我正在尝试从我的个人 Arch Linux 笔记本电脑连接到我办公室的 Windows 服务器 VPN。
我已经关注Arch wiki 的说明但我无法建立 IPSec 隧道连接。
我收到的信息是:
$sudo ipsec auto --up L2TP-PSK
002 "L2TP-PSK" #16: initiating Main Mode
105 "L2TP-PSK" #16: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #16: Informational Exchange message must be encrypted
010 "L2TP-PSK" #16: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "L2TP-PSK" #16: STATE_MAIN_I1: retransmission; will wait 40s for response
003 "L2TP-PSK" #16: Informational Exchange message must be encrypted
031 "L2TP-PSK" #16: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
000 "L2TP-PSK" #16: starting keying attempt 2 of at most 3, but releasing whack
我的配置文件包含以下内容:
config setup
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
nat_traversal=yes
# default is auto, which will try netkey first
protostack=netkey
# you can left "off" (default value) instead
oe=no
# Replace eth0 with your network interface
plutoopts="--interface=eth0"
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
# Replace %any below with your local IP address (private, behind NAT IP is okay as well)
left=192.168.0.***
leftprotoport=17/1701
# Replace IP address with your VPN server's IP
right=***.***.***.*** # My office server IP
rightprotoport=17/1701
输出为ipsec verify:
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U/K4.18.12-arch1-1-ARCH (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!
ICMP default/accept_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will cause act on or cause sending of bogus ICMP redirects!
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/all/rp_filter [ENABLED]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
ipsec verify: encountered errors
我估计ipsec安装得不太好,但我对它一点也不熟悉。
这问题似乎表明IP转发失败测试可以被忽略。
有人知道我怎样才能让它工作吗?