Ubuntu 16.04:无法与 Stonesoft VPN 建立 VPN 连接

Ubuntu 16.04:无法与 Stonesoft VPN 建立 VPN 连接

我正在使用 Ubuntu 16.04.3 LTS 64 位,我正在尝试建立与 Stonesoft VPN 的 VPN 连接,据我所知,stonesoft 意味着 L2TP VPN,由于 Ubuntu 似乎不再支持 L2TP,我按照以下说明创建 VPN:Xerus - 网络管理器缺少 L2TP 插件?

遗憾的是,我仍然无法建立连接。他们只给了我

  • IP地址
  • 用户名
  • 密码

在系统日志中我看到以下内容:

Nov 12 09:58:42 immediata NetworkManager[996]: <info>  [1510477122.7520] audit: op="connection-activate" uuid="a944d391-ad32-4386-abed-902943385e1f" name="AreaVastaVpn" pid=2853 uid=1000 result="success"
Nov 12 09:58:42 immediata NetworkManager[996]: <info>  [1510477122.8019] vpn-connection[0x1523200,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: Started the VPN service, PID 4275
Nov 12 09:58:42 immediata NetworkManager[996]: <info>  [1510477122.8207] vpn-connection[0x1523200,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: Saw the service appear; activating connection
Nov 12 09:58:43 immediata gnome-session[2594]: Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
Nov 12 09:59:16 immediata NetworkManager[996]: <info>  [1510477156.8682] keyfile: update /etc/NetworkManager/system-connections/AreaVastaVpn (a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn")
Nov 12 09:59:16 immediata NetworkManager[996]: <info>  [1510477156.8735] vpn-connection[0x1523200,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: VPN connection: (ConnectInteractive) reply received
Nov 12 09:59:16 immediata NetworkManager[996]: nm-l2tp[4275] <info>  ipsec enable flag: yes
Nov 12 09:59:16 immediata NetworkManager[996]: ** Message: Check port 1701
Nov 12 09:59:16 immediata NetworkManager[996]: ** Message: Can't bind to port 1701
Nov 12 09:59:16 immediata NetworkManager[996]: nm-l2tp[4275] <warn>  L2TP port 1701 is busy, using ephemeral.
Nov 12 09:59:16 immediata NetworkManager[996]: nm-l2tp[4275] <info>  starting ipsec
Nov 12 09:59:16 immediata NetworkManager[996]: Stopping strongSwan IPsec...
Nov 12 09:59:16 immediata charon: 00[DMN] signal of type SIGINT received. Shutting down
Nov 12 09:59:16 immediata ipsec[4316]: Stopping strongSwan IPsec failed: starter is not running
Nov 12 09:59:19 immediata NetworkManager[996]: Starting strongSwan 5.3.5 IPsec [starter]...
Nov 12 09:59:19 immediata NetworkManager[996]: Loading config setup
Nov 12 09:59:19 immediata NetworkManager[996]: Loading conn 'a944d391-ad32-4386-abed-902943385e1f'
Nov 12 09:59:19 immediata NetworkManager[996]: found netkey IPsec stack
Nov 12 09:59:19 immediata charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-98-generic, x86_64)
Nov 12 09:59:19 immediata kernel: [  543.237222] audit: type=1400 audit(1510477159.053:41): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/usr/local/lib/libxml2.so.2.9.1" pid=4345 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 12 09:59:19 immediata charon: 00[CFG] disabling load-tester plugin, not configured
Nov 12 09:59:19 immediata charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Nov 12 09:59:19 immediata charon: 00[CFG] dnscert plugin is disabled
Nov 12 09:59:19 immediata charon: 00[CFG] ipseckey plugin is disabled
Nov 12 09:59:19 immediata charon: 00[CFG] attr-sql plugin: database URI not set
Nov 12 09:59:19 immediata charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 12 09:59:19 immediata charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 12 09:59:19 immediata charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 12 09:59:19 immediata charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 12 09:59:19 immediata charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 12 09:59:19 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 12 09:59:19 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-7a4acce7-0546-4531-a80f-5fc950241a95.secrets'
Nov 12 09:59:19 immediata charon: 00[CFG]   loaded IKE secret for %any
Nov 12 09:59:19 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8fa9aa57-6f5a-42cf-adf7-b84da24e632c.secrets'
Nov 12 09:59:19 immediata charon: 00[CFG]   loaded IKE secret for XX.XXX.XX.XX
Nov 12 09:59:19 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a944d391-ad32-4386-abed-902943385e1f.secrets'
