1 votos

Leonard avatar

Servidor VPN en Catalina

Preguntado el 25 de Noviembre, 2019
Cuando se hizo la pregunta
4460 visitas
Cuantas visitas ha tenido la pregunta
2 Respuestas
Cuantas respuestas ha tenido la pregunta
Resuelta
Estado actual de la pregunta

He configurado un servidor VPN en mi Mac Mini siguiendo las instrucciones de https://robintiwari.com/post/how-to-set-up-vpn-server-on-MacOS

Asignación de direcciones IP de 201 a 216.

Los puertos están abiertos y reenviados a mi Mac Mini (y el problema descrito a continuación también se produce al intentar conectarse desde la red doméstica).

Al conectar con iOS 13 me aparecen las siguientes entradas en /var/log/vpnd.log

Al intentar conectarme me sale

2019-11-25 20:53:34 CET Incoming call... Address given to client = 192.168.1.205
Mon Nov 25 20:53:34 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:34 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:34 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:34 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:34 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:34 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:34 2019 : L2TP sent SCCRP
2019-11-25 20:53:34 CET Incoming call... Address given to client = 192.168.1.206
Mon Nov 25 20:53:34 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:34 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:34 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:34 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:34 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:34 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:34 2019 : L2TP sent SCCRP
2019-11-25 20:53:36 CET Incoming call... Address given to client = 192.168.1.207
Mon Nov 25 20:53:36 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:36 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:36 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:36 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:36 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:36 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:36 2019 : L2TP sent SCCRP
2019-11-25 20:53:40 CET Incoming call... Address given to client = 192.168.1.208
Mon Nov 25 20:53:40 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:40 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:40 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:40 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:40 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:40 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:40 2019 : L2TP sent SCCRP
2019-11-25 20:53:44 CET Incoming call... Address given to client = 192.168.1.209
Mon Nov 25 20:53:44 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:44 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:44 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:44 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:44 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:44 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:44 2019 : L2TP sent SCCRP
2019-11-25 20:53:48 CET Incoming call... Address given to client = 192.168.1.210
Mon Nov 25 20:53:48 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:48 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:48 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:48 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:48 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:48 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:48 2019 : L2TP sent SCCRP
2019-11-25 20:53:52 CET Incoming call... Address given to client = 192.168.1.211
Mon Nov 25 20:53:52 2019 : Directory Services Authorization plugin initialized
Mon Nov 25 20:53:52 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:52 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:52 2019 : publish_entry SCDSet() failed: Success!
Mon Nov 25 20:53:52 2019 : L2TP incoming call in progress from '192.168.1.1'...
Mon Nov 25 20:53:52 2019 : L2TP received SCCRQ
Mon Nov 25 20:53:52 2019 : L2TP sent SCCRP
2019-11-25 20:53:54 CET    --> Client with address = 192.168.1.205 has hungup
2019-11-25 20:53:55 CET    --> Client with address = 192.168.1.206 has hungup
2019-11-25 20:53:57 CET    --> Client with address = 192.168.1.207 has hungup
2019-11-25 20:54:01 CET    --> Client with address = 192.168.1.208 has hungup
2019-11-25 20:54:05 CET    --> Client with address = 192.168.1.209 has hungup
2019-11-25 20:54:08 CET    --> Client with address = 192.168.1.210 has hungup
2019-11-25 20:54:12 CET    --> Client with address = 192.168.1.211 has hungup

¿Alguna pista?

Editar

Estos son los registros del iPhone intentando conectarse:

default 21:24:46.761882+0100    pppd    NetworkExtension is the controller
default 21:24:46.782624+0100    nesessionmanager    Got a new session client connection from pppd(6313)
default 21:24:46.782721+0100    nesessionmanager    NESMLegacySession[Casa:5FAFF43E-28EA-45E8-8B44-8D6769CCE159]: Adding a connection for client pppd[6313]
default 21:24:46.783978+0100    pppd    publish_entry SCDSet() failed: Success!
default 21:24:46.784915+0100    pppd    publish_entry SCDSet() failed: Success!
default 21:24:46.786506+0100    pppd    pppd 2.4.2 (Apple version 862) started by root, uid 0
default 21:24:46.789427+0100    pppd    l2tp_get_router_address
default 21:24:46.791187+0100    pppd    l2tp_get_router_address 192.168.1.1 from dict 1
default 21:24:46.799911+0100    mDNSResponder   [R107468] DNSServiceCreateConnection START PID[6313](pppd)
default 21:24:46.799971+0100    mDNSResponder   [R107469] DNSServiceQueryRecord(15000, 0, <private>, Addr) START PID[6313](pppd)
default 21:24:46.837876+0100    mDNSResponder   [R107469] DNSServiceQueryRecord(15000, 0, <private>, Addr) STOP PID[6313](pppd)
default 21:24:46.841876+0100    pppd    L2TP connecting to server 'casa.corti.li' (51.154.164.133)...
default 21:24:46.845226+0100    pppd    IPSec connection started
default 21:24:48.066632+0100    pppd    IPSec connection established
default 21:24:51.805555+0100    symptomsd   TCPPP: 0x16182d840 requesting ModeDefault and already in ModeDefault, no-op
default 21:25:08.066077+0100    pppd    L2TP cannot connect to the server
default 21:25:08.072647+0100    mDNSResponder   [R107468] DNSServiceCreateConnection STOP PID[6313](pppd)
default 21:25:08.075906+0100    nesessionmanager    NESMLegacySession[Casa:5FAFF43E-28EA-45E8-8B44-8D6769CCE159]: Removing a connection for client pppd[6313]
default 21:25:12.317658+0100    callservicesd   [FBSSystemAppProxy:0x1051c26b0] Service facility connection invalidated

