我正在尝试连接到 VPN 服务器,但是它不工作。
输出自tail -f /var/log/syslog | grep -E "pppd|charon|NetworkManager|strongSwan|ipsec|l2tp"
NetworkManager[22546]: <info> [1627051862.8499] audit: op="connection-activate" uuid="<uuid>" name="<company-name> VPN" pid=24903 uid=1001 result="success"
NetworkManager[22546]: <info> [1627051862.8517] vpn-connection[0x55894caa6390,<uuid>,"<company-name> VPN",0]: Saw the service appear; activating connection
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::ActiveConnectionPrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "StateFlags"
/usr/lib/gdm3/gdm-x-session[6358]: message repeated 2 times: [ networkmanager-qt: virtual void NetworkManager::ActiveConnectionPrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "StateFlags"]
charon: 00[DMN] signal of type SIGINT received. Shutting down
ipsec[24840]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-77-generic, x86_64)
ipsec[24840]: 00[CFG] PKCS11 module '<name>' lacks library path
ipsec[24840]: 00[CFG] disabling load-tester plugin, not configured
ipsec[24840]: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
ipsec[24840]: 00[CFG] dnscert plugin is disabled
ipsec[24840]: 00[CFG] ipseckey plugin is disabled
ipsec[24840]: 00[CFG] attr-sql plugin: database URI not set
ipsec[24840]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
ipsec[24840]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
ipsec[24840]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
ipsec[24840]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
ipsec[24840]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
ipsec[24840]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
ipsec[24840]: 00[CFG] expanding file expression '/etc/ipsec.d/ipsec.nm-l2tp.secrets' failed
ipsec[24840]: 00[CFG] sql plugin: database URI not set
ipsec[24840]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
ipsec[24840]: 00[CFG] eap-simaka-sql database URI missing
ipsec[24840]: 00[CFG] loaded 0 RADIUS server configurations
ipsec[24840]: 00[CFG] HA config misses local/remote address
ipsec[24840]: 00[CFG] no threshold configured for systime-fix, disabled
ipsec[24840]: 00[CFG] coupling file path unspecified
ipsec[24840]: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
ipsec[24840]: 00[LIB] dropped capabilities, running as uid 0, gid 0
ipsec[24840]: 00[JOB] spawning 16 worker threads
ipsec[24840]: 00[DMN] signal of type SIGINT received. Shutting down
ipsec[24840]: charon stopped after 200 ms
ipsec[24840]: ipsec starter stopped
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-77-generic, x86_64)
charon: 00[CFG] PKCS11 module '<name>' lacks library path
charon: 00[CFG] disabling load-tester plugin, not configured
charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
charon: 00[CFG] loading unbound resolver config from '/etc/resolv.conf'
charon: 00[CFG] loading unbound trust anchors from '/etc/ipsec.d/dnssec.keys'
charon: 00[CFG] dnscert plugin is disabled
charon: 00[CFG] loading unbound resolver config from '/etc/resolv.conf'
charon: 00[CFG] loading unbound trust anchors from '/etc/ipsec.d/dnssec.keys'
charon: 00[CFG] ipseckey plugin is disabled
charon: 00[CFG] attr-sql plugin: database URI not set
charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
charon: 00[CFG] loaded IKE secret for %any
charon: 00[CFG] sql plugin: database URI not set
charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
charon: 00[CFG] eap-simaka-sql database URI missing
charon: 00[CFG] loaded 0 RADIUS server configurations
charon: 00[CFG] HA config misses local/remote address
charon: 00[CFG] no threshold configured for systime-fix, disabled
charon: 00[CFG] coupling file path unspecified
charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
charon: 00[JOB] spawning 16 worker threads
charon: 05[CFG] received stroke: add connection '<uuid>'
charon: 05[CFG] conn <uuid>
charon: 05[CFG] left=%any
charon: 05[CFG] leftauth=psk
charon: 05[CFG] right=<vpn-ip-address>
charon: 05[CFG] rightauth=psk
charon: 05[CFG] rightid=%any
charon: 05[CFG] ike=3des-sha1-modp1024!
charon: 05[CFG] esp=3des-sha1!
