为 Windows VPN 配置 Linux 客户端

为 Windows VPN 配置 Linux 客户端

我正在尝试从我的个人 Arch Linux 笔记本电脑连接到我办公室的 Windows 服务器 VPN。

我已经关注Arch wiki 的说明但我无法建立 IPSec 隧道连接。

我收到的信息是:

$sudo ipsec auto --up L2TP-PSK
002 "L2TP-PSK" #16: initiating Main Mode
105 "L2TP-PSK" #16: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #16: Informational Exchange message must be encrypted
010 "L2TP-PSK" #16: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "L2TP-PSK" #16: STATE_MAIN_I1: retransmission; will wait 40s for response
003 "L2TP-PSK" #16: Informational Exchange message must be encrypted
031 "L2TP-PSK" #16: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
000 "L2TP-PSK" #16: starting keying attempt 2 of at most 3, but releasing whack

我的配置文件包含以下内容:

config setup
     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
     nat_traversal=yes
# default is auto, which will try netkey first
     protostack=netkey
# you can left "off" (default value) instead
     oe=no
# Replace eth0 with your network interface
     plutoopts="--interface=eth0"
conn L2TP-PSK
     authby=secret
     pfs=no
     auto=add
     keyingtries=3
     dpddelay=30
     dpdtimeout=120
     dpdaction=clear
     rekey=yes
     ikelifetime=8h
     keylife=1h
     type=transport
# Replace %any below with your local IP address (private, behind NAT IP is okay as well)
     left=192.168.0.***
     leftprotoport=17/1701
# Replace IP address with your VPN server's IP
     right=***.***.***.*** # My office server IP
     rightprotoport=17/1701

输出为ipsec verify

Checking if IPsec got installed and started correctly:

Version check and ipsec on-path                     [OK]
Openswan U/K4.18.12-arch1-1-ARCH (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel                [OK]
NETKEY: Testing XFRM related proc values
         ICMP default/send_redirects                [NOT DISABLED]

  Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!

         ICMP default/accept_redirects              [NOT DISABLED]

  Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!

         XFRM larval drop                           [OK]
Hardware random device check                        [N/A]
Two or more interfaces found, checking IP forwarding    [FAILED]
Checking rp_filter                                  [ENABLED]
  /proc/sys/net/ipv4/conf/all/rp_filter             [ENABLED]
Checking that pluto is running                      [OK]
Pluto listening for IKE on udp 500                  [OK]
Pluto listening for IKE on tcp 500                  [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500           [OK]
Pluto listening for IKE/NAT-T on tcp 4500           [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco)        [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing                      [TEST INCOMPLETE]
Checking 'ip' command                               [OK]
Checking 'iptables' command                         [OK]

ipsec verify: encountered errors

我估计ipsec安装得不太好,但我对它一点也不熟悉。

问题似乎表明IP转发失败测试可以被忽略。

有人知道我怎样才能让它工作吗?

相关内容