Nov 12 09:59:19 immediata charon: 00[CFG]   loaded IKE secret for %any
Nov 12 09:59:19 immediata charon: 00[CFG] sql plugin: database URI not set
Nov 12 09:59:19 immediata charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Nov 12 09:59:19 immediata charon: 00[CFG] eap-simaka-sql database URI missing
Nov 12 09:59:19 immediata charon: 00[CFG] loaded 0 RADIUS server configurations
Nov 12 09:59:19 immediata charon: 00[CFG] no threshold configured for systime-fix, disabled
Nov 12 09:59:19 immediata charon: 00[CFG] coupling file path unspecified
Nov 12 09:59:19 immediata charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity
Nov 12 09:59:19 immediata charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Nov 12 09:59:19 immediata charon: 00[JOB] spawning 16 worker threads
Nov 12 09:59:19 immediata charon: 07[CFG] received stroke: add connection 'a944d391-ad32-4386-abed-902943385e1f'
Nov 12 09:59:19 immediata charon: 07[CFG] added configuration 'a944d391-ad32-4386-abed-902943385e1f'
Nov 12 09:59:20 immediata charon: 06[CFG] rereading secrets
Nov 12 09:59:20 immediata charon: 06[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 12 09:59:20 immediata charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-7a4acce7-0546-4531-a80f-5fc950241a95.secrets'
Nov 12 09:59:20 immediata charon: 06[CFG]   loaded IKE secret for %any
Nov 12 09:59:20 immediata charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8fa9aa57-6f5a-42cf-adf7-b84da24e632c.secrets'
Nov 12 09:59:20 immediata charon: 06[CFG]   loaded IKE secret for XX.XXX.XX.XX
Nov 12 09:59:20 immediata charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a944d391-ad32-4386-abed-902943385e1f.secrets'
Nov 12 09:59:20 immediata charon: 06[CFG]   loaded IKE secret for %any
Nov 12 09:59:20 immediata NetworkManager[996]: nm-l2tp[4275] <info>  Spawned ipsec up script with PID 4370.
Nov 12 09:59:20 immediata charon: 10[CFG] received stroke: initiate 'a944d391-ad32-4386-abed-902943385e1f'
Nov 12 09:59:20 immediata charon: 11[IKE] initiating Main Mode IKE_SA a944d391-ad32-4386-abed-902943385e1f[1] to XX.XXX.XX.XX
Nov 12 09:59:20 immediata charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V ]
Nov 12 09:59:20 immediata charon: 11[NET] sending packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (248 bytes)
Nov 12 09:59:20 immediata charon: 12[NET] received packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (102 bytes)
Nov 12 09:59:20 immediata charon: 12[ENC] parsed INFORMATIONAL_V1 request 1567910028 [ N(NO_PROP) ]
Nov 12 09:59:20 immediata charon: 12[IKE] received NO_PROPOSAL_CHOSEN error notify
Nov 12 09:59:20 immediata NetworkManager[996]: initiating Main Mode IKE_SA a944d391-ad32-4386-abed-902943385e1f[1] to XX.XXX.XX.XX
Nov 12 09:59:20 immediata NetworkManager[996]: generating ID_PROT request 0 [ SA V V V V ]
Nov 12 09:59:20 immediata NetworkManager[996]: sending packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (248 bytes)
Nov 12 09:59:20 immediata NetworkManager[996]: received packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (102 bytes)
Nov 12 09:59:20 immediata NetworkManager[996]: parsed INFORMATIONAL_V1 request 1567910028 [ N(NO_PROP) ]
Nov 12 09:59:20 immediata NetworkManager[996]: received NO_PROPOSAL_CHOSEN error notify
Nov 12 09:59:20 immediata NetworkManager[996]: establishing connection 'a944d391-ad32-4386-abed-902943385e1f' failed
Nov 12 09:59:20 immediata NetworkManager[996]: Stopping strongSwan IPsec...
Nov 12 09:59:20 immediata charon: 00[DMN] signal of type SIGINT received. Shutting down
Nov 12 09:59:20 immediata NetworkManager[996]: nm-l2tp[4275] <warn>  Could not establish IPsec tunnel.
Nov 12 09:59:20 immediata NetworkManager[996]: (nm-l2tp-service:4275): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 12 09:59:20 immediata NetworkManager[996]: <info>  [1510477160.4101] vpn-connection[0x1523200,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: VPN service disappeared
Nov 12 09:59:20 immediata NetworkManager[996]: <warn>  [1510477160.4110] vpn-connection[0x1523200,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

