我正在尝试连接到我的官方 VPN,但无法正常工作。我正在分享一些系统日志和调试日志。请帮忙
sudo tail -f /var/log/syslog
May 1 00:22:32 luser NetworkManager[440]: <info> [1651378952.6564] audit: op="connection-activate" uuid="7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" name="OfficeVPN" pid=933 uid=1000 result="success"
May 1 00:22:32 luser NetworkManager[440]: <info> [1651378952.6941] vpn-connection[0x55f43ce52330,7aa5b8a6-5c38-4e1e-a194-8cf1c6881726,"OfficeVPN",0]: Started the VPN service, PID 26582
May 1 00:22:32 luser NetworkManager[440]: <info> [1651378952.7817] vpn-connection[0x55f43ce52330,7aa5b8a6-5c38-4e1e-a194-8cf1c6881726,"OfficeVPN",0]: Saw the service appear; activating connection
May 1 00:22:32 luser NetworkManager[440]: <info> [1651378952.8443] vpn-connection[0x55f43ce52330,7aa5b8a6-5c38-4e1e-a194-8cf1c6881726,"OfficeVPN",0]: VPN connection: (ConnectInteractive) reply received
May 1 00:22:32 luser NetworkManager[26593]: Redirecting to: systemctl restart ipsec.service
May 1 00:22:32 luser systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May 1 00:22:32 luser whack[26597]: 002 shutting down
May 1 00:22:33 luser ipsec[26603]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser libipsecconf[26603]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser systemd[1]: ipsec.service: Succeeded.
May 1 00:22:33 luser systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May 1 00:22:33 luser systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May 1 00:22:33 luser addconn[26607]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser libipsecconf[26607]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser _stackmanager[26610]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser libipsecconf[26610]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser _stackmanager[26615]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:33 luser libipsecconf[26615]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:34 luser ipsec[26868]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:34 luser libipsecconf[26868]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:34 luser ipsec[26866]: nflog ipsec capture disabled
May 1 00:22:34 luser systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May 1 00:22:34 luser libipsecconf[26887]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 1 00:22:34 luser NetworkManager[26884]: 002 listening for IKE messages
May 1 00:22:34 luser NetworkManager[26884]: 002 Kernel supports NIC esp-hw-offload
May 1 00:22:34 luser NetworkManager[26884]: 002 adding interface wlp3s0/wlp3s0 (esp-hw-offload=no) 192.168.1.43:500
May 1 00:22:34 luser NetworkManager[26884]: 002 adding interface wlp3s0/wlp3s0 192.168.1.43:4500
May 1 00:22:34 luser NetworkManager[26884]: 002 Kernel supports NIC esp-hw-offload
May 1 00:22:34 luser NetworkManager[26884]: 002 adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
May 1 00:22:34 luser NetworkManager[26884]: 002 adding interface lo/lo 127.0.0.1:4500
May 1 00:22:34 luser NetworkManager[26884]: 002 Kernel supports NIC esp-hw-offload
May 1 00:22:34 luser NetworkManager[26884]: 002 adding interface lo/lo (esp-hw-offload=no) ::1:500
May 1 00:22:34 luser NetworkManager[26884]: 002 loading secrets from "/etc/ipsec.secrets"
May 1 00:22:34 luser NetworkManager[26884]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 1 00:22:34 luser NetworkManager[26890]: debugging mode enabled
May 1 00:22:34 luser NetworkManager[26890]: end of file /run/nm-l2tp-7aa5b8a6-5c38-4e1e-a194-8cf1c6881726/ipsec.conf
May 1 00:22:35 luser NetworkManager[26890]: Loading conn 7aa5b8a6-5c38-4e1e-a194-8cf1c6881726
May 1 00:22:35 luser NetworkManager[26890]: starter: left is KH_DEFAULTROUTE
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" modecfgdns=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" modecfgdomains=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" modecfgbanner=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" mark=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" mark-in=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" mark-out=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" vti_iface=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" redirect-to=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" accept-redirect-to=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" esp=<unset>
May 1 00:22:35 luser NetworkManager[26890]: conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" ike=<unset>
May 1 00:22:35 luser NetworkManager[26890]: opening file: /run/nm-l2tp-7aa5b8a6-5c38-4e1e-a194-8cf1c6881726/ipsec.conf
May 1 00:22:35 luser NetworkManager[26890]: loading named conns: 7aa5b8a6-5c38-4e1e-a194-8cf1c6881726
May 1 00:22:35 luser NetworkManager[26890]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
May 1 00:22:35 luser NetworkManager[26890]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
May 1 00:22:35 luser NetworkManager[26890]: dst via 192.168.1.1 dev wlp3s0 src table 254
May 1 00:22:35 luser NetworkManager[26890]: set nexthop: 192.168.1.1
May 1 00:22:35 luser NetworkManager[26890]: dst 192.168.1.0 via dev wlp3s0 src 192.168.1.43 table 254
May 1 00:22:35 luser NetworkManager[26890]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: dst 192.168.1.0 via dev wlp3s0 src 192.168.1.43 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: dst 192.168.1.43 via dev wlp3s0 src 192.168.1.43 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: dst 192.168.1.255 via dev wlp3s0 src 192.168.1.43 table 255 (ignored)
May 1 00:22:35 luser NetworkManager[26890]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
May 1 00:22:35 luser NetworkManager[26890]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
May 1 00:22:35 luser NetworkManager[26890]: dst 192.168.1.1 via dev wlp3s0 src 192.168.1.43 table 254
May 1 00:22:35 luser NetworkManager[26890]: set addr: 192.168.1.43
May 1 00:22:35 luser NetworkManager[26890]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
May 1 00:22:35 luser NetworkManager[26892]: 031 "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726": cannot initiate connection with narrowing=no and (kind=CK_TEMPLATE)
May 1 00:22:35 luser NetworkManager[26892]: 036 failed to initiate 7aa5b8a6-5c38-4e1e-a194-8cf1c6881726
May 1 00:22:35 luser nm-l2tp-service[26582]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
May 1 00:22:35 luser NetworkManager[440]: <info> [1651378955.2928] vpn-connection[0x55f43ce52330,7aa5b8a6-5c38-4e1e-a194-8cf1c6881726,"OfficeVPN",0]: VPN service disappeared
May 1 00:22:35 luser NetworkManager[440]: <warn> [1651378955.3092] vpn-connection[0x55f43ce52330,7aa5b8a6-5c38-4e1e-a194-8cf1c6881726,"OfficeVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
May 1 00:23:33 luser PackageKit: daemon quit
May 1 00:23:33 luser systemd[1]: packagekit.service: Succeeded.
