我使用两个指令来设置我的 L2TP\IPSec 服务器1和2
但我没有看到 xl2tpd 启动 pppd 守护程序。因此我看不到 ppp0 接口。我做错了什么?
系统日志:
Feb 26 14:35:24 vpn ipsec[537]: # unknown keyword 'salifetime'
Feb 26 14:35:24 vpn ipsec[537]: ### 36 parsing errors (0 fatal) ###
Feb 26 14:35:24 vpn charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.4.0-139-generic, x86_64)
Feb 26 14:35:24 vpn systemd[1]: Started /etc/rc.local Compatibility.
Feb 26 14:35:24 vpn systemd[1]: Finished Permit User Sessions.
Feb 26 14:35:24 vpn systemd[1]: Starting Hold until boot process finishes up...
Feb 26 14:35:24 vpn systemd[1]: Starting Terminate Plymouth Boot Screen...
Feb 26 14:35:24 vpn systemd[1]: Started OpenBSD Secure Shell server.
Feb 26 14:35:24 vpn systemd[1]: plymouth-quit-wait.service: Succeeded.
Feb 26 14:35:24 vpn systemd[1]: Finished Hold until boot process finishes up.
Feb 26 14:35:24 vpn systemd[1]: Starting Set console scheme...
Feb 26 14:35:24 vpn systemd[1]: plymouth-quit.service: Succeeded.
Feb 26 14:35:24 vpn systemd[1]: Finished Terminate Plymouth Boot Screen.
Feb 26 14:35:24 vpn systemd[1]: Finished Set console scheme.
Feb 26 14:35:24 vpn systemd[1]: Created slice system-getty.slice.
Feb 26 14:35:24 vpn systemd[1]: Started Getty on tty1.
Feb 26 14:35:24 vpn systemd[1]: Reached target Login Prompts.
Feb 26 14:35:24 vpn charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Feb 26 14:35:24 vpn charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Feb 26 14:35:24 vpn charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Feb 26 14:35:24 vpn charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Feb 26 14:35:24 vpn kernel: [ 3.009087] Initializing XFRM netlink socket
Feb 26 14:35:24 vpn charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Feb 26 14:35:24 vpn charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Feb 26 14:35:24 vpn charon: 00[CFG] loaded IKE secret for %any %any
Feb 26 14:35:24 vpn charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Feb 26 14:35:24 vpn charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Feb 26 14:35:24 vpn charon: 00[JOB] spawning 16 worker threads
Feb 26 14:35:24 vpn wg-quick[542]: [#] ip link add wg0 type wireguard
Feb 26 14:35:24 vpn ipsec[537]: charon (549) started after 80 ms
Feb 26 14:35:24 vpn charon: 05[CFG] received stroke: add connection 'l2tp-psk'
Feb 26 14:35:24 vpn charon: 05[CFG] algorithm 'sha2;modp2048' not recognized
Feb 26 14:35:24 vpn charon: 05[CFG] skipped invalid proposal string: aes256-sha2;modp2048
Feb 26 14:35:24 vpn charon: 07[CFG] received stroke: add connection 'xauth-psk'
Feb 26 14:35:24 vpn charon: 07[CFG] algorithm 'sha2;modp2048' not recognized
Feb 26 14:35:24 vpn charon: 07[CFG] skipped invalid proposal string: aes256-sha2;modp2048
Feb 26 14:35:24 vpn charon: 09[CFG] received stroke: add connection 'ikev2-cp'
Feb 26 14:35:24 vpn charon: 09[CFG] algorithm 'sha2' not recognized
Feb 26 14:35:24 vpn charon: 09[CFG] skipped invalid proposal string: aes256-sha2
Feb 26 14:35:24 vpn systemd-udevd[325]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Feb 26 14:35:24 vpn kernel: [ 3.051991] wireguard: WireGuard 1.0.20201112 loaded. See www.wireguard.com for information.
Feb 26 14:35:24 vpn kernel: [ 3.051992] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <[email protected]>. All Rights Reserved.
Feb 26 14:35:24 vpn wg-quick[542]: [#] wg setconf wg0 /dev/fd/63
Feb 26 14:35:24 vpn wg-quick[542]: [#] ip -4 address add 192.168.123.1/24 dev wg0
Feb 26 14:35:24 vpn charon: 12[KNL] 192.168.123.1 appeared on wg0
Feb 26 14:35:24 vpn wg-quick[542]: [#] ip link set mtu 1420 up dev wg0
Feb 26 14:35:24 vpn charon: 14[KNL] interface wg0 activated
Feb 26 14:35:24 vpn systemd-udevd[338]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Feb 26 14:35:24 vpn systemd-udevd[338]: Using default interface naming scheme 'v245'.
