连接到 L2TP over IPSec VPN 失败并显示致命信号 15

2024-6-7 • tag-icon

我有 Debian 10 Buster，带有 KDE Plasma 5.14.5 和内核 5.6.0-0.bpo.2-amd64。我正在尝试通过 IPSec 连接到 VPN L2TP。但是，当我尝试连接时，出现了没有明显原因的错误。它指出致命信号 15 已发生，但没有给出其他信息：

Aug  3 15:22:53 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: death_handler: Fatal signal 15 received

我真的很感激在这件事上得到一些帮助。

/var/log/syslog:

Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6103] audit: op="connection-activate" uuid="8313482f-d2cd-4e39-a18c-86b540d6a8e3" name="Work" pid=990 uid=1000 result="success"
Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6209] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: Started the VPN service, PID 1922
Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6283] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: Saw the service appear; activating connectio
n
Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6332] audit: op="statistics" arg="refresh-rate-ms" pid=990 uid=1000 result="success"
Aug  3 15:22:35 ComputerOfLiza nm-l2tp-service[1922]: Check port 1701
Aug  3 15:22:35 ComputerOfLiza nm-l2tp-service[1922]: Can't bind to port 1701
Aug  3 15:22:35 ComputerOfLiza NetworkManager[1941]: Stopping strongSwan IPsec...
Aug  3 15:22:35 ComputerOfLiza charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.6.0-0.bpo.2-amd64, x86_64)
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] expanding file expression '/etc/ipsec.d/*.secrets' failed
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pe
m openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[JOB] spawning 16 worker threads
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 08[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 12[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 08[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 12[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 13[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 06[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 07[KNL] fe80::42e7:d46c:adef:f62f appeared on wlp0s20f3
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 13[KNL] 192.168.1.38 appeared on wlp0s20f3
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:35 ComputerOfLiza ipsec[796]: charon stopped after 200 ms
Aug  3 15:22:35 ComputerOfLiza ipsec[796]: ipsec starter stopped
Aug  3 15:22:35 ComputerOfLiza systemd[1]: strongswan.service: Succeeded.
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: Starting strongSwan 5.7.2 IPsec [starter]...
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: Loading config setup
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: Loading conn '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: found netkey IPsec stack
Aug  3 15:22:37 ComputerOfLiza charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.6.0-0.bpo.2-amd64, x86_64)
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8313482f-d2cd-4e39-a18c-86b540d6a8e3.secrets'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG]   loaded IKE secret for %any
Aug  3 15:22:37 ComputerOfLiza charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug  3 15:22:37 ComputerOfLiza charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug  3 15:22:37 ComputerOfLiza charon: 00[JOB] spawning 16 worker threads
Aug  3 15:22:37 ComputerOfLiza charon: 05[CFG] received stroke: add connection '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:37 ComputerOfLiza charon: 05[CFG] added configuration '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] rereading secrets
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8313482f-d2cd-4e39-a18c-86b540d6a8e3.secrets'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG]   loaded IKE secret for %any
Aug  3 15:22:38 ComputerOfLiza charon: 08[CFG] received stroke: initiate '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:38 ComputerOfLiza charon: 11[IKE] initiating Main Mode IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] to 77.234.209.75
Aug  3 15:22:38 ComputerOfLiza charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Aug  3 15:22:38 ComputerOfLiza charon: 11[NET] sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (176 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 12[NET] received packet: from 77.234.209.75[500] to 192.168.1.38[500] (156 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received XAuth vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received DPD vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received FRAGMENTATION vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  3 15:22:38 ComputerOfLiza charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza charon: 12[NET] sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (244 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 13[NET] received packet: from 77.234.209.75[500] to 192.168.1.38[500] (236 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza charon: 13[IKE] local host is behind NAT, sending keep alives
Aug  3 15:22:38 ComputerOfLiza charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza charon: 13[NET] sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 14[NET] received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] established between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] scheduling reauthentication in 9724s
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] maximum IKE_SA lifetime 10264s
Aug  3 15:22:38 ComputerOfLiza charon: 14[ENC] generating QUICK_MODE request 2184681364 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 15:22:38 ComputerOfLiza charon: 14[NET] sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (188 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 15[NET] received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 15[ENC] parsed INFORMATIONAL_V1 request 2541531291 [ HASH N(NO_PROP) ]
Aug  3 15:22:38 ComputerOfLiza charon: 15[IKE] received NO_PROPOSAL_CHOSEN error notify
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: initiating Main Mode IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] to 77.234.209.75
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating ID_PROT request 0 [ SA V V V V V ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (176 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[500] to 192.168.1.38[500] (156 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed ID_PROT response 0 [ SA V V V V ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received NAT-T (RFC 3947) vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received XAuth vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received DPD vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received FRAGMENTATION vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (244 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[500] to 192.168.1.38[500] (236 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: local host is behind NAT, sending keep alives
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating ID_PROT request 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed ID_PROT response 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] established between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: scheduling reauthentication in 9724s
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: maximum IKE_SA lifetime 10264s
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating QUICK_MODE request 2184681364 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (188 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed INFORMATIONAL_V1 request 2541531291 [ HASH N(NO_PROP) ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received NO_PROPOSAL_CHOSEN error notify
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: establishing connection '8313482f-d2cd-4e39-a18c-86b540d6a8e3' failed
Aug  3 15:22:39 ComputerOfLiza nm-l2tp-service[1922]: xl2tpd started with pid 1997
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Not looking for kernel SAref support.
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Using l2tp kernel support.
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: xl2tpd version xl2tpd-1.3.12 started on ComputerOfLiza PID:1997
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Inherited by Jeff McAdams, (C) 2002
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Listening on IP address 0.0.0.0, port 47189
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Connecting to host 77.234.209.75, port 1701
Aug  3 15:22:39 ComputerOfLiza NetworkManager[627]: <info>  [1596457359.0670] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: starting (3)
Aug  3 15:22:46 ComputerOfLiza PackageKit: get-updates transaction /205_aeabdccb from uid 1000 finished with success after 736ms
Aug  3 15:22:53 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: death_handler: Fatal signal 15 received
Aug  3 15:22:53 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Connection 0 closed to 77.234.209.75, port 1701 (Server closing)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <warn>  [1596457373.0812] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: failed: connect-failed (1)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <warn>  [1596457373.0813] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: failed: connect-failed (1)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <info>  [1596457373.0813] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: stopping (5)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[2003]: Stopping strongSwan IPsec...
Aug  3 15:22:53 ComputerOfLiza charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:53 ComputerOfLiza charon: 00[IKE] deleting IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:53 ComputerOfLiza charon: 00[IKE] sending DELETE for IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1]
Aug  3 15:22:53 ComputerOfLiza charon: 00[ENC] generating INFORMATIONAL_V1 request 2766966862 [ HASH D ]
Aug  3 15:22:53 ComputerOfLiza charon: 00[NET] sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (84 bytes)
Aug  3 15:22:53 ComputerOfLiza nm-l2tp-service[1922]: ipsec shut down
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <info>  [1596457373.1879] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: stopped (6)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <info>  [1596457373.1906] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN service disappeared
Aug  3 15:23:02 ComputerOfLiza NetworkManager[627]: <info>  [1596457382.2593] audit: op="statistics" arg="refresh-rate-ms" pid=990 uid=1000 result="success"

