{"id":9,"date":"2008-04-09T17:24:57","date_gmt":"2008-04-09T15:24:57","guid":{"rendered":"https:\/\/vpn.univ-fcomte.fr\/?p=9"},"modified":"2008-04-10T17:06:43","modified_gmt":"2008-04-10T15:06:43","slug":"probleme-linux-log-de-connexion","status":"publish","type":"post","link":"https:\/\/vpn.univ-fcomte.fr\/?p=9","title":{"rendered":"Probl\u00e8me linux : log de connexion"},"content":{"rendered":"<p>Les logs li\u00e9s \u00e0 une connexion VPN se trouvent dans <code>\/var\/log\/auth.log<\/code>, <code>\/var\/log\/syslog<\/code> et <code>\/var\/log\/messages<\/code>.<br \/>\nAu lancement de la connexion IPsec (on voit ici que la connexion est \u00e0 travers du nat) vous devez avoir des logs similaires \u00e0 ceux-ci dans <code>\/var\/log\/auth.log<\/code> (ou <code>\/var\/log\/messages<\/code>):<br \/>\n<code><span style=\"font-size: xx-small;\">#49: initiating Main Mode<br \/>\n#49: ignoring unknown Vendor ID payload [4f456c4c4f5d5264574e5244]<br \/>\n#49: received Vendor ID payload [Dead Peer Detection]<br \/>\n#49: received Vendor ID payload [RFC 3947] method set to=110<br \/>\n#49: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br \/>\n#49: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<br \/>\n#49: STATE_MAIN_I2: sent MI2, expecting MR2<br \/>\n#49: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed<br \/>\n#49: I am sending my cert<br \/>\n#49: I am sending a certificate request<br \/>\n#49: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br \/>\n#49: STATE_MAIN_I3: sent MI3, expecting MR3<br \/>\n#49: Main mode peer ID is ID_IPV4_ADDR: '194.57.91.251'<br \/>\n#49: no crl from issuer \"C=FR, ST=Franche-Comte, L=Besancon, O=UFC, OU=CRI, CN=CA-vpn, E=vpn-master@univ-fcomte.fr\" found (strict=no)<br \/>\n#49: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<br \/>\n#49: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<br \/>\n#50: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+UP {using isakmp#49}<br \/>\n#50: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br \/>\n#50: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=&gt;0x2e19c272 &lt;0x37ba5dd5 xfrm=AES_0-HMAC_SHA1 NATD=194.57.91.251:4500 DPD=none}<\/span><\/code><\/p>\n<p>Si vous n&rsquo;avez pas de log de connexion IPsec, il faut v\u00e9rifier votre fichier ipsec.conf, car il doit contenir des erreurs de syntaxe.<\/p>\n<p>lors de la connexion (x)l2tp vous devriez avoir dans <code><small>\/var\/log\/syslog<\/small><\/code> :<br \/>\n<code><small>: pppd 2.4.4 started by root, uid 0<br \/>\n: Using interface ppp0<br \/>\n: Connect: ppp0 &lt;--&gt; \/dev\/pts\/2<br \/>\n: Remote message: user2@lifc-edu connecte a lifc-edu^J<br \/>\n: PAP authentication succeeded<br \/>\n: replacing old default route to eth0 [192.168.1.254]<br \/>\n: local  IP address 172.20.128.37<br \/>\n: remote IP address 192.168.255.201<br \/>\n: primary   DNS address 194.57.91.200<br \/>\n: secondary DNS address 194.57.91.200<br \/>\n<\/small><\/code><br \/>\nvotre nouvelle adresse IP est pr\u00e9cis\u00e9e ici : <code><small>: local  IP address 172.20.128.37<\/small><\/code><\/p>\n<p>Si vous n&rsquo;avez pas de log (x)l2tp, vous pouvez lancer l2tpd en mode debug avec la commande suivante, en utilisateur root :<br \/>\n<code><small>\/etc\/init.d\/xl2tpd stop<\/small><\/code> ou <code><small>\/etc\/init.d\/l2tpd stop<\/small><\/code><br \/>\n<code><small>xl2tpd -D -c \/etc\/xl2tpd\/xl2tpd.conf<\/small><\/code> ou <code><small>l2tpd -D -c \/etc\/l2tpd\/l2tpd.conf<\/small><\/code><br \/>\nEnsuite effetcuez dans une autre fen\u00eatre root le montage du lien PPP<br \/>\n<code><small>echo \"c user2\" &gt; \/var\/run\/xl2tpd\/l2tp-control<\/small><\/code> ou <code><small>echo \"c user2\" &gt; \/var\/run\/l2tp-control<\/small><\/code><br \/>\nLe r\u00e9sultat des logs dans la premi\u00e8re fen\u00eatre doit vous apporter de l&rsquo;aide pour corriger votre probl\u00e8me.<br \/>\nSi cela persiste n&rsquo;h\u00e9sitez pas \u00e0 contacter votre correspondant r\u00e9seau ou vpn-master@univ-fcomte.fr<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les logs li\u00e9s \u00e0 une connexion VPN se trouvent dans \/var\/log\/auth.log, \/var\/log\/syslog et \/var\/log\/messages. Au lancement de la connexion IPsec (on voit ici que la connexion est \u00e0 travers du nat) vous devez avoir des logs similaires \u00e0 ceux-ci dans \/var\/log\/auth.log (ou \/var\/log\/messages): #49: initiating Main Mode #49: ignoring unknown Vendor ID payload [4f456c4c4f5d5264574e5244] #49: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[5,6,22],"class_list":["post-9","post","type-post","status-publish","format-standard","hentry","category-problemes-utilisateurs","tag-client","tag-linux","tag-log"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/9","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9"}],"version-history":[{"count":0,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}