Ubuntu 16.04 上的 VPN L2TP/IPSec 客户端 VPN 服务无法启动

2024-6-8 • tag-icon

16.04 networking network-manager vpn ipsec

Ubuntu 16.04 上的 VPN L2TP/IPSec 客户端 VPN 服务无法启动

在 Ubuntu 16.04 上，我已经按照几个教程重建了网络管理器，也是通过安装的apt-get install network-manager-l2tp network-manager-l2tp-gnome。

它一直正常工作，直到昨天出现一条随机消息说The VPN connection failed because the VPN service failed to start。由于在另一个 Ubuntu（也是 16.04）和 Windows 8.1 中使用了相同的 VPN 凭据和主机，因此配置中没有错误。

正在查看/var/log/syslog：

NetworkManager[899]: <info>  [1496143714.1953] audit: op="connection-activate" uuid="cac1651d-9cbd-4989-bc57-b9707ddd012a" name="VPNCS" pid=2295 uid=1000 result="success"
NetworkManager[899]: <info>  [1496143714.1973] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Started the VPN service, PID 5798
NetworkManager[899]: <info>  [1496143714.2013] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Saw the service appear; activating connection
NetworkManager[899]: <info>  [1496143714.2760] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[899]: nm-l2tp[5798] <info>  ipsec enable flag: yes
NetworkManager[899]: ** Message: Check port 1701
NetworkManager[899]: nm-l2tp[5798] <info>  starting ipsec
NetworkManager[899]: Stopping strongSwan IPsec...
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22167, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22168, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22169, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22170, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22171, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22172, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22173, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22174, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22175, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22176, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22177, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22178, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22179, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22180, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22181, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22182, major_opcode = 33, minor_opcode = 0
NetworkManager[899]: Starting strongSwan 5.5.2 IPsec [starter]...
NetworkManager[899]: Loading config setup
NetworkManager[899]: Loading conn 'cac1651d-9cbd-4989-bc57-b9707ddd012a'
NetworkManager[899]: found netkey IPsec stack
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 4.4.0-78-generic, x86_64)
NetworkManager[899]: nm-l2tp[5798] <warn>  IPsec service is not ready.
NetworkManager[899]: nm-l2tp[5798] <warn>  Could not establish IPsec tunnel.
NetworkManager[899]: (nm-l2tp-service:5798): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
NetworkManager[899]: <info>  [1496143732.4905] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state changed: stopped (6)
NetworkManager[899]: <info>  [1496143732.4929] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state change reason: unknown (0)
NetworkManager[899]: <info>  [1496143732.4952] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN service disappeared
NetworkManager[899]: <warn>  [1496143732.4971] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

我已经尝试删除network-manager-l2tp包-gnome并重新安装它们，但仍然出现同样的错误。

有什么解决办法吗？

答案1

我在开发人员的存储库中找到了一个解决方案。

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

版本 1.2.6 不再覆盖默认的 IPsec 密码，我怀疑您的 VPN 服务器正在使用较新的 strongSwan 版本认为已被破解的旧密码。

请参阅 README.md 文件中用户指定的 IPsec 密码套件部分，了解如何使用您自己的密码补充 strongSwan 默认密码：

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

我建议安装 ike-scan 包来检查你的 VPN 服务器宣传它支持哪些密码，例如：

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

因此，在这个公布了损坏的 3DES 密码的例子中，在版本 1.2.6 的 IPsec 对话框的高级部分中添加以下内容：

Phase1 算法：3des-sha1-modp1024
Phase2 算法：3des-sha1

完成所有步骤后，您尝试建立 L2TP 连接。

答案2

此答案专门用于在 L2TP/IP VPN 上连接到 Cisco Meraki 帐户。此解决方案适用于我的 Ubuntu 16.04 系统。所有说明均直接复制自 Pigman 的答案Meraki 论坛主题。向他致敬，他让我免于数小时的沮丧。

安装 network-manager-l2tp： sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp然后`sudo apt-get update sudo apt-get install network-manager-l2tp
如果使用 gnome，请安装 gnome 插件（如果使用其他桌面环境，请查看其网络管理器是否有插件）：sudo apt-get install network-manager-l2tp-gnome
重启
导航至“设置”>“网络”> 单击“+”按钮> 选择“第 2 层隧道协议 (L2TP)”
将新的 VPN 连接命名为
将主机名或地址输入到网关字段中。
在用户名字段中输入用户名。
单击“密码”字段中的图标，然后选择您想要提供的密码方式。
单击 IPSec 设置...
单击“启用 IPsec 隧道到 L2TP 主机”复选框
在预共享密钥字段中输入共享密钥。
将网关 ID 字段留空。
展开高级选项区域
在第 1 阶段算法框中输入“3des-sha1-modp1024”。
在第 2 阶段算法框中输入“3des-sha1”。
保留“强制 UDP 封装”复选框的选中状态。
单击“确定”。
单击保存。
打开终端并输入以下命令以永久禁用 xl2tpdservice： sudo service xl2tpd stop
同时输入以下内容： sudo systemctl disable xl2tpd
打开网络设置并尝试打开 VPN。

从以前的答案中采取了更多步骤，以确保万无一失

sudo service strongswan stop
sudo systemctl disable strongswan
您可以在 VPN 配置页面上点击密码文本框右侧的图标来保存密码

相关内容