有人能给我一些关于如何解决这个问题的建议吗?谢谢 Angelo

更新

抱歉,我刚刚在日志中看到了与端口 1701 相关的错误。我忘记禁用 xl2tpd 服务了。我禁用了,但仍然无法连接

这是我的新系统日志跟踪

Nov 13 09:35:35 immediata NetworkManager[996]: <info>  [1510562135.1201] audit: op="connection-activate" uuid="a944d391-ad32-4386-abed-902943385e1f" name="AreaVastaVpn" pid=2853 uid=1000 result="success"
Nov 13 09:35:35 immediata NetworkManager[996]: <info>  [1510562135.1264] vpn-connection[0x15235c0,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: Started the VPN service, PID 8554
Nov 13 09:35:35 immediata NetworkManager[996]: <info>  [1510562135.1374] vpn-connection[0x15235c0,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: Saw the service appear; activating connection
Nov 13 09:35:35 immediata gnome-session[2594]: Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
Nov 13 09:35:44 immediata NetworkManager[996]: <info>  [1510562144.2090] keyfile: update /etc/NetworkManager/system-connections/AreaVastaVpn (a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn")
Nov 13 09:35:44 immediata NetworkManager[996]: <info>  [1510562144.2150] vpn-connection[0x15235c0,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: VPN connection: (ConnectInteractive) reply received
Nov 13 09:35:44 immediata NetworkManager[996]: nm-l2tp[8554] <info>  ipsec enable flag: yes
Nov 13 09:35:44 immediata NetworkManager[996]: ** Message: Check port 1701
Nov 13 09:35:44 immediata NetworkManager[996]: nm-l2tp[8554] <info>  starting ipsec
Nov 13 09:35:44 immediata NetworkManager[996]: Stopping strongSwan IPsec failed: starter is not running
Nov 13 09:35:46 immediata NetworkManager[996]: Starting strongSwan 5.3.5 IPsec [starter]...
Nov 13 09:35:46 immediata NetworkManager[996]: Loading config setup
Nov 13 09:35:46 immediata NetworkManager[996]: Loading conn 'a944d391-ad32-4386-abed-902943385e1f'
Nov 13 09:35:46 immediata NetworkManager[996]: found netkey IPsec stack
Nov 13 09:35:46 immediata charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-98-generic, x86_64)
Nov 13 09:35:46 immediata kernel: [ 2727.978478] audit: type=1400 audit(1510562146.258:46): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/usr/local/lib/libxml2.so.2.9.1" pid=8601 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 13 09:35:46 immediata charon: 00[CFG] disabling load-tester plugin, not configured
Nov 13 09:35:46 immediata charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Nov 13 09:35:46 immediata charon: 00[CFG] dnscert plugin is disabled
Nov 13 09:35:46 immediata charon: 00[CFG] ipseckey plugin is disabled
Nov 13 09:35:46 immediata charon: 00[CFG] attr-sql plugin: database URI not set
Nov 13 09:35:46 immediata charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 13 09:35:46 immediata charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 13 09:35:46 immediata charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 13 09:35:46 immediata charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 13 09:35:46 immediata charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 13 09:35:46 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 13 09:35:46 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-7a4acce7-0546-4531-a80f-5fc950241a95.secrets'
Nov 13 09:35:46 immediata charon: 00[CFG]   loaded IKE secret for %any
Nov 13 09:35:46 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8fa9aa57-6f5a-42cf-adf7-b84da24e632c.secrets'
Nov 13 09:35:46 immediata charon: 00[CFG]   loaded IKE secret for XX.XXX.XX.XX
Nov 13 09:35:46 immediata charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a944d391-ad32-4386-abed-902943385e1f.secrets'
Nov 13 09:35:46 immediata charon: 00[CFG]   loaded IKE secret for %any
Nov 13 09:35:46 immediata charon: 00[CFG] sql plugin: database URI not set
Nov 13 09:35:46 immediata charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Nov 13 09:35:46 immediata charon: 00[CFG] eap-simaka-sql database URI missing
Nov 13 09:35:46 immediata charon: 00[CFG] loaded 0 RADIUS server configurations
Nov 13 09:35:46 immediata charon: 00[CFG] no threshold configured for systime-fix, disabled