charon: 05[CFG] dpddelay=30
charon: 05[CFG] dpdtimeout=150
charon: 05[CFG] sha256_96=no
charon: 05[CFG] mediation=no
charon: 05[CFG] keyexchange=ikev1
charon: 05[CFG] added configuration '<uuid>'
charon: 08[CFG] rereading secrets
charon: 08[CFG] loading secrets from '/etc/ipsec.secrets'
charon: 08[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
charon: 08[CFG] loaded IKE secret for %any
charon: 10[CFG] received stroke: initiate '<uuid>'
charon: 11[IKE] queueing ISAKMP_VENDOR task
charon: 11[IKE] queueing ISAKMP_CERT_PRE task
charon: 11[IKE] queueing MAIN_MODE task
charon: 11[IKE] queueing ISAKMP_CERT_POST task
charon: 11[IKE] queueing ISAKMP_NATD task
charon: 11[IKE] queueing QUICK_MODE task
charon: 11[IKE] activating new tasks
charon: 11[IKE] activating ISAKMP_VENDOR task
charon: 11[IKE] activating ISAKMP_CERT_PRE task
charon: 11[IKE] activating MAIN_MODE task
charon: 11[IKE] activating ISAKMP_CERT_POST task
charon: 11[IKE] activating ISAKMP_NATD task
charon: 11[IKE] sending XAuth vendor ID
charon: 11[IKE] sending DPD vendor ID
charon: 11[IKE] sending FRAGMENTATION vendor ID
charon: 11[IKE] sending NAT-T (RFC 3947) vendor ID
charon: 11[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
charon: 11[IKE] initiating Main Mode IKE_SA <uuid>[1] to <vpn-ip-address>
charon: 11[IKE] IKE_SA <uuid>[1] state change: CREATED => CONNECTING
charon: 11[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
charon: 11[NET] sending packet: from 192.168.1.71[500] to <vpn-ip-address>[500] (176 bytes)
charon: 12[NET] received packet: from <vpn-ip-address>[500] to 192.168.1.71[500] (156 bytes)
charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
charon: 12[IKE] received XAuth vendor ID
charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
charon: 12[IKE] received DPD vendor ID
charon: 12[IKE] received FRAGMENTATION vendor ID
charon: 12[CFG] selecting proposal:
charon: 12[CFG] proposal matches
charon: 12[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 12[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 12[IKE] reinitiating already active tasks
charon: 12[IKE] ISAKMP_VENDOR task
charon: 12[IKE] MAIN_MODE task
charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
charon: 12[NET] sending packet: from 192.168.1.71[500] to <vpn-ip-address>[500] (244 bytes)
charon: 13[NET] received packet: from <vpn-ip-address>[500] to 192.168.1.71[500] (228 bytes)
charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
charon: 13[IKE] local host is behind NAT, sending keep alives
charon: 13[IKE] reinitiating already active tasks
charon: 13[IKE] ISAKMP_VENDOR task
charon: 13[IKE] MAIN_MODE task
charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
charon: 13[NET] sending packet: from 192.168.1.71[4500] to <vpn-ip-address>[4500] (68 bytes)
charon: 14[NET] received packet: from <vpn-ip-address>[4500] to 192.168.1.71[4500] (92 bytes)
charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH V ]
charon: 14[IKE] received DPD vendor ID
charon: 14[IKE] IKE_SA <uuid>[1] established between 192.168.1.71[192.168.1.71]...<vpn-ip-address>[<vpn-ip-address>]
charon: 14[IKE] IKE_SA <uuid>[1] state change: CONNECTING => ESTABLISHED
charon: 14[IKE] scheduling reauthentication in 9973s
charon: 14[IKE] maximum IKE_SA lifetime 10513s
charon: 14[IKE] activating new tasks
charon: 14[IKE] activating QUICK_MODE task
charon: 14[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
charon: 14[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
charon: 14[CFG] proposing traffic selectors for us:
charon: 14[CFG] 192.168.1.71/32[udp/l2f]
charon: 14[CFG] proposing traffic selectors for other:
charon: 14[CFG] <vpn-ip-address>/32[udp/l2f]
charon: 14[ENC] generating QUICK_MODE request 4136213512 [ HASH SA No ID ID NAT-OA NAT-OA ]
charon: 14[NET] sending packet: from 192.168.1.71[4500] to <vpn-ip-address>[4500] (188 bytes)
charon: 01[NET] received packet: from <vpn-ip-address>[4500] to 192.168.1.71[4500] (172 bytes)
charon: 01[ENC] parsed QUICK_MODE response 4136213512 [ HASH SA No ID ID NAT-OA NAT-OA ]
charon: 01[CFG] selecting proposal:
charon: 01[CFG] proposal matches
charon: 01[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
charon: 01[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
charon: 01[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
charon: 01[IKE] CHILD_SA <uuid>{1} established with SPIs c43727c8_i 04b4d4ce_o and TS 192.168.1.71/32[udp/l2f] === <vpn-ip-address>/32[udp/l2f]
charon: 01[IKE] reinitiating already active tasks
charon: 01[IKE] QUICK_MODE task
charon: 01[ENC] generating QUICK_MODE request 4136213512 [ HASH ]
charon: 01[NET] sending packet: from 192.168.1.71[4500] to <vpn-ip-address>[4500] (60 bytes)
charon: 01[IKE] activating new tasks
charon: 01[IKE] nothing to initiate
NetworkManager[22546]: <info> [1627051866.2831] vpn-connection[0x55894caa6390,<uuid>,"<company-name> VPN",0]: VPN plugin: state changed: starting (3)
pppd[24990]: Plugin pppol2tp.so loaded.
