產(chǎn)品分類+
VPN愛好者福音(純技術(shù)分享篇)-愛陸通5G工業(yè)路由器建立L2TP VPN全過程報(bào)文解析
應(yīng)用場景說明:
在項(xiàng)目應(yīng)用上經(jīng)常需要用到VPN技術(shù)來實(shí)現(xiàn)組網(wǎng),常見的VPN有IPSEC、L2TP、PPTP、SSL、GER、OPENvpn等等,當(dāng)下由于5G網(wǎng)絡(luò)IP都是內(nèi)網(wǎng)IP,因此想實(shí)現(xiàn)遠(yuǎn)程訪問5G工業(yè)路由器最廣泛有效的方式就是建立VPN網(wǎng)絡(luò)。L2TP VPN作為經(jīng)常使用的VPN技術(shù)之一,深受項(xiàng)目技術(shù)人員的擁戴和喜愛。
雖然L2TP VPN技術(shù)是通用的,但實(shí)際項(xiàng)目中往往會遇到各種疑難雜癥,這個(gè)就是涉及到工業(yè)路由器廠家的研發(fā)人員對L2TP VPN底層報(bào)文交互的理解和專業(yè)度了,也涉及工業(yè)路由器和服務(wù)器建立VPN之后系統(tǒng)資源的調(diào)配和釋放,這也是為什么項(xiàng)目技術(shù)人員經(jīng)常遇到L2TP VPN運(yùn)行了一段時(shí)間后出現(xiàn)斷網(wǎng)假連接的現(xiàn)象。
實(shí)際上VPN技術(shù)非常考驗(yàn)5G工業(yè)路由器廠家的技術(shù)實(shí)力,也很考驗(yàn)5G工業(yè)路由器產(chǎn)品長期不間斷運(yùn)行的可靠性,VPN實(shí)現(xiàn)功能不難,但能否適配各種品牌的VPN服務(wù)器且長期不間斷穩(wěn)定運(yùn)行是體現(xiàn)5G工業(yè)路由器品質(zhì)的重要參數(shù)。
以下為5G工業(yè)路由器建立L2TP VPN網(wǎng)絡(luò)的報(bào)文全過程詳細(xì)解讀,可以有助于項(xiàng)目技術(shù)人員遇到無法建立VPN時(shí)快速定位和排查問題。
L2TP建立流程
上圖所示為L2TP隧道和會話的建立過程,之后會經(jīng)過建立PPP撥號,開始數(shù)據(jù)的封裝傳輸。
1. 建立L2TP隧道
先由客戶端發(fā)起隧道建立請求SCCRQ,服務(wù)器收到請求后進(jìn)行應(yīng)答SCCRP,最后客戶端在收到應(yīng)答后再給服務(wù)器返回確認(rèn)SCCCN;隧道建立。
2. 建立L2TP會話
會話建立的過程與隧道類似,首先由客戶端發(fā)起會話建立請求ICRQ,服務(wù)器收到請求后返回應(yīng)答ICRP,客戶端收到應(yīng)答后返回確認(rèn)ICCN,會話建立。
3. 建立PPP連接
LCP階段:確認(rèn)之間最大傳輸單元、認(rèn)證方式(pap/chap)、魔術(shù)字防環(huán)
認(rèn)證階段:pap密碼認(rèn)證協(xié)議 采用明文的方式認(rèn)證用戶名密碼。
chap挑戰(zhàn)握手認(rèn)證協(xié)議 采用附加隨機(jī)挑戰(zhàn)值進(jìn)行md5加密方式認(rèn)證用戶名密碼。
IPCP階段:確認(rèn)上層網(wǎng)絡(luò)協(xié)議、檢測IP沖突、請求IP地址(可選)
4. 數(shù)據(jù)封裝傳輸
5.鏈路保持
為了確認(rèn)對端的隧道依然存在,需要定時(shí)發(fā)送與對端的維護(hù)報(bào)文,其流程為:客戶端和服務(wù)區(qū)都向?qū)Χ?/span>發(fā)出Hello報(bào)文,對端回應(yīng)ZLB。
日志報(bào)文解析
<5>Dec 6 08:23:00 l2tp-sh[9679]: Launching VPN process
<5>Dec 6 08:23:00 l2tp-sh[9679]: Process launched
<5>Dec 6 08:23:00 l2tp-sh[8876]: vpn is 0
<5>Dec 6 08:23:00 l2tp-sh[9703]: Waiting.......