答案1

我刚刚遇到了类似的问题，而且截至本文发布时，Meraki 在其“客户端 VPN 操作系统配置”文章中发布了不正确的第 2 阶段值。在 Meraki 支持团队的 Gene Y. 的帮助和努力下，我们能够获得正确的第 2 阶段算法值：

aes128-sha1，3des-sha1！

他们的配置文章中的错误行是将第 1 阶段的值复制/粘贴到第 2 阶段。Meraki 可能会很快更新他们的文档以反映正确的值，但以防万一其他人收到与我相同的致命信号 15 错误像我一样看到这篇文章，这为我们解决了这个问题。

答案2

原来我需要network-manager-l2tp-gnome. KDE 是否需要 Gnome 软件包并不明显。

答案3

我还无法对答案进行投票或评论，因此请通过此答案进行更新：

截至撰写本文之日（2022 年 1 月 14 日），Meraki 尚未更新配置手册。使用中遇到以下情况：

sudo tail -f /var/log/syslog

parsed INFORMATIONAL_V1 request 345001813 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection [redacted] failed
death_handler: Fatal signal 15 received

找到了这个页面。使用以下设置对我有用：

Phase 1: aes128-sha1-modp1024,3des-sha1-modp1024!
Phase 2: aes128-sha1,3des-sha1!

答案1

答案2

答案3

相关内容