pppd[24990]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] initializing
pppd[24990]: pppd 2.4.7 started by <username>, uid 0
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 3 / phase 'serial connection'
pppd[24990]: using channel 35
pppd[24990]: Using interface ppp0
pppd[24990]: Connect: ppp0 <-->
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 5 / phase 'establish'
pppd[24990]: Overriding mtu 1500 to 1400
NetworkManager[22546]: <info> [1627051866.3126] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/17)
pppd[24990]: PPPoL2TP options: debugmask 0
pppd[24990]: Overriding mru 1500 to mtu value 1400
pppd[24990]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xdb7372e6>]
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
pppd[24990]: rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth pap> <magic 0xdeab9933>]
pppd[24990]: sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <auth pap> <magic 0xdeab9933>]
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::DevicePrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "LldpNeighbors"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::DevicePrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "Real"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
NetworkManager[22546]: <info> [1627051866.3219] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[22546]: <info> [1627051866.3220] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
pppd[24990]: rcvd [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xdb7372e6>]
pppd[24990]: PPPoL2TP options: debugmask 0
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 6 / phase 'authenticate'
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] passwd-hook: requesting credentials...
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] passwd-hook: got credentials from NetworkManager-l2tp
pppd[24990]: sent [PAP AuthReq id=0x1 user="<company-name>\\<my-name>" password=<hidden>]
pppd[24990]: rcvd [LCP EchoReq id=0x0 magic=0xdeab9933]
pppd[24990]: sent [LCP EchoRep id=0x0 magic=0xdb7372e6]
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::DevicePrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "LldpNeighbors"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::DevicePrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "Real"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::DevicePrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "LldpNeighbors"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: virtual void NetworkManager::DevicePrivate::propertyChanged(const QString&, const QVariant&) Unhandled property "Real"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
pppd[24990]: rcvd [PAP AuthNak id=0x1 ""]
pppd[24990]: PAP authentication failed
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 10 / phase 'terminate'
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 5 / phase 'establish'
pppd[24990]: Overriding mtu 1500 to 1400
pppd[24990]: PPPoL2TP options: debugmask 0
pppd[24990]: Overriding mru 1500 to mtu value 1400
pppd[24990]: sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
pppd[24990]: rcvd [LCP TermReq id=0x2 "Authentication failed"]
pppd[24990]: sent [LCP TermAck id=0x2]
pppd[24990]: rcvd [LCP TermAck id=0x2]
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 11 / phase 'disconnect'
pppd[24990]: Connection terminated.