<5>Dec 6 08:23:00 ipsec_setup: ...Openswan IPsec stopped
<5>Dec 6 08:23:03 l2tp-sh[9703]: PID file created
<5>Dec 6 08:23:03 l2tp-sh[9703]: Attempting initial connect
<6>Dec 6 08:23:03 l2tp[9858]: Started on Router PID:9858
<6>Dec 6 08:23:03 l2tp[9858]: Listening on IP address 0.0.0.0, port 1701
<6>Dec 6 08:23:03 l2tp[9858]: Tunnel connecting host 47.107.39.47, port 1701.
<5>Dec 6 08:23:03 l2tp[9858]: Connecting to host 47.107.39.47[47.107.39.47], port 1701(向服務(wù)器發(fā)起l2tp連接)
<6>Dec 6 08:23:03 l2tp[9858]: deal (null)(0). Tunnel is 0, call is 0.
<6>Dec 6 08:23:03 l2tp[9858]: sending SCCRQ. Tunnel is 0, call is 0.(建立l2tp隧道,客戶端向服務(wù)器請求隧道ID)
<6>Dec 6 08:23:03 l2tp[9858]: 101--->
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 65 00 00 00 00 00 00 00 00 80 08 00 00 | ...e............
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 01 80 08 00 00 00 02 01 00 80 0a 00 00 | ................
<6>Dec 6 08:23:03 l2tp[9858]: 00 03 00 00 00 03 80 0a 00 00 00 04 00 00 00 00 | ................
<6>Dec 6 08:23:03 l2tp[9858]: 00 08 00 00 00 06 06 90 80 0c 00 00 00 07 52 6f | ..............Ro
<6>Dec 6 08:23:03 l2tp[9858]: 75 74 65 72 00 11 00 00 00 08 72 6f 75 74 65 72 | uter......router
<6>Dec 6 08:23:03 l2tp[9858]: 2c 6c 32 74 70 80 08 00 00 00 09 b5 ce 80 08 00 | ,l2tp...........
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 0a 00 04 | .....
<6>Dec 6 08:23:03 l2tp[9858]: <---112
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 70 b5 ce 00 00 00 00 00 01 80 08 00 00 | ...p............
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 02 80 08 00 00 00 02 01 00 80 0a 00 00 | ................
<6>Dec 6 08:23:03 l2tp[9858]: 00 03 00 00 00 03 80 0a 00 00 00 04 00 00 00 00 | ................
<6>Dec 6 08:23:03 l2tp[9858]: 00 08 00 00 00 06 06 90 80 15 00 00 00 07 69 7a | ..............iz
<6>Dec 6 08:23:03 l2tp[9858]: 74 73 34 65 33 38 73 71 73 79 72 39 7a 00 13 00 | ts4e38sqsyr9z...
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 08 78 65 6c 65 72 61 6e 63 65 2e 63 6f 6d | ...xelerance.com
<6>Dec 6 08:23:03 l2tp[9858]: 80 08 00 00 00 09 04 a2 80 08 00 00 00 0a 00 04 | ................
<6>Dec 6 08:23:03 l2tp[9858]: deal Start-Control-Connection-Reply(2). Tunnel is 1186, call is 0.(服務(wù)器回應(yīng)客戶端,發(fā)送隧道ID)
<6>Dec 6 08:23:03 l2tp[9858]: sending SCCCN. Tunnel is 1186, call is 0.(客戶端向服務(wù)器確認(rèn)隧道ID)
<6>Dec 6 08:23:03 l2tp[9858]: 20--->
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 14 04 a2 00 00 00 01 00 01 80 08 00 00 | ................
