连接 VPN 的问题

连接 VPN 的问题

我正在尝试使用 L2TP 和 StrongSwan 连接到 VPN。阅读我从 获得的日志journalctl -f -u NetworkManager,看起来我确实与 VPN 建立了连接。只是它在某个地方崩溃了,我不知道具体在哪里发生。以下是日志:

NetworkManager[772]: [1568791368.4794] audit: op="connection-activate" uuid="9ec1ad72-bf05-4576-a623-22605eeeb1f7" name="VPN 1" pid=2599 uid=1000 result="success" 
NetworkManager[772]: [1568791368.4861] vpn-connection[0x559cbd21a730,9ec1ad72-bf05-4576-a623-22605eeeb1f7,"VPN 1",0]: Started the VPN service, PID 14422
NetworkManager[772]: [1568791368.4929] vpn-connection[0x559cbd21a730,9ec1ad72-bf05-4576-a623-22605eeeb1f7,"VPN 1",0]: Saw the service appear; activating connection
NetworkManager[772]: [1568791368.5593] vpn-connection[0x559cbd21a730,9ec1ad72-bf05-4576-a623-22605eeeb1f7,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
nm-l2tp-service[14422]: Check port 1701 Sep 18 09:22:48 floris-XPS-13-9360 NetworkManager[772]: Stopping strongSwan IPsec failed: starter is not running 
NetworkManager[772]: Starting strongSwan 5.6.2 IPsec [starter]... 
NetworkManager[772]: Loading config setup 
NetworkManager[772]: Loading conn '9ec1ad72-bf05-4576-a623-22605eeeb1f7' 
ipsec_starter[14439]: Starting strongSwan 5.6.2 IPsec [starter]... 
ipsec_starter[14439]: Loading config setup 
ipsec_starter[14439]: Loading conn '9ec1ad72-bf05-4576-a623-22605eeeb1f7' 
NetworkManager[772]: found netkey IPsec stack 
ipsec_starter[14439]: found netkey IPsec stack 
ipsec_starter[14460]: Attempting to start charon... 
charon[14461]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-27-generic, x86_64) 
charon[14461]: 00[CFG] PKCS11 module '' lacks library path 
charon[14461]: 00[CFG] disabling load-tester plugin, not configured charon[14461]: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL 
charon[14461]: 00[CFG] dnscert plugin is disabled 
charon[14461]: 00[CFG] ipseckey plugin is disabled 
charon[14461]: 00[CFG] attr-sql plugin: database URI not set 
charon[14461]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 
charon[14461]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 
charon[14461]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 
charon[14461]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 
charon[14461]: 00[CFG] loading crls from '/etc/ipsec.d/crls' 
charon[14461]: 00[CFG] loading secrets from '/etc/ipsec.secrets' 
charon[14461]: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-9ec1ad72-bf05-4576-a623-22605eeeb1f7.secrets' 
charon[14461]: 00[CFG] loaded IKE secret for %any 
charon[14461]: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a168f087-5f2b-42c2-949a-dd18c8af1217.secrets' 
charon[14461]: 00[CFG] loaded IKE secret for %any 
charon[14461]: 00[CFG] sql plugin: database URI not set 
charon[14461]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory 
charon[14461]: 00[CFG] eap-simaka-sql database URI missing 
charon[14461]: 00[CFG] loaded 0 RADIUS server configurations 
charon[14461]: 00[CFG] HA config misses local/remote address 
charon[14461]: 00[CFG] no threshold configured for systime-fix, disabled 
charon[14461]: 00[CFG] coupling file path unspecified 
charon[14461]: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters 
charon[14461]: 00[LIB] dropped capabilities, running as uid 0, gid 0 
charon[14461]: 00[JOB] spawning 16 worker threads ipsec_starter[14460]: 
charon (14461) started after 40 ms 
charon[14461]: 05[CFG] received stroke: add connection '9ec1ad72-bf05-4576-a623-22605eeeb1f7' 
charon[14461]: 05[CFG] algorithm 'ecp_384' not recognized 
charon[14461]: 05[CFG] skipped invalid proposal string: aes256-sha1-ecp_384 
charon[14461]: 10[CFG] rereading secrets 
charon[14461]: 10[CFG] loading secrets from '/etc/ipsec.secrets' 
charon[14461]: 10[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-9ec1ad72-bf05-4576-a623-22605eeeb1f7.secrets' 
charon[14461]: 10[CFG] loaded IKE secret for %any 
charon[14461]: 10[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a168f087-5f2b-42c2-949a-dd18c8af1217.secrets' 
charon[14461]: 10[CFG] loaded IKE secret for %any 
charon[14461]: 13[CFG] received stroke: initiate '9ec1ad72-bf05-4576-a623-22605eeeb1f7' 
charon[14461]: 13[CFG] no config named '9ec1ad72-bf05-4576-a623-22605eeeb1f7' 
NetworkManager[772]: no config named '9ec1ad72-bf05-4576-a623-22605eeeb1f7' 
NetworkManager[772]: Stopping strongSwan IPsec... 
charon[14461]: 00[DMN] signal of type SIGINT received. Shutting down 
ipsec_starter[14460]: child 14461 (charon) has quit (exit code 0) 
ipsec_starter[14460]: ipsec_starter[14460]: charon stopped after 200 ms 
ipsec_starter[14460]: ipsec starter stopped nm-l2tp-service[14422]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed 
NetworkManager[772]: [1568791372.0377] vpn-connection[0x559cbd21a730,9ec1ad72-bf05-4576-a623-22605eeeb1f7,"VPN 1",0]: VPN plugin: state changed: stopped (6) 
NetworkManager[772]: [1568791372.0476] vpn-connection[0x559cbd21a730,9ec1ad72-bf05-4576-a623-22605eeeb1f7,"VPN 1",0]: VPN service disappeared 
NetworkManager[772]: [1568791372.0524] vpn-connection[0x559cbd21a730,9ec1ad72-bf05-4576-a623-22605eeeb1f7,"VPN 1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

我没有看到明确的警告,也没有看到说明失败原因的声明。我是不是漏掉了什么?

答案1

ecp_384 not recognised错误是因为 strongswan 使用了ecp384,请参阅:

您似乎还有两个 PSK 文件,我建议删除它们,因为可能会使用错误的 PSK。

sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec-9ec1ad72-bf05-4576-a623-22605eeeb1f7.secrets

sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec-a168f087-5f2b-42c2-949a-dd18c8af1217.secrets

我建议从这个 PPA 升级到网络管理器-l2tp 1.2.16,它具有来自 Debian sid 的反向移植:

它修复了 PSK /etc/ipsec.d/nm-l2tp-ipsec-*.secrets 文件未被删除以及使用了错误的 PSK 的问题。您也不需要为第 1 阶段和第 2 阶段算法输入任何内容,因为它默认使用来自 Win 10 和 macOS/iOS/iPadOS L2TP/IPsec 客户端的提案合并,并且不再使用 libreswan 或 strongswan 默认提案集。

相关内容