INFO: Selected NAT-T version: RFC 3947
Feb 5 19:38:16 VPN-RSA racoon: [192.168.0.26] INFO: Hashing 192.168.0.26[500] with algo #1
Feb 5 19:38:16 VPN-RSA racoon: INFO: NAT-D payload #0 verified
Feb 5 19:38:16 VPN-RSA racoon: [192.168.0.12] INFO: Hashing 192.168.0.12[500] with algo #1
Feb 5 19:38:16 VPN-RSA racoon: INFO: NAT-D payload #1 verified
Feb 5 19:38:16 VPN-RSA racoon: INFO: NAT not detected
Feb 5 19:38:16 VPN-RSA racoon: [192.168.0.12] INFO: Hashing 192.168.0.12[500] with algo #1
Feb 5 19:38:16 VPN-RSA racoon: [192.168.0.26] INFO: Hashing 192.168.0.26[500] with algo #1
Feb 5 19:38:16 VPN-RSA racoon: INFO: Adding remote and local NAT-D payloads.
Feb 5 19:38:16 VPN-RSA racoon: INFO: ISAKMP-SA established 192.168.0.26[500]-192.168.0.12[500] spi:cfbcff8391d4836d:be920ce807abe37b
Feb 5 19:38:19 VPN-RSA racoon: NOTIFY: the packet is retransmitted by 192.168.0.12[500] (1).
Feb 5 19:38:22 VPN-RSA racoon: NOTIFY: the packet is retransmitted by 192.168.0.12[500] (1).
Feb 5 19:38:25 VPN-RSA racoon: NOTIFY: the packet is retransmitted by 192.168.0.12[500] (1).
Feb 5 19:38:27 VPN-RSA racoon: NOTIFY: the packet is retransmitted by 192.168.0.12[500] (1).
Feb 5 19:38:30 VPN-RSA racoon: NOTIFY: the packet is retransmitted by 192.168.0.12[500] (1).
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: network_thread: recv packet from 192.168.0.12, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: get_call: allocating new tunnel for host 192.168.0.12, port 60929.
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: handle_avps: handling avp’s for tunnel 26838, call 16676
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: protocol_version_avp: peer is using version 1, revision 0.
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: hostname_avp: peer reports hostname 'anonymous’
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: framing_caps_avp: supported peer frames: async sync
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: assigned_tunnel_avp: using peer’s tunnel 18430
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: receive_window_size_avp: peer wants RWS of 1. Will use flow control.
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 18430, call is 0.
Feb 5 19:38:46 VPN-RSA xl2tpd[2953]: control_finish: sending SCCRP
Feb 5 19:38:48 VPN-RSA xl2tpd[2953]: network_thread: recv packet from 192.168.0.12, size = 36, tunnel = 0, call = 0 ref=0 refhim=0
Feb 5 19:38:48 VPN-RSA xl2tpd[2953]: get_call: allocating new tunnel for host 192.168.0.12, port 60929.
Feb 5 19:38:48 VPN-RSA xl2tpd[2953]: check_control: Received out of order control packet on tunnel -1 (got 1, expected 0)
Feb 5 19:38:48 VPN-RSA xl2tpd[2953]: handle_packet: bad control packet!
Feb 5 19:38:48 VPN-RSA xl2tpd[2953]: network_thread: bad packet
Feb 5 19:38:48 VPN-RSA xl2tpd[2953]: build_fdset: closing down tunnel 9227
Feb 5 19:38:49 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:50 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:51 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:52 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:53 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:53 VPN-RSA xl2tpd[2953]: Maximum retries exceeded for tunnel 26838. Closing.
Feb 5 19:38:53 VPN-RSA xl2tpd[2953]: Connection 18430 closed to 192.168.0.12, port 60929 (Timeout)
Feb 5 19:38:54 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:55 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:56 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:57 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:58 VPN-RSA xl2tpd[2953]: network_thread: select timeout
Feb 5 19:38:58 VPN-RSA xl2tpd[2953]: Unable to deliver closing message for tunnel 26838. Destroying anyway.
Feb 5 19:39:01 VPN-RSA racoon: [192.168.0.12] INFO: DPD: remote (ISAKMP-SA spi=cfbcff8391d4836d:be920ce807abe37b) seems to be dead.
Feb 5 19:39:01 VPN-RSA racoon: INFO: purging ISAKMP-SA spi=cfbcff8391d4836d:be920ce807abe37b.
Feb 5 19:39:01 VPN-RSA racoon: INFO: purged ISAKMP-SA spi=cfbcff8391d4836d:be920ce807abe37b.
Feb 5 19:39:01 VPN-RSA racoon: INFO: ISAKMP-SA deleted 192.168.0.26[500]-192.168.0.12[500] spi:cfbcff8391d4836d:be920ce807abe37b

Merci d’avance à tous ceux qui essayerons de m’aider en tout cas ^^

Petit up svp ^^