y (no sé cómo hacer un filtro con un 'o' en la consola)

default 21:39:53.074716+0100    racoon  plogsetfile: about to add racoon log file: /var/log/racoon.log
default 21:39:53.126744+0100    racoon  accepted connection on vpn control socket.
default 21:39:53.126813+0100    racoon  received bind command on vpn control socket.
default 21:39:53.134299+0100    racoon  New Phase 2
default 21:39:53.134407+0100    racoon  state changed to: IKEv1 quick I start
default 21:39:53.135343+0100    racoon  IPsec-SA request for 51.154.164.133 queued due to no Phase 1 found.
default 21:39:53.135385+0100    racoon  New Phase 1
default 21:39:53.135497+0100    racoon  state changed to: IKEv1 ident I start
default 21:39:53.135652+0100    racoon  initiate new phase 1 negotiation: 192.168.1.46[500]<=>51.154.164.133[500]
default 21:39:53.135729+0100    racoon  begin Identity Protection mode.
default 21:39:53.135798+0100    racoon  IPSec Phase 1 started (Initiated by me).
default 21:39:53.137267+0100    racoon  Resend Phase 1 packet 6053c723b0e225a8:0000000000000000
default 21:39:53.138278+0100    racoon  state changed to: IKEv1 ident I msg1 sent
default 21:39:53.138328+0100    racoon  >>>>> phase change status = Phase 1 started by us
default 21:39:53.186357+0100    racoon  seen nptype=1(sa)
default 21:39:53.186440+0100    racoon  seen nptype=13(vid)
default 21:39:53.186502+0100    racoon  seen nptype=13(vid)
default 21:39:53.186568+0100    racoon  seen nptype=13(vid)
default 21:39:53.186672+0100    racoon  received Vendor ID: RFC 3947
default 21:39:53.186732+0100    racoon  received Vendor ID: DPD
default 21:39:53.186796+0100    racoon  received broken Microsoft ID: FRAGMENTATION
default 21:39:53.186906+0100    racoon  Selected NAT-T version: RFC 3947
default 21:39:53.187036+0100    racoon  seen nptype=2(prop)
default 21:39:53.187279+0100    racoon  seen nptype=3(trns)
default 21:39:53.189718+0100    racoon  state changed to: IKEv1 ident I msg2 rcvd
default 21:39:53.189769+0100    racoon  >>>>> phase change status = Phase 1 started by peer
default 21:39:53.288840+0100    racoon  Hashing 51.154.164.133[500] with algo #4
default 21:39:53.288944+0100    racoon  Hashing 192.168.1.46[500] with algo #4
default 21:39:53.289167+0100    racoon  Adding remote and local NAT-D payloads.
default 21:39:53.290071+0100    racoon  Resend Phase 1 packet 6053c723b0e225a8:21fbfaa914120f33
default 21:39:53.290121+0100    racoon  state changed to: IKEv1 ident I msg3 sent
default 21:39:53.335052+0100    racoon  seen nptype=4(ke)
default 21:39:53.335105+0100    racoon  seen nptype=10(nonce)
default 21:39:53.335179+0100    racoon  seen nptype=20(nat-d)
default 21:39:53.335263+0100    racoon  seen nptype=20(nat-d)
default 21:39:53.335395+0100    racoon  Hashing 192.168.1.46[500] with algo #4
default 21:39:53.335500+0100    racoon  NAT-D payload #0 doesn't match
default 21:39:53.335551+0100    racoon  Hashing 51.154.164.133[500] with algo #4
default 21:39:53.335650+0100    racoon  NAT-D payload #1 doesn't match
default 21:39:53.335726+0100    racoon  NAT detected: ME PEER
default 21:39:53.335791+0100    racoon  state changed to: IKEv1 ident I msg4 rcvd
default 21:39:53.388371+0100    racoon  added initial-contact payload.
default 21:39:53.389588+0100    racoon  Resend Phase 1 packet 6053c723b0e225a8:21fbfaa914120f33
default 21:39:53.389723+0100    racoon  state changed to: IKEv1 ident I msg5 sent
default 21:39:53.399147+0100    racoon  seen nptype=5(id)
default 21:39:53.399209+0100    racoon  seen nptype=8(hash)
default 21:39:53.399528+0100    racoon  state changed to: IKEv1 ident I msg6 rcvd
default 21:39:53.399712+0100    racoon  state changed to: Phase 1 Established
default 21:39:53.399787+0100    racoon  ISAKMP-SA established spi:6053c723b0e225a8:21fbfaa914120f33
default 21:39:53.399966+0100    racoon  IPSec Phase 1 established (Initiated by me).
default 21:39:54.229617+0100    racoon  initiate new phase 2 negotiation: 192.168.1.46[4500]<=>51.154.164.133[4500]
default 21:39:54.229767+0100    racoon  state changed to: IKEv1 quick I start
default 21:39:54.229914+0100    racoon  IPSec Phase 2 started (Initiated by me).
default 21:39:54.230504+0100    racoon  state changed to: IKEv1 quick I getspi sent
default 21:39:54.231086+0100    racoon  >>>>> phase change status = Phase 2 started
default 21:39:54.232083+0100    racoon  state changed to: IKEv1 quick I getspi done
default 21:39:54.232311+0100    racoon  NAT detected -> UDP encapsulation
default 21:39:54.238396+0100    racoon  Resend Phase 2 packet 6053c723b0e225a8:21fbfaa914120f33:000048f6
default 21:39:54.238620+0100    racoon  state changed to: IKEv1 quick I msg1 sent
default 21:39:54.268136+0100    racoon  seen nptype=8(hash)
default 21:39:54.268294+0100    racoon  seen nptype=1(sa)
default 21:39:54.268444+0100    racoon  seen nptype=10(nonce)
default 21:39:54.268593+0100    racoon  seen nptype=5(id)
default 21:39:54.268739+0100    racoon  seen nptype=5(id)
default 21:39:54.268913+0100    racoon  seen nptype=21(nat-oa)
default 21:39:54.269064+0100    racoon  seen nptype=21(nat-oa)
default 21:39:54.270126+0100    racoon  seen nptype=2(prop)
default 21:39:54.270716+0100    racoon  seen nptype=3(trns)
default 21:39:54.270864+0100    racoon  seen nptype=3(trns)
default 21:39:54.271145+0100    racoon  seen nptype=3(trns)
default 21:39:54.271342+0100    racoon  seen nptype=3(trns)
default 21:39:54.271507+0100    racoon  seen nptype=3(trns)
default 21:39:54.271749+0100    racoon  seen nptype=3(trns)
default 21:39:54.278681+0100    racoon  seen nptype=2(prop)
default 21:39:54.279242+0100    racoon  seen nptype=3(trns)
default 21:39:54.282515+0100    racoon  Adjusting my encmode UDP-Transport(4)->Transport(2)
default 21:39:54.282591+0100    racoon  Adjusting peer's encmode UDP-Transport(4)->Transport(2)
default 21:39:54.282943+0100    racoon  state changed to: IKEv1 quick I msg2 rcvd
default 21:39:54.285733+0100    racoon  state changed to: IKEv1 quick I addsa
default 21:39:54.286814+0100    racoon  IPsec-SA established (update): satype=3 spi=0x2901e7f mode=1
default 21:39:54.286977+0100    racoon  state changed to: Phase 2 established
default 21:39:54.287075+0100    racoon  ike_session_ph2_established: ph2 established, spid 22
default 21:39:54.287151+0100    racoon  IPSec Phase 2 established (Initiated by me).
default 21:39:54.287306+0100    racoon  IPsec-SA established (add): satype=3 spi=0xd19f343 mode=1
default 21:39:54.287547+0100    racoon  >>>>> phase change status = Phase 2 established
Preguntado el 25 de Noviembre, 2019 por Leonard