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 03 | ....
<5>Dec 6 08:23:03 l2tp[9858]: Connection established to 47.107.39.47, 1701. Local: 46542, Remote: 1186 (ref=0/0).
<5>Dec 6 08:23:03 l2tp[9858]: Calling on tunnel 46542
<6>Dec 6 08:23:03 l2tp[9858]: deal (null)(0). Tunnel is 1186, call is 0.
<6>Dec 6 08:23:03 l2tp[9858]: sending ICRQ. Tunnel is 1186, call is 0.(建立l2tp會話,客戶端向服務(wù)器請求會話ID)
<6>Dec 6 08:23:03 l2tp[9858]: 48--->
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 30 04 a2 00 00 00 02 00 01 80 08 00 00 | ...0............
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 0a 80 08 00 00 00 0e 39 e3 80 0a 00 00 | ..........9.....
<6>Dec 6 08:23:03 l2tp[9858]: 00 0f 00 00 00 01 80 0a 00 00 00 12 00 00 00 00 | ................
<6>Dec 6 08:23:03 l2tp[9858]: <---12
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 0c b5 ce 00 00 00 01 00 02 | ............
<6>Dec 6 08:23:03 l2tp[9858]: <---28
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 1c b5 ce 39 e3 00 01 00 03 80 08 00 00 | ......9.........
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 0b 80 08 00 00 00 0e 09 f1 | ............
<6>Dec 6 08:23:03 l2tp[9858]: deal Incoming-Call-Reply(11). Tunnel is 1186, call is 2545.(服務(wù)器回應(yīng)客戶端,發(fā)送會話ID)
<6>Dec 6 08:23:03 l2tp[9858]: sending ICCN. Tunnel is 1186, call is 2545.(客戶端向服務(wù)器確認(rèn)會話ID)
<5>Dec 6 08:23:03 l2tp[9858]: Call established with 47.107.39.47, Local: 14819, Remote: 2545, Serial: 1 (ref=0/0)
<6>Dec 6 08:23:03 l2tp[9858]: 50--->
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 32 04 a2 09 f1 00 03 00 02 80 08 00 00 | ...2............
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 0c 80 0a 00 00 00 18 00 98 96 80 80 0a | ................
<6>Dec 6 08:23:03 l2tp[9858]: 00 00 00 13 00 00 00 01 00 0a 00 00 00 26 00 98 | .............&..
<6>Dec 6 08:23:03 l2tp[9858]: 96 80 | ..
<6>Dec 6 08:23:03 l2tp[9858]: <---12
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 0c b5 ce 00 00 00 02 00 03 | ............
<6>Dec 6 08:23:03 l2tp[9858]: <---12
<6>Dec 6 08:23:03 l2tp[9858]: c8 02 00 0c b5 ce 39 e3 00 02 00 04 | ......9.....
<6>Dec 6 08:23:03 l2tp-ppp[9859]: Plugin pppol2tp.so loaded.
