VPN l2tp over IPSec:ppp - 无法进行身份验证。Ubuntu 18.04 LTS

VPN l2tp over IPSec:ppp - 无法进行身份验证。Ubuntu 18.04 LTS


我使用本教程设置了 IPSec over VPN
https://20notes.net/linux/setup-l2tp-over-ipsec-client-on-ubuntu-18-04-using-gnome
它使用 NetworkManager 工作。
但是 NetworkManager 仅允许一个活动的 l2tp over ipsec 连接。

我尝试根据 NetworkManager 生成的文件从控制台设置此 VPN

Ipsec 正在设置:

# ipsec up ipsecVpn
# ipsec status
Security Associations (1 up, 0 connecting):
ipsecVpn[3]: ESTABLISHED 6 seconds ago, 192.168.1.10[192.168.1.10]...vpn.remote.addr.ip[vpn.remote.addr.ip]
ipsecVpn{3}:  INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c1942484_i 553e0362_o
ipsecVpn{3}:   192.168.1.10/32[udp/l2f] === vpn.remote.addr.ip/32[udp/l2f]

但是我对 xl2tpd 有问题,或者更具体地说是 ppp 有问题。

# xl2tpd -c /etc/xl2tpd/ipsecVpn.conf

=== /var/log/syslog
Oct 16 11:58:43 vpn-access-server xl2tpd[2447]: Not looking for kernel SAref support.
Oct 16 11:58:43 vpn-access-server xl2tpd[2447]: Using l2tp kernel support.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: xl2tpd version xl2tpd-1.3.10 started on vpn-access-server PID:2448
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Inherited by Jeff McAdams, (C) 2002
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Listening on IP address 0.0.0.0, port 1701
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Connecting to host vpn.remote.addr.ip, port 1701
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is (null)(0).  Tunnel is 0, call is 0.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: sending SCCRQ
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is Start-Control-Connection-Reply(2).  Tunnel is 17068, call is 0.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: sending SCCCN
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Connection established to vpn.remote.addr.ip, 1701.  Local: 5476, Remote: 17068 (ref=0/0).
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Calling on tunnel 5476
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is (null)(0).  Tunnel is 17068, call is 0.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: sending ICRQ
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is Incoming-Call-Reply(11).  Tunnel is 17068, call is 17053.
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: Sending ICCN
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: Call established with vpn.remote.addr.ip, Local: 5089, Remote: 17053, Serial: 1 (ref=0/0)
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: start_pppd: I'm running:
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "/usr/sbin/pppd"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "plugin"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "pppol2tp.so"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "pppol2tp"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "7"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "passive"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "nodetach"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: ":"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "debug"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "file"
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: "/etc/xl2tpd/ipsecVpn.options"
Oct 16 11:58:43 vpn-access-server pppd[2449]: Plugin pppol2tp.so loaded.
Oct 16 11:58:43 vpn-access-server systemd-udevd[2450]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Oct 16 11:58:43 vpn-access-server pppd[2449]: Plugin /usr/lib/pppd/2.4.7/pppol2tp.so loaded.
Oct 16 11:58:43 vpn-access-server pppd[2449]: pppd 2.4.7 started by ubuntu, uid 0
Oct 16 11:58:43 vpn-access-server pppd[2449]: using channel 1
Oct 16 11:58:43 vpn-access-server pppd[2449]: Using interface ppp0
Oct 16 11:58:43 vpn-access-server pppd[2449]: Connect: ppp0 <-->
Oct 16 11:58:43 vpn-access-server pppd[2449]: Overriding mtu 1500 to 1400
Oct 16 11:58:43 vpn-access-server pppd[2449]: PPPoL2TP options: debugmask 0
Oct 16 11:58:43 vpn-access-server pppd[2449]: Overriding mru 1500 to mtu value 1400
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0xf347cbf3>]
Oct 16 11:58:43 vpn-access-server xl2tpd[2448]: control_finish: message type is Set-Link-Info(16).  Tunnel is 17068, call is 17053.
Oct 16 11:58:43 vpn-access-server systemd-timesyncd[1129]: Network configuration changed, trying to establish connection.
Oct 16 11:58:43 vpn-access-server networkd-dispatcher[1227]: WARNING:Unknown index 6 seen, reloading interface list
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: reading /etc/resolv.conf
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: using nameserver 127.0.0.53#53
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: reading /etc/resolv.conf
Oct 16 11:58:43 vpn-access-server dnsmasq[1913]: using nameserver 127.0.0.53#53
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfRej id=0x1 <mru 1400> <asyncmap 0x0>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfReq id=0x2 <auth chap MS-v2> <magic 0xf347cbf3>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x2 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x2 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfAck id=0x2 <auth chap MS-v2> <magic 0xf347cbf3>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x3 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x3 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x4 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x4 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x5 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x5 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server systemd-timesyncd[1129]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x6 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x6 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x7 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x7 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x8 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x8 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x9 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x9 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xa <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xa <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xb <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xb <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xc <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xc <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xd <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xd <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xe <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xe <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0xf <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0xf <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x10 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x10 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x11 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x11 <auth chap MS-v2>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: rcvd [LCP ConfReq id=0x12 <auth chap MS-v2> <magic 0x53ce473f>]
Oct 16 11:58:43 vpn-access-server pppd[2449]: No auth is possible
Oct 16 11:58:43 vpn-access-server pppd[2449]: sent [LCP ConfRej id=0x12 <auth chap MS-v2>]
Oct 16 11:58:44 vpn-access-server pppd[2449]: rcvd [LCP TermReq id=0x13 "Peer Terminated"]
Oct 16 11:58:44 vpn-access-server pppd[2449]: sent [LCP TermAck id=0x13]
Oct 16 11:58:44 vpn-access-server xl2tpd[2448]: control_finish: message type is Stop-Control-Connection-Notification(4).  Tunnel is 17068, call is 0.
Oct 16 11:58:44 vpn-access-server xl2tpd[2448]: control_finish: Connection closed to vpn.remote.addr.ip, port 1701 (No Error), Local: 5476, Remote: 17068
Oct 16 11:58:44 vpn-access-server charon: 16[NET] received packet: from vpn.remote.addr.ip[4500] to 192.168.1.10[4500] (68 bytes)
Oct 16 11:58:44 vpn-access-server xl2tpd[2448]: Terminating pppd: sending TERM signal to pid 2449
Oct 16 11:58:44 vpn-access-server pppd[2449]: Terminating on signal 15
Oct 16 11:58:44 vpn-access-server charon: 16[ENC] parsed INFORMATIONAL_V1 request 3742305360 [ HASH D ]
Oct 16 11:58:44 vpn-access-server pppd[2449]: sent [LCP TermReq id=0x3 "User request"]
Oct 16 11:58:44 vpn-access-server charon: 16[IKE] received DELETE for ESP CHILD_SA with SPI 34ffd9b0
Oct 16 11:58:44 vpn-access-server charon: 16[IKE] closing CHILD_SA ipsecVpn{1} with SPIs c1db3e26_i (1040 bytes) 34ffd9b0_o (917 bytes) and TS 192.168.1.10/32[udp/l2f] === vpn.remote.addr.ip/32[udp/l2f]
Oct 16 11:58:44 vpn-access-server charon: 05[NET] received packet: from vpn.remote.addr.ip[4500] to 192.168.1.10[4500] (84 bytes)
Oct 16 11:58:44 vpn-access-server charon: 05[ENC] parsed INFORMATIONAL_V1 request 3054304841 [ HASH D ]
Oct 16 11:58:44 vpn-access-server charon: 05[IKE] received DELETE for IKE_SA ipsecVpn[1]
Oct 16 11:58:44 vpn-access-server charon: 05[IKE] deleting IKE_SA ipsecVpn[1] between 192.168.1.10[192.168.1.10]...vpn.remote.addr.ip[vpn.remote.addr.ip]
Oct 16 11:58:47 vpn-access-server pppd[2449]: sent [LCP TermReq id=0x4 "User request"]
Oct 16 11:58:50 vpn-access-server pppd[2449]: Connection terminated.
Oct 16 11:58:50 vpn-access-server charon: 12[KNL] interface ppp0 deleted
Oct 16 11:58:50 vpn-access-server systemd-timesyncd[1129]: Network configuration changed, trying to establish connection.
Oct 16 11:58:50 vpn-access-server dnsmasq[1913]: reading /etc/resolv.conf
Oct 16 11:58:50 vpn-access-server dnsmasq[1913]: using nameserver 127.0.0.53#53
Oct 16 11:58:50 vpn-access-server pppd[2449]: Modem hangup
Oct 16 11:58:50 vpn-access-server pppd[2449]: Exit.
================================