Nov 13 09:35:46 immediata charon: 00[CFG] coupling file path unspecified
Nov 13 09:35:46 immediata charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity
Nov 13 09:35:46 immediata charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Nov 13 09:35:46 immediata charon: 00[JOB] spawning 16 worker threads
Nov 13 09:35:46 immediata charon: 09[CFG] received stroke: add connection 'a944d391-ad32-4386-abed-902943385e1f'
Nov 13 09:35:46 immediata charon: 09[CFG] added configuration 'a944d391-ad32-4386-abed-902943385e1f'
Nov 13 09:35:47 immediata charon: 05[CFG] rereading secrets
Nov 13 09:35:47 immediata charon: 05[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 13 09:35:47 immediata charon: 05[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-7a4acce7-0546-4531-a80f-5fc950241a95.secrets'
Nov 13 09:35:47 immediata charon: 05[CFG]   loaded IKE secret for %any
Nov 13 09:35:47 immediata charon: 05[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8fa9aa57-6f5a-42cf-adf7-b84da24e632c.secrets'
Nov 13 09:35:47 immediata charon: 05[CFG]   loaded IKE secret for XX.XXX.XX.XX
Nov 13 09:35:47 immediata charon: 05[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a944d391-ad32-4386-abed-902943385e1f.secrets'
Nov 13 09:35:47 immediata charon: 05[CFG]   loaded IKE secret for %any
Nov 13 09:35:47 immediata NetworkManager[996]: nm-l2tp[8554] <info>  Spawned ipsec up script with PID 8627.
Nov 13 09:35:47 immediata charon: 13[CFG] received stroke: initiate 'a944d391-ad32-4386-abed-902943385e1f'
Nov 13 09:35:47 immediata charon: 03[IKE] initiating Main Mode IKE_SA a944d391-ad32-4386-abed-902943385e1f[1] to XX.XXX.XX.XX
Nov 13 09:35:47 immediata charon: 03[ENC] generating ID_PROT request 0 [ SA V V V V ]
Nov 13 09:35:47 immediata charon: 03[NET] sending packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (248 bytes)
Nov 13 09:35:51 immediata charon: 04[IKE] sending retransmit 1 of request message ID 0, seq 1
Nov 13 09:35:51 immediata charon: 04[NET] sending packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (248 bytes)
Nov 13 09:35:57 immediata NetworkManager[996]: nm-l2tp[8554] <warn>  Timeout trying to establish IPsec connection
Nov 13 09:35:57 immediata NetworkManager[996]: nm-l2tp[8554] <info>  Terminating ipsec script with PID 8627.
Nov 13 09:35:57 immediata NetworkManager[996]: Stopping strongSwan IPsec...
Nov 13 09:35:57 immediata charon: 00[DMN] signal of type SIGINT received. Shutting down
Nov 13 09:35:57 immediata charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Nov 13 09:35:57 immediata NetworkManager[996]: initiating Main Mode IKE_SA a944d391-ad32-4386-abed-902943385e1f[1] to XX.XXX.XX.XX
Nov 13 09:35:57 immediata NetworkManager[996]: generating ID_PROT request 0 [ SA V V V V ]
Nov 13 09:35:57 immediata NetworkManager[996]: sending packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (248 bytes)
Nov 13 09:35:57 immediata NetworkManager[996]: sending retransmit 1 of request message ID 0, seq 1
Nov 13 09:35:57 immediata NetworkManager[996]: sending packet: from XX.XXX.XX.XX[500] to XX.XXX.XX.XX[500] (248 bytes)
Nov 13 09:35:57 immediata NetworkManager[996]: destroying IKE_SA in state CONNECTING without notification
Nov 13 09:35:57 immediata NetworkManager[996]: establishing connection 'a944d391-ad32-4386-abed-902943385e1f' failed
Nov 13 09:35:57 immediata NetworkManager[996]: nm-l2tp[8554] <warn>  Could not establish IPsec tunnel.
Nov 13 09:35:57 immediata NetworkManager[996]: (nm-l2tp-service:8554): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 13 09:35:57 immediata NetworkManager[996]: <info>  [1510562157.3575] vpn-connection[0x15235c0,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: VPN service disappeared
Nov 13 09:35:57 immediata NetworkManager[996]: <warn>  [1510562157.3587] vpn-connection[0x15235c0,a944d391-ad32-4386-abed-902943385e1f,"AreaVastaVpn",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Nov 13 09:36:06 immediata wpa_supplicant[1346]: wlan0: Failed to initiate sched scan