和
sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
[sudo] password for luser:
nm-l2tp[39145] <debug> nm-l2tp-service (version 1.20.0) starting...
nm-l2tp[39145] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[39145] <info> ipsec enable flag: yes
ipv6
address-data : []
dns : []
dns-search : []
ip6-privacy : 0
method : 'auto'
route-data : []
ipv4
address-data : []
dns : []
dns-search : []
method : 'auto'
route-data : []
proxy
connection
autoconnect : false
id : 'OfficeVPN'
permissions : ['user:luser:']
type : 'vpn'
uuid : 'UUID'
vpn
data : {'ephemeral-port': 'yes', 'gateway': 'gateway', 'ipsec-enabled': 'yes', 'ipsec-forceencaps': 'yes', 'ipsec-ikev2': 'yes', 'ipsec-ipcomp': 'yes', 'machine-auth-type': 'psk', 'mru': '1400', 'mtu': '1400', 'password-flags': '0', 'user': 'vpnuser', 'user-auth-type': 'password'}
secrets : {'ipsec-psk': 'presharedkey', 'password': 'password'}
service-type : 'org.freedesktop.NetworkManager.l2tp'
nm-l2tp[39145] <info> starting ipsec
Redirecting to: systemctl restart ipsec.service
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
opening file: /run/nm-l2tp-7aa5b8a6-5c38-4e1e-a194-8cf1c6881726/ipsec.conf
debugging mode enabled
end of file /run/nm-l2tp-7aa5b8a6-5c38-4e1e-a194-8cf1c6881726/ipsec.conf
Loading conn 7aa5b8a6-5c38-4e1e-a194-8cf1c6881726
starter: left is KH_DEFAULTROUTE
loading named conns: 7aa5b8a6-5c38-4e1e-a194-8cf1c6881726
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst via 192.168.1.1 dev wlp3s0 src table 254
set nexthop: 192.168.1.1
dst 192.168.1.0 via dev wlp3s0 src 192.168.1.43 table 254
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
dst 192.168.1.0 via dev wlp3s0 src 192.168.1.43 table 255 (ignored)
dst 192.168.1.43 via dev wlp3s0 src 192.168.1.43 table 255 (ignored)
dst 192.168.1.255 via dev wlp3s0 src 192.168.1.43 table 255 (ignored)
seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 192.168.1.1 via dev wlp3s0 src 192.168.1.43 table 254
set addr: 192.168.1.43
seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" modecfgdns=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" modecfgdomains=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" modecfgbanner=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" mark=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" mark-in=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" mark-out=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" vti_iface=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" redirect-to=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" accept-redirect-to=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" esp=<unset>
conn: "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726" ike=<unset>
002 added connection description "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726"
nm-l2tp[39145] <info> Spawned ipsec auto --up script with PID 39454.
031 "7aa5b8a6-5c38-4e1e-a194-8cf1c6881726": cannot initiate connection with narrowing=no and (kind=CK_TEMPLATE)
036 failed to initiate 7aa5b8a6-5c38-4e1e-a194-8cf1c6881726
nm-l2tp[39145] <warn> Could not establish IPsec tunnel.
(nm-l2tp-service:39145): GLib-GIO-CRITICAL **: 00:58:46.781: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
答案1
由于您使用的是 network-manager-l2tp 1.20.0nm-l2tp PPA,解决方法是升级到版本 1.20.4:
sudo apt update
sudo apt upgrade network-manager-l2tp
您不再需要为此问题停止系统 xl2tpd,此问题已通过源代码中的以下提交得到修复:
https://github.com/nm-l2tp/NetworkManager-l2tp/commit/a2387d7111e52c1854db8dc557ae2483e8551824