ppp写入“无法进行身份验证”
我可以使用 NetworkManager GUI 建立此用户和密码的连接。
配置文件如下

# cat /etc/xl2tpd/ipsecVpn.conf
[global]
access control = yes
port = 1701
debug state = yes
[lac l2tp]
lns = vpn.remote.addr.ip
ppp debug = yes
pppoptfile = /etc/xl2tpd/ipsecVpn.options
autodial = yes
tunnel rws = 8
tx bps = 100000000
rx bps = 100000000

# cat /etc/xl2tpd/ipsecVpn.options
debug
nodetach
usepeerdns
noipdefault
nodefaultroute
noauth
noccp
require-mschap-v2
refuse-eap
refuse-pap
lcp-echo-failure 30
lcp-echo-interval 5
plugin /usr/lib/pppd/2.4.7/pppol2tp.so
mru 1400
mtu 1400

NetworkManager 生成的 ppp 选项包含不同的插件

plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so

但是这个插件也不起作用。

# ll /etc/ppp/chap-secrets 
-rw------- 1 root root 251 Oct 15 15:29 /etc/ppp/chap-secrets
# cat /etc/ppp/chap-secrets 
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
vpnuser  *       "PasswordContains#and&"      *

# iptables -L -vn
Chain INPUT (policy ACCEPT 6 packets, 940 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 8 packets, 892 bytes)
 pkts bytes target     prot opt in     out     source               destination         

# dpkg -l | grep xl2tp
ii  xl2tpd                                1.3.10-1ubuntu1                             amd64        layer 2 tunneling protocol implementation
# dpkg -l | grep ppp
ii  ppp                                   2.4.7-2+2ubuntu1.1                          amd64        Point-to-Point Protocol (PPP) - daemon
# dpkg -l | grep strongswan
ii  libstrongswan                         5.6.2-1ubuntu2.4                            amd64        strongSwan utility and crypto library
ii  libstrongswan-standard-plugins        5.6.2-1ubuntu2.4                            amd64        strongSwan utility and crypto library (standard plugins)
ii  strongswan                            5.6.2-1ubuntu2.4                            all          IPsec VPN solution metapackage
ii  strongswan-charon                     5.6.2-1ubuntu2.4                            amd64        strongSwan Internet Key Exchange daemon
ii  strongswan-libcharon                  5.6.2-1ubuntu2.4                            amd64        strongSwan charon library
ii  strongswan-starter                    5.6.2-1ubuntu2.4                            amd64        strongSwan daemon starter and configuration file parser

知道为什么这不起作用吗?

相关内容