在 Ubuntu 16.04 上,我已经按照几个教程重建了网络管理器,也是通过安装的apt-get install network-manager-l2tp network-manager-l2tp-gnome。
它一直正常工作,直到昨天出现一条随机消息说The VPN connection failed because the VPN service failed to start。由于在另一个 Ubuntu(也是 16.04)和 Windows 8.1 中使用了相同的 VPN 凭据和主机,因此配置中没有错误。
正在查看/var/log/syslog:
NetworkManager[899]: <info> [1496143714.1953] audit: op="connection-activate" uuid="cac1651d-9cbd-4989-bc57-b9707ddd012a" name="VPNCS" pid=2295 uid=1000 result="success"
NetworkManager[899]: <info> [1496143714.1973] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Started the VPN service, PID 5798
NetworkManager[899]: <info> [1496143714.2013] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Saw the service appear; activating connection
NetworkManager[899]: <info> [1496143714.2760] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[899]: nm-l2tp[5798] <info> ipsec enable flag: yes
NetworkManager[899]: ** Message: Check port 1701
NetworkManager[899]: nm-l2tp[5798] <info> starting ipsec
NetworkManager[899]: Stopping strongSwan IPsec...
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22167, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22168, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22169, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22170, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22171, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22172, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22173, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22174, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22175, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22176, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22177, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22178, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22179, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22180, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22181, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22182, major_opcode = 33, minor_opcode = 0
NetworkManager[899]: Starting strongSwan 5.5.2 IPsec [starter]...
NetworkManager[899]: Loading config setup
NetworkManager[899]: Loading conn 'cac1651d-9cbd-4989-bc57-b9707ddd012a'
NetworkManager[899]: found netkey IPsec stack
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 4.4.0-78-generic, x86_64)
NetworkManager[899]: nm-l2tp[5798] <warn> IPsec service is not ready.
NetworkManager[899]: nm-l2tp[5798] <warn> Could not establish IPsec tunnel.
NetworkManager[899]: (nm-l2tp-service:5798): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
NetworkManager[899]: <info> [1496143732.4905] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state changed: stopped (6)
NetworkManager[899]: <info> [1496143732.4929] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state change reason: unknown (0)
NetworkManager[899]: <info> [1496143732.4952] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN service disappeared
NetworkManager[899]: <warn> [1496143732.4971] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
我已经尝试删除network-manager-l2tp包-gnome并重新安装它们,但仍然出现同样的错误。
有什么解决办法吗?
答案1
我在开发人员的存储库中找到了一个解决方案。
https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751
版本 1.2.6 不再覆盖默认的 IPsec 密码,我怀疑您的 VPN 服务器正在使用较新的 strongSwan 版本认为已被破解的旧密码。
请参阅 README.md 文件中用户指定的 IPsec 密码套件部分,了解如何使用您自己的密码补充 strongSwan 默认密码:
https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites
我建议安装 ike-scan 包来检查你的 VPN 服务器宣传它支持哪些密码,例如:
$ sudo systemctl stop strongswan
$ sudo ike-scan 123.54.76.9
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9 Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec). 1 returned handshake; 0 returned notify
因此,在这个公布了损坏的 3DES 密码的例子中,在版本 1.2.6 的 IPsec 对话框的高级部分中添加以下内容:
Phase1 算法:3des-sha1-modp1024
Phase2 算法:3des-sha1
完成所有步骤后,您尝试建立 L2TP 连接。
答案2
此答案专门用于在 L2TP/IP VPN 上连接到 Cisco Meraki 帐户。此解决方案适用于我的 Ubuntu 16.04 系统。所有说明均直接复制自 Pigman 的答案Meraki 论坛主题。向他致敬,他让我免于数小时的沮丧。
- 安装 network-manager-l2tp:
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp然后`sudo apt-get update sudo apt-get install network-manager-l2tp - 如果使用 gnome,请安装 gnome 插件(如果使用其他桌面环境,请查看其网络管理器是否有插件):
sudo apt-get install network-manager-l2tp-gnome - 重启
- 导航至“设置”>“网络”> 单击“+”按钮> 选择“第 2 层隧道协议 (L2TP)”
- 将新的 VPN 连接命名为
- 将主机名或地址输入到网关字段中。
- 在用户名字段中输入用户名。
- 单击“密码”字段中的图标,然后选择您想要提供的密码方式。
- 单击 IPSec 设置...
- 单击“启用 IPsec 隧道到 L2TP 主机”复选框
- 在预共享密钥字段中输入共享密钥。
- 将网关 ID 字段留空。
- 展开高级选项区域
- 在第 1 阶段算法框中输入“3des-sha1-modp1024”。
- 在第 2 阶段算法框中输入“3des-sha1”。
- 保留“强制 UDP 封装”复选框的选中状态。
- 单击“确定”。
- 单击保存。
- 打开终端并输入以下命令以永久禁用 xl2tpdservice:
sudo service xl2tpd stop - 同时输入以下内容:
sudo systemctl disable xl2tpd - 打开网络设置并尝试打开 VPN。
从以前的答案中采取了更多步骤,以确保万无一失
sudo service strongswan stopsudo systemctl disable strongswan- 您可以在 VPN 配置页面上点击密码文本框右侧的图标来保存密码