charon: 08[KNL] interface ppp0 deleted
NetworkManager[22546]: <warn> [1627051866.3585] vpn-connection[0x55894caa6390,<uuid>,"<company-name> VPN",0]: VPN plugin: failed: connect-failed (1)
NetworkManager[22546]: <info> [1627051866.3586] vpn-connection[0x55894caa6390,<uuid>,"<company-name> VPN",0]: VPN plugin: state changed: stopping (5)
NetworkManager[22546]: <info> [1627051866.3606] devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
charon: 00[DMN] signal of type SIGINT received. Shutting down
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
charon: 00[IKE] queueing QUICK_DELETE task
charon: 00[IKE] queueing ISAKMP_DELETE task
charon: 00[IKE] activating new tasks
charon: 00[IKE] activating QUICK_DELETE task
charon: 00[IKE] closing CHILD_SA <uuid>{1} with SPIs c43727c8_i (433 bytes) 04b4d4ce_o (579 bytes) and TS 192.168.1.71/32[udp/l2f] === <vpn-ip-address>/32[udp/l2f]
charon: 00[IKE] sending DELETE for ESP CHILD_SA with SPI c43727c8
charon: 00[ENC] generating INFORMATIONAL_V1 request 3444710258 [ HASH D ]
charon: 00[NET] sending packet: from 192.168.1.71[4500] to <vpn-ip-address>[4500] (76 bytes)
charon: 00[IKE] activating new tasks
charon: 00[IKE] activating ISAKMP_DELETE task
charon: 00[IKE] deleting IKE_SA <uuid>[1] between 192.168.1.71[192.168.1.71]...<vpn-ip-address>[<vpn-ip-address>]
charon: 00[IKE] sending DELETE for IKE_SA <uuid>[1]
charon: 00[IKE] IKE_SA <uuid>[1] state change: ESTABLISHED => DELETING
charon: 00[ENC] generating INFORMATIONAL_V1 request 4241843713 [ HASH D ]
charon: 00[NET] sending packet: from 192.168.1.71[4500] to <vpn-ip-address>[4500] (84 bytes)
charon: 00[IKE] IKE_SA <uuid>[1] state change: DELETING => DESTROYING
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "Devices"
/usr/lib/gdm3/gdm-x-session[6358]: networkmanager-qt: void NetworkManager::NetworkManagerPrivate::propertiesChanged(const QVariantMap&) Unhandled property "AllDevices"
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] phasechange: status 1 / phase 'dead'
pppd[24990]: nm-l2tp[24874] <info> [helper-24990] exit: cleaning up
pppd[24990]: Exit.
NetworkManager[22546]: <info> [1627051866.4671] vpn-connection[0x55894caa6390,<uuid>,"<company-name> VPN",0]: VPN plugin: state changed: stopped (6)
NetworkManager[22546]: <warn> [1627051866.4715] vpn-connection[0x55894caa6390,<uuid>,"<company-name> VPN",0]: VPN plugin: failed: connect-failed (1)
以下是一些其他有用的信息:
sudo ipsec --version
Linux strongSwan U5.6.2/K5.4.0-77-generic
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
sudo ike-scan <vpn-ip> | grep SA=
<vpn-ip> Main Mode Handshake returned HDR=(CKY-R=9aa0dcd1072d21df) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
精确的日志输出已被一些<placeholders>所混淆。
我被建议遵循以下指示https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration
我也按照建议禁用了 xl2tpd 服务:
sudo service xl2tpd stop
sudo update-rc.d xl2tpd disable
我确实使用了调试输出,sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
但是我的问题太长,无法将其全部与系统日志的输出一起包含在内。
但最后几行是:
nm-l2tp[24874] <info> starting ipsec
Stopping strongSwan IPsec...
Starting strongSwan 5.6.2 IPsec [starter]...
Loading config setup
Loading conn '<uuid>'
found netkey IPsec stack
nm-l2tp[24874] <info> Spawned ipsec up script with PID 24980.
initiating Main Mode IKE_SA <uuid>[1] to <vpn-ip>
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.71[500] to <vpn-ip>[500] (176 bytes)
received packet: from <vpn-ip>[500] to 192.168.1.71[500] (156 bytes)
parsed ID_PROT response 0 [ SA V V V V ]
received XAuth vendor ID
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.71[500] to <vpn-ip>[500] (244 bytes)
received packet: from <vpn-ip>[500] to 192.168.1.71[500] (228 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 192.168.1.71[4500] to <vpn-ip>[4500] (68 bytes)
received packet: from <vpn-ip>[4500] to 192.168.1.71[4500] (92 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA <uuid>[1] established between 192.168.1.71[192.168.1.71]...<vpn-ip>[<vpn-ip>]
scheduling reauthentication in 9973s
maximum IKE_SA lifetime 10513s
generating QUICK_MODE request 4136213512 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.1.71[4500] to <vpn-ip>[4500] (188 bytes)
received packet: from <vpn-ip>[4500] to 192.168.1.71[4500] (172 bytes)
parsed QUICK_MODE response 4136213512 [ HASH SA No ID ID NAT-OA NAT-OA ]
CHILD_SA <uuid>{1} established with SPIs c43727c8_i 04b4d4ce_o and TS 192.168.1.71/32[udp/l2f] === <vpn-ip>/32[udp/l2f]
connection '<uuid>' established successfully
nm-l2tp[24874] <info> strongSwan IPsec tunnel is up.
