L2TP
試したい環境は以下の通り。
Ubutun22.04ベースの環境でapt-getでxl2tpdをインストールし、network namespaceで環境を構築する。
sudo ip netns add lac
sudo ip netns add lns
sudo ip netns add lns-lan
sudo ip link add lnslan-veth0 type veth peer name lns-veth0
sudo ip link add lac-veth1 type veth peer name lns-veth1
sudo ip link set lnslan-veth0 netns lns-lan
sudo ip link set lac-veth1 netns lac
sudo ip link set lns-veth0 netns lns
sudo ip link set lns-veth1 netns lns
sudo ip netns exec lac ip link set lac-veth1 up
sudo ip netns exec lns ip link set lns-veth1 up
sudo ip netns exec lac ip addr add 172.27.0.1/16 dev lac-veth1
sudo ip netns exec lns ip addr add 172.27.0.2/16 dev lnc-veth1
sudo ip netns exec lns ip link set lns-veth0 up
sudo ip netns exec lns-lan ip link set lnslan-veth0 up
sudo ip netns exec lac ip addr add 192.168.0.10/24 dev lac-veth0
sudo ip netns exec lns ip addr add 192.168.0.20/24 dev lns-veth0
sudo ip netns exec lns-lan ip addr add 192.168.0.21/24 dev lnslan-veth0xl2tpおよびpppの設定は参考欄を参照。
L2TPトンネルの起動と停止は以下の通り。
ubuntu@l2tp:~$ sudo xl2tpd-control -c /var/run/xl2tpd/l2tp-control.lac connect-lac mylac
ubuntu@l2tp:~$ sudo xl2tpd-control -c /var/run/xl2tpd/l2tp-control.lac disconnect-lac mylaclnsの先の端末にping導通する事を確認。
ubuntu@l2tp:~$ sudo ip netns exec lac ping 192.168.0.21 -I 198.51.100.10
PING 192.168.0.21 (192.168.0.21) from 198.51.100.10 : 56(84) bytes of data.
64 bytes from 192.168.0.21: icmp_seq=1 ttl=63 time=1.17 ms
64 bytes from 192.168.0.21: icmp_seq=2 ttl=63 time=1.44 ms
64 bytes from 192.168.0.21: icmp_seq=3 ttl=63 time=0.531 ms
64 bytes from 192.168.0.21: icmp_seq=4 ttl=63 time=0.808 ms
64 bytes from 192.168.0.21: icmp_seq=5 ttl=63 time=1.92 ms
^C
--- 192.168.0.21 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4191ms
以下las-veth1でパケットキャプチャした内容の抜粋。
L2TPのネゴシエーション。
1 0.000000 172.27.0.1 172.27.0.2 L2TP 143 1701 Control Message - SCCRQ (tunnel id=0, session id=0)
2 0.001790 172.27.0.2 172.27.0.1 L2TP 143 1701 Control Message - SCCRP (tunnel id=61084, session id=0)
3 0.013411 172.27.0.1 172.27.0.2 L2TP 62 1701 Control Message - SCCCN (tunnel id=63940, session id=0)
4 0.014555 172.27.0.2 172.27.0.1 L2TP 54 1701 Control Message - ZLB (tunnel id=61084, session id=0)
5 0.016118 172.27.0.1 172.27.0.2 L2TP 90 1701 Control Message - ICRQ (tunnel id=63940, session id=0)
6 0.017800 172.27.0.2 172.27.0.1 L2TP 70 1701 Control Message - ICRP (tunnel id=61084, session id=18462)
7 0.018291 172.27.0.2 172.27.0.1 L2TP 54 1701 Control Message - ZLB (tunnel id=61084, session id=0)
8 0.018699 172.27.0.1 172.27.0.2 L2TP 92 1701 Control Message - ICCN (tunnel id=63940, session id=32050)
9 0.025021 172.27.0.2 172.27.0.1 L2TP 54 1701 Control Message - ZLB (tunnel id=61084, session id=18462)L2TP上でのPPP接続。
10 0.042653 172.27.0.1 172.27.0.2 PPP LCP 72 1701 Configuration Request
11 0.043139 172.27.0.2 172.27.0.1 PPP LCP 77 1701 Configuration Request
12 0.046111 172.27.0.2 172.27.0.1 PPP LCP 72 1701 Configuration Ack
13 0.049744 172.27.0.1 172.27.0.2 PPP LCP 77 1701 Configuration Ack
14 0.049836 172.27.0.1 172.27.0.2 PPP LCP 58 1701 Echo Request
15 0.053677 172.27.0.2 172.27.0.1 PPP LCP 58 1701 Echo Request
16 0.054119 172.27.0.2 172.27.0.1 PPP CHAP 78 1701 Challenge (NAME='example', VALUE=0xdb8a9b73f0c6e81c3f5fafa264dd5c3d)
17 0.054130 172.27.0.2 172.27.0.1 PPP LCP 58 1701 Echo Reply
18 0.054558 172.27.0.1 172.27.0.2 PPP LCP 58 1701 Echo Reply
19 0.056500 172.27.0.1 172.27.0.2 PPP CHAP 112 1701 Response (NAME='testuser', VALUE=0x4c08ca400ec78e296c6824db04468de70000000000000000...)
