我使用本教程设置了 IPSec over VPN
https://20notes.net/linux/setup-l2tp-over-ipsec-client-on-ubuntu-18-04-using-gnome
它使用 NetworkManager 工作。
但是 NetworkManager 仅允许一个活动的 l2tp over ipsec 连接。
我尝试根据 NetworkManager 生成的文件从控制台设置此 VPN
Ipsec 正在设置:
# ipsec up ipsecVpn
# ipsec status
Security Associations (1 up, 0 connecting):
ipsecVpn[3]: ESTABLISHED 6 seconds ago, 192.168.1.10[192.168.1.10]...vpn.remote.addr.ip[vpn.remote.addr.ip]
ipsecVpn{3}: INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c1942484_i 553e0362_o
ipsecVpn{3}: 192.168.1.10/32[udp/l2f] === vpn.remote.addr.ip/32[udp/l2f]
但是我对 xl2tpd 有问题,或者更具体地说是 ppp 有问题。
# xl2tpd -c /etc/xl2tpd/ipsecVpn.conf
=== /var/log/syslog
Oct 16 11:58:43 vpn-access-server xl2tpd[2447]: Not looking for kernel SAref support.
Oct 16 11:58:43 vpn-access-server xl2tpd[2447]: Using l2tp kernel support.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: xl2tpd version xl2tpd-1.3.10 started on vpn-access-server PID:2448
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Inherited by Jeff McAdams, (C) 2002
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Listening on IP address 0.0.0.0, port 1701
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Connecting to host vpn.remote.addr.ip, port 1701
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: sending SCCRQ
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 17068, call is 0.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: sending SCCCN
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Connection established to vpn.remote.addr.ip, 1701. Local: 5476, Remote: 17068 (ref=0/0).
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Calling on tunnel 5476
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is (null)(0). Tunnel is 17068, call is 0.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: sending ICRQ
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 17068, call is 17053.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: Sending ICCN
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Call established with vpn.remote.addr.ip, Local: 5089, Remote: 17053, Serial: 1 (ref=0/0)
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: start_pppd: I'm running:
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "/usr/sbin/pppd"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "plugin"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "pppol2tp.so"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "pppol2tp"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "7"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "passive"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "nodetach"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: ":"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "debug"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "file"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "/etc/xl2tpd/ipsecVpn.options"
Oct 16 11:58:43 vpn-access-server pppd[2449]: Plugin pppol2tp.so loaded.
Oct 16 11:58:43 vpn-access-server systemd-udevd[2450]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Oct 16 11:58:43 vpn-access-server pppd[2449]: Plugin /usr/lib/pppd/2.4.7/pppol2tp.so loaded.
Oct 16 11:58:43 vpn-access-server pppd[2449]: pppd 2.4.7 started by ubuntu, uid 0
Oct 16 11:58:43 vpn-access-server pppd[2449]: using channel 1
Oct 16 11:58:43 vpn-access-server pppd[2449]: Using interface ppp0
Oct 16 11:58:43 vpn-access-server pppd[2449]: Connect: ppp0 <-->
Oct 16 11:58:43 vpn-access-server pppd[2449]: Overriding mtu 1500 to 1400
Oct 16 11:58:43 vpn-access-server pppd[2449]: PPPoL2TP options: debugmask 0
Oct 16 11:58:43 vpn-access-server pppd[2449]: Overriding mru 1500 to mtu value 1400
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0xf347cbf3>]
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is Set-Link-Info(16). Tunnel is 17068, call is 17053.
Oct 16 11:58:43 vpn-access-server systemd-timesyncd[1129]: Network configuration changed, trying to establish connection.
Oct 16 11:58:43 vpn-access-server networkd-dispatcher[1227]: WARNING:Unknown index 6 seen, reloading interface list
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: reading /etc/resolv.conf
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: using nameserver 127.0.0.53#53
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: reading /etc/resolv.conf
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: using nameserver 127.0.0.53#53
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfRej id=0x1 <mru 1400> <asyncmap 0x0>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfReq id=0x2 <auth chap MS-v2> <magic 0xf347cbf3>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x2 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x2 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfAck id=0x2 <auth chap MS-v2> <magic 0xf347cbf3>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x3 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x3 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x4 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x4 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x5 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x5 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server systemd-timesyncd[1129]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x6 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x6 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x7 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x7 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x8 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x8 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x9 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x9 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xa <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xa <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xb <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xb <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xc <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xc <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xd <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xd <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xe <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xe <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xf <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xf <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x10 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x10 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x11 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x11 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x12 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x12 <auth chap MS-v2>]
Oct 16 11:58:44 vpn-access-server pppd[2449]: rcvd [LCP TermReq id=0x13 "Peer Terminated"]
Oct 16 11:58:44 vpn-access-server pppd[2449]: sent [LCP TermAck id=0x13]
Oct 16 11:58:44 vpn-access-server xl2tpd[2448]: control_finish: message type is Stop-Control-Connection-Notification(4). Tunnel is 17068, call is 0.