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -P FORWARD DROP
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -A FORWARD -i wg0 -o wg0 -s 192.168.123.0/24 -d 192.168.123.0/24 -j ACCEPT
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -A FORWARD -i tun0 -o tun0 -s 192.168.125.0/24 -d 192.168.125.0/24 -j ACCEPT
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -A FORWARD -i wg0 -o ens3 -s 192.168.123.0/24 -j ACCEPT
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -A FORWARD -i tun0 -o ens3 -s 192.168.125.0/24 -j ACCEPT
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -A FORWARD -i ens3 -o wg0 -d 192.168.123.0/24 -j ACCEPT
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -A FORWARD -i ens3 -o tun0 -d 192.168.125.0/24 -j ACCEPT
Feb 26 14:35:24 vpn wg-quick[542]: [#] iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
Feb 26 14:35:24 vpn systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
Feb 26 14:35:24 vpn fail2ban-server[548]: Server ready
Feb 26 14:35:25 vpn systemd-udevd[338]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Feb 26 14:35:25 vpn kernel: [ 3.456119] IPv4 over IPsec tunneling driver
Feb 26 14:35:25 vpn kernel: [ 3.459157] IPsec XFRM device driver
Feb 26 14:35:25 vpn _stackmanager[550]: changing /proc/sys/net/core/xfrm_acq_expires from 165 to 30
Feb 26 14:35:25 vpn ipsec[1010]: nflog ipsec capture disabled
Feb 26 14:35:25 vpn systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Feb 26 14:35:25 vpn systemd[1]: Starting LSB: layer 2 tunelling protocol daemon...
Feb 26 14:35:25 vpn xl2tpd[1030]: Not looking for kernel SAref support.
Feb 26 14:35:25 vpn kernel: [ 3.553345] NET: Registered protocol family 24
Feb 26 14:35:25 vpn kernel: [ 3.558255] l2tp_core: L2TP core driver, V2.0
Feb 26 14:35:25 vpn xl2tpd[1030]: Using l2tp kernel support.
Feb 26 14:35:25 vpn xl2tpd[1034]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:1034
Feb 26 14:35:25 vpn xl2tpd[1034]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 26 14:35:25 vpn xl2tpd[1034]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 26 14:35:25 vpn xl2tpd[1034]: Inherited by Jeff McAdams, (C) 2002
Feb 26 14:35:25 vpn xl2tpd[1034]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Feb 26 14:35:25 vpn xl2tpd[1034]: Listening on IP address 0.0.0.0, port 1701
Feb 26 14:35:25 vpn kernel: [ 3.559919] l2tp_netlink: L2TP netlink interface
Feb 26 14:35:25 vpn kernel: [ 3.561570] l2tp_ppp: PPPoL2TP kernel driver, V2.0
Feb 26 14:35:25 vpn xl2tpd[1025]: Starting xl2tpd: xl2tpd.
Feb 26 14:35:25 vpn systemd[1]: Started LSB: layer 2 tunelling protocol daemon.
Feb 26 14:35:25 vpn systemd[1]: Reached target Multi-User System.
Feb 26 14:35:25 vpn systemd[1]: Reached target Graphical Interface.
Feb 26 14:35:25 vpn systemd[1]: Starting Update UTMP about System Runlevel Changes...
Feb 26 14:35:25 vpn systemd[1]: systemd-update-utmp-runlevel.service: Succeeded.
Feb 26 14:35:25 vpn systemd[1]: Finished Update UTMP about System Runlevel Changes.
Feb 26 14:35:25 vpn systemd[1]: Startup finished in 1.346s (kernel) + 2.234s (userspace) = 3.581s.
Feb 26 14:35:25 vpn systemd[1]: dmesg.service: Succeeded.
结果ip addr
:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether 52:54:00:14:9b:95 brd ff:ff:ff:ff:ff:ff
inet 79.133.122.115/24 brd 79.133.122.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe14:9b95/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq state UNKNOWN group default qlen 500
link/none
inet 192.168.125.1/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::2a2a:2f6f:d37c:d3d2/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 192.168.123.1/24 scope global wg0
valid_lft forever preferred_lft forever
我的系统:Ubuntu 20.04(最新版apt-get dist-upgrade
)
GCORE 的 VPS:
WireGuard 和 OpenVPN 服务器已在我的 VPS 上运行