20 0.058826 172.27.0.2 172.27.0.1 PPP CHAP 113 1701 Success (MESSAGE='S=7150D65D39F05454A408D28C87D0193A6DB317E3 M=Access granted')L2TP/PPP上でのicmp。
41 18.311794 198.51.100.10 192.168.0.21 ICMP 133 1701 Echo (ping) request id=0x0c4a, seq=1/256, ttl=64 (reply in 42)
42 18.312590 192.168.0.21 198.51.100.10 ICMP 133 1701 Echo (ping) reply id=0x0c4a, seq=1/256, ttl=63 (request in 41)以下のようにL2TPでカプセル化(Ethernet:ip:udp:l2tp:ppp:ip:icmp)されていることがわかる。
Frame 41: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Dec 30, 2024 16:44:10.752168000 JST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1735544650.752168000 seconds
[Time delta from previous captured frame: 4.937816000 seconds]
[Time delta from previous displayed frame: 4.937816000 seconds]
[Time since reference or first frame: 18.311794000 seconds]
Frame Number: 41
Frame Length: 133 bytes (1064 bits)
Capture Length: 133 bytes (1064 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:l2tp:ppp:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 96:cd:0d:8e:87:9f (96:cd:0d:8e:87:9f), Dst: 1e:9a:c4:a9:52:2c (1e:9a:c4:a9:52:2c)
Destination: 1e:9a:c4:a9:52:2c (1e:9a:c4:a9:52:2c)
Address: 1e:9a:c4:a9:52:2c (1e:9a:c4:a9:52:2c)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 96:cd:0d:8e:87:9f (96:cd:0d:8e:87:9f)
Address: 96:cd:0d:8e:87:9f (96:cd:0d:8e:87:9f)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.27.0.1, Dst: 172.27.0.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 119
Identification: 0xdcba (56506)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x0582 [validation disabled]
[Header checksum status: Unverified]
Source: 172.27.0.1
Destination: 172.27.0.2
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 1701, Dst Port: 1701
Source Port: 1701
Destination Port: 1701
Length: 99
Checksum: 0x0000 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
Layer 2 Tunneling Protocol
Packet Type: Data Message Tunnel Id=63940 Session Id=32050
0... .... .... .... = Type: Data Message (0)
.0.. .... .... .... = Length Bit: Length field is not present
.... 0... .... .... = Sequence Bit: Ns and Nr fields are not present
.... ..0. .... .... = Offset bit: Offset size field is not present
.... ...0 .... .... = Priority: No priority
.... .... .... 0010 = Version: 2
Tunnel ID: 63940
Session ID: 32050
Point-to-Point Protocol
Protocol: Internet Protocol version 4 (0x0021)
Internet Protocol Version 4, Src: 198.51.100.10, Dst: 192.168.0.21
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x3310 (13072)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x1c9e [validation disabled]
[Header checksum status: Unverified]
Source: 198.51.100.10
Destination: 192.168.0.21
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xe5b1 [correct]
[Checksum Status: Good]
Identifier (BE): 3146 (0x0c4a)
Identifier (LE): 18956 (0x4a0c)
Sequence number (BE): 1 (0x0001)
Sequence number (LE): 256 (0x0100)
[Response frame: 42]
Timestamp from icmp data: Dec 30, 2024 16:44:10.000000000 JST
[Timestamp from icmp data (relative): 0.752168000 seconds]
Data (48 bytes)
Data: 7f790b0000000000101112131415161718191a1b1c1d1e1f...
[Length: 48]
参考