有人可以给我一点建议吗?

谢谢

安杰洛

更新 2 ike-scan.sh 结果

我运行 ike-scan.sh

命令结果sudo ./ike-scan.sh XX.XXX.XX.XX | grep SA

ike-扫描 grep sa

命令结果sudo ./ike-scan.sh XX.XXX.XX.XX

ike-scan 没有 grep

答案1

您可能想要删除以下由于某种原因未被删除的临时文件:

sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

如下页所述:

您可以执行以下操作来安装 network-manager-l2tp :

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome

“无法绑定到端口 1701”xl2tpd 警告不是一个错误,但当使用临时端口时,它可能会对某些防火墙和/或 VPN 服务器造成问题,更多详细信息请参见此处:

但我认为您遇到的“收到 NO_PROPOSAL_CHOSEN 错误”是因为 VPN 服务器仅提出旧的损坏加密算法,请参阅:

它详细介绍了如何查询 VPN 服务器支持的算法,并提供了一个常见算法失效解决方法的示例。但建议的解决方法是重新配置 VPN 服务器以使用更强大的算法。

如果您仍然遇到问题,并且假设您正在使用上述 PPA 存储库,您可以尝试通过执行以下操作将 strongswan 替换为 libreswan:

sudo apt install libreswan

但请确保删除您可能在 IPsec 选项对话框中输入的任何阶段 1/阶段 2 算法,因为该 PPA 存储库中的 libreswan 版本尚未从其默认提案集中删除常见的损坏算法。

可能还需要重新启动 NetworkManager 以确保 NetworkManager-l2tp 已经接收了 libreswan 更改:

sudo systemctl restart NetworkManager.service

答案2

您提到 Ubuntu 似乎不再支持 L2TP。Ubuntu 17.10(及更高版本)在标准存储库中默认附带 network-manager-l2tp 包。

正如以下 PPA 页面所述:

如果您希望将这些反向移植的软件包添加到官方 Ubuntu 16.10 或 17.04 反向移植存储库,请登录以下页面并点击“这个错误会影响您吗?”链接投票添加它们:

https://bugs.launchpad.net/xenial-backports/+bug/1697934

不幸的是,只有 6 位 Ubuntu 用户投票支持将该软件包正式移植到 Ubuntu 16.04,因此似乎不太可能发生。

相关内容