无法连接到 L2TP VPN

无法连接到 L2TP VPN

我一直尝试在我的 Ubuntu 安装上使用以下方法设置 L2TP/IPSec 服务器本指南

在尝试连接时我运行了sudo tail -f /var/log/auth.log,其输出如下:

Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: responding to Main Mode from unknown peer [my ip]
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: Can't authenticate: no preshared key found for `[server ip]' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Feb  8 10:35:41  pluto[6167]: last message repeated 5 times
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: no acceptable Oakley Transform
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: sending notification NO_PROPOSAL_CHOSEN to [my ip]:500
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip]: deleting connection "L2TP-PSK-noNAT" instance with peer [my ip] {isakmp=#0/ipsec=#0}

/etc/ipsec.conf

version 2.0

config setup
  dumpdir=/var/run/pluto/
  nat_traversal=yes
  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  oe=off
  protostack=netkey
  keep_alive=10

include /etc/ipsec.d/*.conf

/etc/ipsec.d/road-warrior.conf

conn L2TP-PSK-noNAT
authby=secret
  pfs=no
  auto=add
  keyingtries=3
  rekey=no
  ikelifetime=8h
  keylife=1h
  type=transport
  left=[server ip]
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/%any

conn L2TP-PSK-NAT
  rightsubnet=vhost:%priv
  also=L2TP-PSK-noNAT

/etc/ipsec.d/road-warrior.secrets

[server ip] %any: PSK "psk"

输出ipsec verify

Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.37/K3.12.9-x86_64-linode37 (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [OK]
    [OK]
    [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

/etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = yes

[lns default]
ip range = 10.10.10.2-10.10.10.200  
local ip = 10.10.10.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 4.2.2.1
ms-dns 4.2.2.2
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

/etc/ppp/chap-秘密

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user1           l2tpd   user1password           *
user2           l2tpd   user2password           *

有人可以帮忙吗?

答案1

因为错误行显示:

Can't authenticate: no preshared key found for [server ip]' and %any'

这让我相信你的 /etc/ipsec.d/road-warrior.secrets 文件中的 [serverip] 可能与 ipsec.conf 不匹配left=[serverip]

答案2

我也遇到了同样的问题。就我而言,我必须重新启动 ipsec 服务(重新加载配置是不够的)。

只有这样,服务才能识别 ipsec.config 中的新 PSK。

相关内容