L2TP

L2TP est un protocole qui permet de livrer une collecte (par exemple ADSL). On fait tourner un serveur L2TP, et il reçoit depuis l'opérateur de collecte les sessions des abonnés.

VPN ADSL RADIUS

• Éventuellement des liens vers des articles grand public

• Éventuellement une vidéo grand public

• Éventuellement des liens ou vidéos vers des tutoriels

• Éventuellement une vidéo geek (pas grand public, quoi)

• On travaille avec l2tpns
  • https://code.ffdn.org/l2tpns/l2tpns
  • https://salsa.debian.org/debian/l2tpns/-/commits/master
  • https://lists.ffdn.org/wws/info/l2tpns
  • https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=both;package=l2tpns
  • Ancien upstream: https://github.com/bodea/l2tpns puis http://git.sameswireless.fr/l2tpns.git et puis aussi https://sourceforge.net/projects/l2tpns/

• https://www.grenode.net/Documentation_technique/R%C3%A9seau/Collecte_xDSL/#l2tp
• Observer les logins pap/chap:

tcpdump -n -vvv   -i any 'udp and port 1701 and
   (udp[8] & 0x80) == 0 and
   (     ((udp[16] == 0xc0 or udp[16] == 0xc2) and udp[17] == 0x23)  
     or  ((udp[18] == 0xc0 or udp[18] == 0xc2) and udp[19] == 0x23) )'

• Observer les négociations en tous genre (pas de trafic ipv4, ipv6, echo, ccp, mlppp):

sudo tcpdump -v -n -i any 'udp and port 1701 and (len <= 40 or (
       ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0x00 and udp[17] == 0x21) )
   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0xFF and udp[17] == 0x03 and udp[18] == 0x00 and udp[19] == 0x21) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0x00 and udp[19] == 0x21) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0xFF and udp[19] == 0x03 and udp[20] == 0x00 and udp[21] == 0x21) )

   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0x00 and udp[17] == 0x57) )
   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0xFF and udp[17] == 0x03 and udp[18] == 0x00 and udp[19] == 0x57) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0x00 and udp[19] == 0x57) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0xFF and udp[19] == 0x03 and udp[20] == 0x00 and udp[21] == 0x57) )

   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0x00 and udp[17] == 0x3d) )
   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0xFF and udp[17] == 0x03 and udp[18] == 0x00 and udp[19] == 0x3d) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0x00 and udp[19] == 0x3d) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0xFF and udp[19] == 0x03 and udp[20] == 0x00 and udp[21] == 0x3d) )

   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0x80 and udp[17] == 0xfd) )
   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0xFF and udp[17] == 0x03 and udp[18] == 0x80 and udp[19] == 0xfd) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0x80 and udp[19] == 0xfd) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0xFF and udp[19] == 0x03 and udp[20] == 0x80 and udp[21] == 0xfd) )

   and ( not (( udp[8] & 0x40 == 0 ) and udp[18] == 0x9 ) )
   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0xFF and udp[17] == 0x03 and udp[20] == 0x9 ) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[20] == 0x9 ) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0xFF and udp[19] == 0x03 and udp[22] == 0x9 ) )

   and ( not (( udp[8] & 0x40 == 0 ) and udp[18] == 0xa ) )
   and ( not (( udp[8] & 0x40 == 0 ) and udp[16] == 0xFF and udp[17] == 0x03 and udp[20] == 0xa ) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[20] == 0xa ) )
   and ( not (( udp[8] & 0x40 != 0 ) and udp[18] == 0xFF and udp[19] == 0x03 and udp[22] == 0xa ) )
) )'

• Observer un tunnel en particulier:

sudo tcpdump -v -n -i any 'udp and port 1701
    and ( ( ( udp[8] & 0x40 == 0 ) and udp[10] = 0 and udp[11] = 10 ) or
          ( ( udp[8] & 0x40 != 0 ) and udp[12] = 0 and udp[13] = 10 ) )
          '

• Observer une session en particulier:

sudo tcpdump -v -n -i any 'udp and port 1701
    and ( ( ( udp[8] & 0x40 == 0 ) and udp[12] = 0 and udp[13] = 123 ) or
          ( ( udp[8] & 0x40 != 0 ) and udp[14] = 0 and udp[15] = 123 ) )
          '

• Observer le dhcpv6:

sudo tcpdump -v -n -i any 'udp and port 1701
    and (    ( ( udp[8] & 0x40 != 0 ) and udp[18] == 0x00 and udp[19] == 0x57 and udp[26] == 0x11 and udp[60] == 0x2 and ( udp[61] == 0x22 or udp[61] == 0x23 ) )
          or ( ( udp[8] & 0x40 == 0 ) and udp[16] == 0x00 and udp[17] == 0x57 and udp[24] == 0x11 and udp[58] == 0x2 and ( udp[59] == 0x22 or udp[59] == 0x23 ) ) )
          '

• Observer les RS/RA:

sudo tcpdump -v -n -i any 'udp and port 1701
    and (    ( ( udp[8] & 0x40 != 0 ) and udp[18] == 0x00 and udp[19] == 0x57 and udp[26] == 58 and ( udp[60] == 134 or udp[60] == 133 ) )
          or ( ( udp[8] & 0x40 == 0 ) and udp[16] == 0x00 and udp[17] == 0x57 and udp[24] == 58 and ( udp[58] == 134 or udp[58] == 133 ) ) )
          '