Ubuntu 16.04 上的 VPN L2TP/IPSec 客户端 VPN 服务无法启动

Ubuntu 16.04 上的 VPN L2TP/IPSec 客户端 VPN 服务无法启动

在 Ubuntu 16.04 上,我已经按照几个教程重建了网络管理器,也是通过安装的apt-get install network-manager-l2tp network-manager-l2tp-gnome

它一直正常工作,直到昨天出现一条随机消息说The VPN connection failed because the VPN service failed to start。由于在另一个 Ubuntu(也是 16.04)和 Windows 8.1 中使用了相同的 VPN 凭据和主机,因此配置中没有错误。

正在查看/var/log/syslog

NetworkManager[899]: <info>  [1496143714.1953] audit: op="connection-activate" uuid="cac1651d-9cbd-4989-bc57-b9707ddd012a" name="VPNCS" pid=2295 uid=1000 result="success"
NetworkManager[899]: <info>  [1496143714.1973] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Started the VPN service, PID 5798
NetworkManager[899]: <info>  [1496143714.2013] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Saw the service appear; activating connection
NetworkManager[899]: <info>  [1496143714.2760] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[899]: nm-l2tp[5798] <info>  ipsec enable flag: yes
NetworkManager[899]: ** Message: Check port 1701
NetworkManager[899]: nm-l2tp[5798] <info>  starting ipsec
NetworkManager[899]: Stopping strongSwan IPsec...
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22167, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22168, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22169, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22170, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22171, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22172, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22173, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22174, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22175, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22176, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22177, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22178, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22179, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22180, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22181, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22182, major_opcode = 33, minor_opcode = 0
NetworkManager[899]: Starting strongSwan 5.5.2 IPsec [starter]...
NetworkManager[899]: Loading config setup
NetworkManager[899]: Loading conn 'cac1651d-9cbd-4989-bc57-b9707ddd012a'
NetworkManager[899]: found netkey IPsec stack
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 4.4.0-78-generic, x86_64)
NetworkManager[899]: nm-l2tp[5798] <warn>  IPsec service is not ready.
NetworkManager[899]: nm-l2tp[5798] <warn>  Could not establish IPsec tunnel.
NetworkManager[899]: (nm-l2tp-service:5798): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
NetworkManager[899]: <info>  [1496143732.4905] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state changed: stopped (6)
NetworkManager[899]: <info>  [1496143732.4929] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state change reason: unknown (0)
NetworkManager[899]: <info>  [1496143732.4952] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN service disappeared
NetworkManager[899]: <warn>  [1496143732.4971] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

我已经尝试删除network-manager-l2tp-gnome并重新安装它们,但仍然出现同样的错误。

有什么解决办法吗?

答案1

我在开发人员的存储库中找到了一个解决方案。

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

版本 1.2.6 不再覆盖默认的 IPsec 密码,我怀疑您的 VPN 服务器正在使用较新的 strongSwan 版本认为已被破解的旧密码。

请参阅 README.md 文件中用户指定的 IPsec 密码套件部分,了解如何使用您自己的密码补充 strongSwan 默认密码:

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

我建议安装 ike-scan 包来检查你的 VPN 服务器宣传它支持哪些密码,例如:

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

因此,在这个公布了损坏的 3DES 密码的例子中,在版本 1.2.6 的 IPsec 对话框的高级部分中添加以下内容:

  • Phase1 算法:3des-sha1-modp1024

  • Phase2 算法:3des-sha1

完成所有步骤后,您尝试建立 L2TP 连接。

答案2

此答案专门用于在 L2TP/IP VPN 上连接到 Cisco Meraki 帐户。此解决方案适用于我的 Ubuntu 16.04 系统。所有说明均直接复制自 Pigman 的答案Meraki 论坛主题。向他致敬,他让我免于数小时的沮丧。

  1. 安装 network-manager-l2tp: sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp然后`sudo apt-get update sudo apt-get install network-manager-l2tp
  2. 如果使用 gnome,请安装 gnome 插件(如果使用其他桌面环境,请查看其网络管理器是否有插件):sudo apt-get install network-manager-l2tp-gnome
  3. 重启
  4. 导航至“设置”>“网络”> 单击“+”按钮> 选择“第 2 层隧道协议 (L2TP)”
  5. 将新的 VPN 连接命名为
  6. 将主机名或地址输入到网关字段中。
  7. 在用户名字段中输入用户名。
  8. 单击“密码”字段中的图标,然后选择您想要提供的密码方式。
  9. 单击 IPSec 设置...
  10. 单击“启用 IPsec 隧道到 L2TP 主机”复选框
  11. 在预共享密钥字段中输入共享密钥。
  12. 将网关 ID 字段留空。
  13. 展开高级选项区域
  14. 在第 1 阶段算法框中输入“3des-sha1-modp1024”。
  15. 在第 2 阶段算法框中输入“3des-sha1”。
  16. 保留“强制 UDP 封装”复选框的选中状态。
  17. 单击“确定”。
  18. 单击保存。
  19. 打开终端并输入以下命令以永久禁用 xl2tpdservice: sudo service xl2tpd stop
  20. 同时输入以下内容: sudo systemctl disable xl2tpd
  21. 打开网络设置并尝试打开 VPN。

从以前的答案中采取了更多步骤,以确保万无一失

  1. sudo service strongswan stop
  2. sudo systemctl disable strongswan
  3. 您可以在 VPN 配置页面上点击密码文本框右侧的图标来保存密码

相关内容