IPSEC/L2TP Ubuntu Studio 14.04(Strongswan)

IPSEC/L2TP Ubuntu Studio 14.04(Strongswan)

我的第一个问题:Ubuntu 是否支持 IPSEC/L2TP/PSK vpn CLIENT?

我的第二个问题:是否有支持 IPSEC/L2TP 和 PSK 的前端“网络管理器”?

背景:

在我的努力中我偶然发现了这篇文章:https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/264691- 我已尝试使用其中的建议 - 但仍然无法建立有效的 IPSEC/L2TP/PSK 隧道,因为它引用了 openswan。

背景:

我之前使用过 Werner Jaeger ipsec 客户端,它运行完美——大约 3 或 4 个月前它停止工作了。我尝试使用 Ubuntu Studio 14.04 和 Debian 8 在我的桌面上重新安装它,结果是一样的。

我现在知道 openswan 已从发行版中删除并被 strongswan 取代。我非常不想离开 linux,因为我的工作之一是在家工作,需要 vpn 来监控/测试/配置网络。有人能给我一个关于如何将其配置为客户端的好教程吗?

边注:

我找到了这个主题Ubuntu 14.10 上的 L2TP IPsec VPN 客户端- 尝试了里面的所有方法 - 仍然没有结果 - 而且那篇文章没有回答这个问题,因为它适用于 14.10,而我使用的是 14.04,它在技术上是不同的 - 到目前为止,我已经做了很多事情来让它工作,但都没有任何帮助。任何帮助都将不胜感激!!!


抱歉在这里发这样的帖子 - 说真的 - 我迫切希望它能正常工作,但已经筋疲力尽了 - 我已经 3 个月没能在我的桌面上工作了。我所做的所有研究都让我相信 Open Swan 不再起作用,我必须使用 Strongswan。(我错了吗?)

我一直在尝试做的一些事情 -

我尝试使用 strongswan 来执行以下操作:

apt-get install strongswan network-manager-strongswan

据我了解,我应该在网络管理器中看到 L2TP/IPSEC 选项。(我错了吗?)

问题是,在安装并重新启动后,网络管理器中不再存在 l2tp/ipsec/psk 选项

另外,进入 strongswan 后,Werner Jaeger 小程序消失了,这是预料之中的吗?

我接下来尝试做的事情是 -

我将我的机器回滚到 openswan,几个月来它第一次连接上了 - 尽管几秒钟后就断线了 - 我想我运行“ipsec verify”来检查状态 - 下面是我的步骤和我的日志减去敏感细节 - 任何想法都将不胜感激

我安装时用到的东西 -

sudo apt-get install openswan
sudo apt-get install xl2tpd
sudo apt-get install l2tp-ipsec-vpn

然后我配置了 GUI 小程序

然后我配置了文件:

/etc/ppp/watevs.options.xl2tpd

-日志-

jason@casa-wesella:~$ sudo ipsec verify

Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.38/K3.16.0-43-lowlatency (netkey)

Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing XFRM related proc values                      [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!                   [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Two or more interfaces found, checking IP forwarding        Checking NAT and MASQUERADEing                                  [OK]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [WARNING]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]




> Logs from applet -



Jul 21 15:23:45.505 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.16.0-43-lowlatency...

Jul 21 15:23:46.412 ipsec__plutorun: Starting Pluto subsystem...

Jul 21 15:23:46.659 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d

Jul 21 15:23:46.749 recvref[30]: Protocol not available

Jul 21 15:23:46.749 xl2tpd[2313]: This binary does not support kernel L2TP.

Jul 21 15:23:46.749 xl2tpd[2316]: xl2tpd version xl2tpd-1.3.6 started on casa-wesella PID:2316

Jul 21 15:23:46.750 xl2tpd[2316]: Written by Mark Spencer, Copyright (C) 
1998, Adtran, Inc.

Jul 21 15:23:46.750 xl2tpd[2316]: Forked by Scott Balmos and David Stipp, (C) 2001

Jul 21 15:23:46.750 xl2tpd[2316]: Inherited by Jeff McAdams, (C) 2002

Jul 21 15:23:46.750 xl2tpd[2316]: Forked again by Xelerance (www.xelerance.com) (C) 2006

Jul 21 15:23:46.751 xl2tpd[2316]: Listening on IP address 0.0.0.0, port 1701

Jul 21 15:23:46.752 Starting xl2tpd: xl2tpd.

