几分钟后,l2tp vpn 断开连接

几分钟后,l2tp vpn 断开连接

我在我的 vps 服务器上安装了 IPSec/L2TP。

我尝试从我的 Mac 连接到该 VPN 服务器。

第一次连接成功,但几分钟后,连接就自动断开了。

此后,我再次尝试连接,但连接失败。

pppd[7407]: pppd 2.4.2 (Apple version 727.1.15) started by albert, uid 501
pppd[7407]: L2TP connecting to server '174.128.103.32' (174.128.103.32)...
pppd[7407]: IPSec connection started
racoon[7408]: plogsetfile: about to add racoon log file: /var/log/racoon.log
racoon[7408]: accepted connection on vpn control socket.
racoon[7408]: Connecting.
racoon[7408]: IPSec Phase 1 started (Initiated by me).
racoon[7408]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
racoon[7408]: >>>>> phase change status = Phase 1 started by us
racoon[7408]: >>>>> phase change status = Phase 1 started by peer
racoon[7408]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
racoon[7408]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
racoon[7408]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
racoon[7408]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
racoon[7408]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6).
racoon[7408]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
racoon[7408]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode).
racoon[7408]: IPSec Phase 1 established (Initiated by me).
racoon[7408]: IPSec Phase 2 started (Initiated by me).
racoon[7408]: >>>>> phase change status = Phase 2 started
racoon[7408]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
racoon[7408]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
racoon[7408]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
racoon[7408]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode).
racoon[7408]: IPSec Phase 2 established (Initiated by me).
racoon[7408]: >>>>> phase change status = Phase 2 established
pppd[7407]: IPSec connection established
pppd[7407]: L2TP cannot connect to the server
racoon[7408]: IPSec disconnecting from server 174.128.103.32
racoon[7408]: IKE Packet: transmit success. (Information message).
racoon[7408]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
racoon[7408]: IKE Packet: transmit success. (Information message).
racoon[7408]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
racoon[7408]: glob found no matches for path "/var/run/racoon/*.conf"
racoon[7408]: pfkey DELETE failed: No such file or directory
racoon[7408]: Connecting.
racoon[7408]: Unknown Informational exchange received.

因此,我在我的服务器上尝试

service ipsec restart
service xl2tpd restart

但连接还是像以前一样失败。

过了30~40分钟,我再次尝试,连接成功。几分钟后,又出现了同样的现象。

该服务器有两张网卡。

eth0的ip地址174.128.103.32,eth1的ip地址是10.177.209.15

出了什么问题?请帮帮我。

以下是我的配置文件。

/etc/ipsec.conf

version 2.0
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey
conn L2TP-PSK
    authby=secret
    pfs=no
    auto=add
    keyingtries=%forever
    rekey=yes
    ikelifetime=8h
    keylife=1h
    type=transport
    left=174.128.103.32
    leftnexthop=%defaultroute
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any

/etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

/etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = no
listen-addr=174.128.103.32
port = 1701

[lns default]
ip range = 192.168.20.100-192.168.20.200
local ip = 192.168.20.1
refuse chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 4.2.2.1
ms-dns 8.8.4.4
proxyarp
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug

/etc/ppp/chap-秘密

user1  l2tpd  user1password  *

/etc/iptables/rule.v4

iptables -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT

/etc/ipsec.secrets

include /var/lib/openswan/ipsec.secrets.inc

/var/lib/openswan/ipsec.secrets.inc

#: RSA /etc/ipsec.d/private/key.pem
%any : PSK "password"

相关内容