Respuestas

¿Demasiados anuncios?

4voto

user43889 avatar
user43889 Puntos 266

El servidor VPN en Catalina no funciona.

Hay dos aplicaciones habilitadoras que conozco:

iVPN dice que el servidor de Catalina no acepta conexiones de forma fiable y la solución es esperar a que Apple lo arregle (o usar Mojave).

Habilitador de VPN también dice que no funciona en Catalina y el autor está tratando de desarrollar un servidor OpenVPN fácil de usar. Mientras tanto, usa Mojave.

Un enfoque diferente es utilizar un producto de cortafuegos como pfSense que se ejecuta en otro dispositivo o en una máquina virtual y habilita su capacidad de servidor VPN. No es una solución fácil.

Respondido el 7 de Diciembre, 2019 por user43889 (266 Puntos )

0voto

Colin Arndt avatar
Colin Arndt Puntos 1

Alguien arriba mencionó que el autor de VPN Enabler está creando una solución para Catalina, y ya está en beta. Por ahora es gratis. No he tenido la oportunidad de probarlo, pero podría valer la pena su tiempo:

https://cutedgesystems.com/software/openvpnenablerforcatalina/

Respondido el 11 de Diciembre, 2019 por Colin Arndt (1 Puntos )

Preguntas relacionadas

Preguntas Destacadas

Etiquetas mas usadas

En nuestra red

AppleAyuda.com

AppleAyuda es una comunidad de usuarios de los productos de Apple en la que puedes resolver tus problemas y dudas.
Puedes consultar las preguntas de otros usuarios, hacer tus propias preguntas o resolver las de los demás.

Powered by:

Yandex
X