** Message: 15:51:06.282: xl2tpd started with pid 24989
xl2tpd[24989]: Not looking for kernel SAref support.
xl2tpd[24989]: Using l2tp kernel support.
xl2tpd[24989]: xl2tpd version xl2tpd-1.3.10 started on <computer-name> PID:24989
xl2tpd[24989]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[24989]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[24989]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[24989]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[24989]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[24989]: get_call: allocating new tunnel for host <vpn-ip>, port 1701.
xl2tpd[24989]: Connecting to host <vpn-ip>, port 1701
xl2tpd[24989]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[24989]: control_finish: sending SCCRQ
xl2tpd[24989]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[24989]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[24989]: framing_caps_avp: supported peer frames: async sync
xl2tpd[24989]: bearer_caps_avp: supported peer bearers: analog digital
xl2tpd[24989]: firmware_rev_avp: peer reports firmware version 264 (0x0108)
xl2tpd[24989]: hostname_avp: peer reports hostname 'mAC17C8CBBC9B'
xl2tpd[24989]: vendor_avp: peer reports vendor 'Katalix Systems Ltd. Linux-3.18.66-meraki-x86 (x86_64)'
xl2tpd[24989]: assigned_tunnel_avp: using peer's tunnel 40782
xl2tpd[24989]: receive_window_size_avp: peer wants RWS of 10. Will use flow control.
xl2tpd[24989]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 40782, call is 0.
xl2tpd[24989]: control_finish: sending SCCCN
xl2tpd[24989]: Connection established to <vpn-ip>, 1701. Local: 28158, Remote: 40782 (ref=0/0).
xl2tpd[24989]: Calling on tunnel 28158
xl2tpd[24989]: control_finish: message type is (null)(0). Tunnel is 40782, call is 0.
xl2tpd[24989]: control_finish: sending ICRQ
xl2tpd[24989]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[24989]: assigned_call_avp: using peer's call 61238
xl2tpd[24989]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 40782, call is 61238.
xl2tpd[24989]: control_finish: Sending ICCN
xl2tpd[24989]: Call established with <vpn-ip>, Local: 12032, Remote: 61238, Serial: 1 (ref=0/0)
xl2tpd[24989]: start_pppd: I'm running:
xl2tpd[24989]: "/usr/sbin/pppd"
xl2tpd[24989]: "plugin"
xl2tpd[24989]: "pppol2tp.so"
xl2tpd[24989]: "pppol2tp"
xl2tpd[24989]: "7"
xl2tpd[24989]: "passive"
xl2tpd[24989]: "nodetach"
xl2tpd[24989]: ":"
xl2tpd[24989]: "debug"
xl2tpd[24989]: "file"
xl2tpd[24989]: "/run/nm-l2tp-<uuid>/ppp-options"
xl2tpd[24989]: message_type_avp: message type 16 (Set-Link-Info)
xl2tpd[24989]: ignore_avp : Ignoring AVP
xl2tpd[24989]: control_finish: message type is Set-Link-Info(16). Tunnel is 40782, call is 61238.
nm-l2tp[24874] <info> Terminated xl2tpd daemon with PID 24989.
xl2tpd[24989]: death_handler: Fatal signal 15 received
xl2tpd[24989]: Terminating pppd: sending TERM signal to pid 24990
xl2tpd[24989]: Connection 40782 closed to <vpn-ip>, port 1701 (Server closing)
Stopping strongSwan IPsec...
** Message: 15:51:06.466: ipsec shut down
nm-l2tp[24874] <warn> xl2tpd exited with error code 1
Stopping strongSwan IPsec failed: starter is not running
** Message: 15:51:06.470: ipsec shut down
自从第一个答案出现以来,这个问题已经更新了。从那时起我已经做出了调整,现在我明白了,pppd[24990]: PAP authentication failed
但不知道该怎么做。
我还尝试通过手机网络共享进行连接,以防我的路由器也被阻塞。
答案1
正如日志所述,您缺少提供传统 3DES 加密算法的插件。虽然 Debian/Ubuntu 软件包不提供设计插件由于其许可证,openssl该插件也实现了该算法,由该包提供libstrongswan-standard-plugins
,因此请确保已安装该插件。
另一方面,你可以尝试联系 VPN 服务器管理员,并要求他们配置更现代、更强大的算法(modp1024也不应该再使用,IKEv1 实际上也不应该再使用)。
答案2
令人恼火的是,我的配置并没有太大问题。最终是因为我的密码在服务器上过期了,但我不知道,因为 365 服务(我以为是集成的)仍然运行良好