<6>Dec 6 08:23:03 l2tp-ppp[9859]: using channel 3
<6>Dec 6 08:23:03 l2tp-ppp[9859]: Using interface ppp1
<5>Dec 6 08:23:03 l2tp-ppp[9859]: Connect: ppp1 <--> (開始ppp撥號)
<6>Dec 6 08:23:03 l2tp-ppp[9859]: PPPoL2TP options: debugmask 0
<6>Dec 6 08:23:03 l2tp-ppp[9859]: 16--->
<6>Dec 6 08:23:03 l2tp-ppp[9859]: c0 21 01 01 00 0e 01 04 05 aa 05 06 b8 55 94 4d | .!...........U.M
<6>Dec 6 08:23:03 l2tp-ppp[9859]: <---18
<6>Dec 6 08:23:03 l2tp-ppp[9859]: ff 03 c0 21 02 01 00 0e 01 04 05 aa 05 06 b8 55 | ...!...........U
<6>Dec 6 08:23:03 l2tp-ppp[9859]: 94 4d | .M
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 16--->
<6>Dec 6 08:23:06 l2tp-ppp[9859]: c0 21 01 01 00 0e 01 04 05 aa 05 06 b8 55 94 4d | .!...........U.M
<6>Dec 6 08:23:06 l2tp-ppp[9859]: <---33
<6>Dec 6 08:23:06 l2tp-ppp[9859]: ff 03 c0 21 01 01 00 1d 01 04 05 82 02 06 00 00 | ...!............
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 00 00 03 05 c2 23 05 05 06 9c d7 01 36 07 02 08 | .....#......6...
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 02 | .
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 12--->
<6>Dec 6 08:23:06 l2tp-ppp[9859]: c0 21 04 01 00 0a 02 06 00 00 00 00 | .!..........
<6>Dec 6 08:23:06 l2tp-ppp[9859]: <---18
<6>Dec 6 08:23:06 l2tp-ppp[9859]: ff 03 c0 21 02 01 00 0e 01 04 05 aa 05 06 b8 55 | ...!...........U
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 94 4d | .M
<6>Dec 6 08:23:06 l2tp-ppp[9859]: <---27
<6>Dec 6 08:23:06 l2tp-ppp[9859]: ff 03 c0 21 01 02 00 17 01 04 05 82 03 05 c2 23 | ...!...........#
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 05 05 06 9c d7 01 36 07 02 08 02 | ......6....
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 25--->
<6>Dec 6 08:23:06 l2tp-ppp[9859]: c0 21 02 02 00 17 01 04 05 82 03 05 c2 23 05 05 | .!...........#..
<6>Dec 6 08:23:06 l2tp-ppp[9859]: 06 9c d7 01 36 07 02 08 02 | ....6....
<6>Dec 6 08:23:06 l2tp-ppp[9859]: PPPoL2TP options: debugmask 0
<6>Dec 6 08:23:07 l2tp-ppp[9859]: <---43
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ff 03 c2 23 01 2d 00 27 14 2e 9d 45 cf 4c 04 b2 | ...#.-.'...E.L..
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ef 80 09 ca 76 4d f8 98 9e 16 91 14 da 4c 69 6e | ....vM.......Lin
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 75 78 56 50 4e 73 65 72 76 65 72 | uxVPNserver
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 27--->
<6>Dec 6 08:23:07 l2tp-ppp[9859]: c2 23 02 2d 00 19 10 e6 f0 07 65 c9 14 06 8d db | .#.-......e.....
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 80 5c 16 da 85 a0 ee 74 65 73 74 | ......test
<6>Dec 6 08:23:07 l2tp-ppp[9859]: <---22
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ff 03 c2 23 03 2d 00 12 41 63 63 65 73 73 20 67 | ...#.-..Access.g
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 72 61 6e 74 65 64 | ranted
<6>Dec 6 08:23:07 l2tp-ppp[9859]: CHAP authentication succeeded: Access granted
<5>Dec 6 08:23:07 l2tp-ppp[9859]: CHAP authentication succeeded(CHAP認(rèn)證通過)
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 24--->
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 80 21 01 01 00 16 03 06 c0 a8 01 80 81 06 00 00 | .!..............
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 00 00 83 06 00 00 00 00 | ........
<6>Dec 6 08:23:07 l2tp-ppp[9859]: <---20
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ff 03 80 21 01 01 00 10 02 06 00 2d 0f 01 03 06 | ...!.......-....
<6>Dec 6 08:23:07 l2tp-ppp[9859]: c0 a8 01 63 | ...c
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 12--->
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 80 21 04 01 00 0a 02 06 00 2d 0f 01 | .!.......-..