Jul 21 15:23:46.891 ipsec__plutorun: 027 bad right --id: does not look numeric and name lookup failed (ignored)

Jul 21 15:23:46.892 ipsec__plutorun: 002 added connection description "Work"

Jul 21 15:23:47.123 104 "Work" #1: STATE_MAIN_I1: initiate

Jul 21 15:23:47.124 003 "Work" #1: received Vendor ID payload [RFC 3947] method set to=115 

Jul 21 15:23:47.124 003 "Work" #1: received Vendor ID payload [Dead Peer Detection]

Jul 21 15:23:47.124 003 "Work" #1: ignoring unknown Vendor ID payload [8299031757a36082c6a621de00050282]

Jul 21 15:23:47.124 106 "Work" #1: STATE_MAIN_I2: sent MI2, expecting MR2

Jul 21 15:23:47.124 003 "Work" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed

Jul 21 15:23:47.124 108 "Work" #1: STATE_MAIN_I3: sent MI3, expecting MR3

Jul 21 15:23:47.124 004 "Work" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}

Jul 21 15:23:47.125 117 "Work" #2: STATE_QUICK_I1: initiate

Jul 21 15:23:47.125 003 "Work" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=8e08921c

Jul 21 15:23:47.125 003 "Work" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed

Jul 21 15:23:47.125 004 "Work" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x37742a26 <0x478d0d00 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}

Jul 21 15:23:48.129 xl2tpd[2316]: Connecting to host Public IP, port 1701

Jul 21 15:23:48.168 xl2tpd[2316]: Connection established to Public IP, 1701.  Local: 57627, Remote: 14608 (ref=0/0).

Jul 21 15:23:48.194 xl2tpd[2316]: Calling on tunnel 57627

Jul 21 15:23:48.212 xl2tpd[2316]: Call established with Public IP, Local: 14783, Remote: 14609, Serial: 1 (ref=0/0)

Jul 21 15:23:48.212 xl2tpd[2316]: start_pppd: I'm running: 

Jul 21 15:23:48.213 xl2tpd[2316]: "/usr/sbin/pppd" 

Jul 21 15:23:48.213 xl2tpd[2316]: "passive" 

Jul 21 15:23:48.213 xl2tpd[2316]: "nodetach" 

Jul 21 15:23:48.214 xl2tpd[2316]: ":" 

Jul 21 15:23:48.214 xl2tpd[2316]: "file" 

Jul 21 15:23:48.214 xl2tpd[2316]: "/etc/ppp/Work.options.xl2tpd" 

Jul 21 15:23:48.215 xl2tpd[2316]: "/dev/pts/6" 

Jul 21 15:23:48.331 pppd[2427]: Plugin passprompt.so loaded.

Jul 21 15:23:48.332 pppd[2427]: pppd 2.4.5 started by root, uid 0

Jul 21 15:23:48.333 pppd[2427]: Using interface ppp0

Jul 21 15:23:48.333 pppd[2427]: Connect: ppp0 <--> /dev/pts/6

Jul 21 15:23:52.345 pppd[2427]: Remote message: Login ok

Jul 21 15:23:52.346 pppd[2427]: PAP authentication succeeded

Jul 21 15:23:52.390 pppd[2427]: Deflate (15) compression enabled

Jul 21 15:23:52.429 pppd[2427]: local  IP address Private IP

Jul 21 15:23:52.429 pppd[2427]: remote IP address Private IP

Jul 21 15:24:31.977 Stopping xl2tpd: xl2tpd.

Jul 21 15:24:31.977 xl2tpd[2316]: death_handler: Fatal signal 15 received

Jul 21 15:24:31.979 pppd[2427]: Modem hangup

Jul 21 15:24:31.979 pppd[2427]: Connect time 0.7 minutes.

Jul 21 15:24:31.980 pppd[2427]: Sent 10334 bytes, received 13370 bytes.

Jul 21 15:24:31.980 pppd[2427]: Connection terminated.

Jul 21 15:24:31.993 ipsec_setup: Stopping Openswan IPsec...

Jul 21 15:24:32.089 pppd[2427]: Exit.

相关内容