Oct 16 11:58:44 vpn-access-server xl2tpd[2448]: control_finish: Connection closed to vpn.remote.addr.ip, port 1701 (No Error), Local: 5476, Remote: 17068
Oct 16 11:58:44 vpn-access-server charon: 16[NET] received packet: from vpn.remote.addr.ip[4500] to 192.168.1.10[4500] (68 bytes)
Oct 16 11:58:44 vpn-access-server xl2tpd[2448]: Terminating pppd: sending TERM signal to pid 2449
Oct 16 11:58:44 vpn-access-server pppd[2449]: Terminating on signal 15
Oct 16 11:58:44 vpn-access-server charon: 16[ENC] parsed INFORMATIONAL_V1 request 3742305360 [ HASH D ]
Oct 16 11:58:44 vpn-access-server pppd[2449]: sent [LCP TermReq id=0x3 "User request"]
Oct 16 11:58:44 vpn-access-server charon: 16[IKE] received DELETE for ESP CHILD_SA with SPI 34ffd9b0
Oct 16 11:58:44 vpn-access-server charon: 16[IKE] closing CHILD_SA ipsecVpn{1} with SPIs c1db3e26_i (1040 bytes) 34ffd9b0_o (917 bytes) and TS 192.168.1.10/32[udp/l2f] === vpn.remote.addr.ip/32[udp/l2f]
Oct 16 11:58:44 vpn-access-server charon: 05[NET] received packet: from vpn.remote.addr.ip[4500] to 192.168.1.10[4500] (84 bytes)
Oct 16 11:58:44 vpn-access-server charon: 05[ENC] parsed INFORMATIONAL_V1 request 3054304841 [ HASH D ]
Oct 16 11:58:44 vpn-access-server charon: 05[IKE] received DELETE for IKE_SA ipsecVpn[1]
Oct 16 11:58:44 vpn-access-server charon: 05[IKE] deleting IKE_SA ipsecVpn[1] between 192.168.1.10[192.168.1.10]...vpn.remote.addr.ip[vpn.remote.addr.ip]
Oct 16 11:58:47 vpn-access-server pppd[2449]: sent [LCP TermReq id=0x4 "User request"]
Oct 16 11:58:50 vpn-access-server pppd[2449]: Connection terminated.
Oct 16 11:58:50 vpn-access-server charon: 12[KNL] interface ppp0 deleted
Oct 16 11:58:50 vpn-access-server systemd-timesyncd[1129]: Network configuration changed, trying to establish connection.
Oct 16 11:58:50 vpn-access-server dnsmasq[1913]: reading /etc/resolv.conf
Oct 16 11:58:50 vpn-access-server dnsmasq[1913]: using nameserver 127.0.0.53#53
Oct 16 11:58:50 vpn-access-server pppd[2449]: Modem hangup
Oct 16 11:58:50 vpn-access-server pppd[2449]: Exit.
================================
ppp写入“无法进行身份验证”
我可以使用 NetworkManager GUI 建立此用户和密码的连接。
配置文件如下
# cat /etc/xl2tpd/ipsecVpn.conf
[global]
access control = yes
port = 1701
debug state = yes
[lac l2tp]
lns = vpn.remote.addr.ip
ppp debug = yes
pppoptfile = /etc/xl2tpd/ipsecVpn.options
autodial = yes
tunnel rws = 8
tx bps = 100000000
rx bps = 100000000
# cat /etc/xl2tpd/ipsecVpn.options
debug
nodetach
usepeerdns
noipdefault
nodefaultroute
noauth
noccp
require-mschap-v2
refuse-eap
refuse-pap
lcp-echo-failure 30
lcp-echo-interval 5
plugin /usr/lib/pppd/2.4.7/pppol2tp.so
mru 1400
mtu 1400
NetworkManager 生成的 ppp 选项包含不同的插件
plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so
但是这个插件也不起作用。
# ll /etc/ppp/chap-secrets
-rw------- 1 root root 251 Oct 15 15:29 /etc/ppp/chap-secrets
# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
vpnuser * "PasswordContains#and&" *
# iptables -L -vn
Chain INPUT (policy ACCEPT 6 packets, 940 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 8 packets, 892 bytes)
pkts bytes target prot opt in out source destination
# dpkg -l | grep xl2tp
ii xl2tpd 1.3.10-1ubuntu1 amd64 layer 2 tunneling protocol implementation
# dpkg -l | grep ppp
ii ppp 2.4.7-2+2ubuntu1.1 amd64 Point-to-Point Protocol (PPP) - daemon
# dpkg -l | grep strongswan
ii libstrongswan 5.6.2-1ubuntu2.4 amd64 strongSwan utility and crypto library
ii libstrongswan-standard-plugins 5.6.2-1ubuntu2.4 amd64 strongSwan utility and crypto library (standard plugins)
ii strongswan 5.6.2-1ubuntu2.4 all IPsec VPN solution metapackage
ii strongswan-charon 5.6.2-1ubuntu2.4 amd64 strongSwan Internet Key Exchange daemon
ii strongswan-libcharon 5.6.2-1ubuntu2.4 amd64 strongSwan charon library
ii strongswan-starter 5.6.2-1ubuntu2.4 amd64 strongSwan daemon starter and configuration file parser
知道为什么这不起作用吗?