<6>Dec 6 08:23:07 l2tp-ppp[9859]: <---20
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ff 03 80 21 03 01 00 10 81 06 08 08 08 08 83 06 | ...!............
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 01 01 01 01 | ....
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 24--->
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 80 21 01 02 00 16 03 06 c0 a8 01 80 81 06 08 08 | .!..............
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 08 08 83 06 01 01 01 01 | ........
<6>Dec 6 08:23:07 l2tp-ppp[9859]: <---14
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ff 03 80 21 01 02 00 0a 03 06 c0 a8 01 63 | ...!.........c
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 12--->
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 80 21 02 02 00 0a 03 06 c0 a8 01 63 | .!.........c
<6>Dec 6 08:23:07 l2tp-ppp[9859]: <---26
<6>Dec 6 08:23:07 l2tp-ppp[9859]: ff 03 80 21 02 02 00 16 03 06 c0 a8 01 80 81 06 | ...!............
<6>Dec 6 08:23:07 l2tp-ppp[9859]: 08 08 08 08 83 06 01 01 01 01 | ..........
<5>Dec 6 08:23:07 l2tp-ppp[9859]: local IP address 192.168.1.128
<5>Dec 6 08:23:07 l2tp-ppp[9859]: remote IP address 192.168.1.99
<5>Dec 6 08:23:07 l2tp-ppp[9859]: primary DNS address 8.8.8.8
<5>Dec 6 08:23:07 l2tp-ppp[9859]: secondary DNS address 1.1.1.1(ppp撥號成功,獲取本端及對端隧道IP,及服務(wù)器設(shè)置的dns)
<6>Dec 6 08:23:10 dial[2293]: Kpon:ppp0 114.114.114.114[114.114.114.114] success(s:3/5)
<6>Dec 6 08:24:03 l2tp[9858]: 20--->
<6>Dec 6 08:24:03 l2tp[9858]: c8 02 00 14 04 a2 00 00 00 04 00 02 80 08 00 00 | ................
<6>Dec 6 08:24:03 l2tp[9858]: 00 00 00 06 | ....
<6>Dec 6 08:24:03 l2tp[9858]: <---20
<6>Dec 6 08:24:03 l2tp[9858]: c8 02 00 14 b5 ce 00 00 00 02 00 04 80 08 00 00 | ................
<6>Dec 6 08:24:03 l2tp[9858]: 00 00 00 06 | ....
<6>Dec 6 08:24:03 l2tp[9858]: deal Hello(6). Tunnel is 1186, call is 0.(客戶端發(fā)送Hello報(bào)文,服務(wù)器回復(fù)ZLB,維持隧道)
<6>Dec 6 08:24:03 l2tp[9858]: 12--->
<6>Dec 6 08:24:03 l2tp[9858]: c8 02 00 0c 04 a2 00 00 00 05 00 03 | ............
<6>Dec 6 08:24:03 l2tp[9858]: <---12
<6>Dec 6 08:24:03 l2tp[9858]: c8 02 00 0c b5 ce 00 00 00 03 00 05 | ............
<6>Dec 6 08:24:10 dial[2293]: Kpon:ppp0 114.114.114.114[114.114.114.114] success(s:3/5)
<6>Dec 6 08:25:04 l2tp[9858]: 20--->
<6>Dec 6 08:25:04 l2tp[9858]: c8 02 00 14 04 a2 00 00 00 05 00 03 80 08 00 00 | ................
<6>Dec 6 08:25:04 l2tp[9858]: 00 00 00 06 | ....
<6>Dec 6 08:25:04 l2tp[9858]: <---20
<6>Dec 6 08:25:04 l2tp[9858]: c8 02 00 14 b5 ce 00 00 00 03 00 05 80 08 00 00 | ................
<6>Dec 6 08:25:04 l2tp[9858]: 00 00 00 06 | ....