Strongswan IPSec + XL2TP 连接不起作用

tag-icon tag-icon linux-networking strongswan xl2tpd
Strongswan IPSec + XL2TP 连接不起作用

我正在尝试在我的桌面和运行 Linux(Ubuntu)的 AWS 服务器之间建立一个 VPN(Strongswan + xl2tpd),但我真的迷路了。

相信我可以让 IPSec 部分工作,但我并不完全相信,因为 l2tp 部分不工作并且似乎没有在日志中显示任何内容。

我使用以下方式建立 IPSec 隧道

$ ipsec up AWSVPN

然后:

$ ipsec status
Security Associations (1 up, 0 connecting):
      AWSVPN[3]: ESTABLISHED 17 minutes ago, 192.168.1.150[robin.blah.blah]...52.x.x.91[vpn.blah.blah]
      AWSVPN{7}:  INSTALLED, TUNNEL, ESP in UDP SPIs: ca867b64_i cda2db1d_o
      AWSVPN{7}:   10.0.1.123/32 === 10.0.0.0/23

尝试 l2tp 部分:

$ echo "c awsvpn" > /var/run/xl2tpd/l2tp-control

我在客户端系统日志中收到此信息:

Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: get_call: allocating new tunnel for host 52.25.35.91, port 1701.
Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: Connecting to host 52.x.x.91, port 1701
Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: control_finish: message type is (null)(0).  Tunnel is 0, call is 0.
Jul 15 13:18:37 H61N-USB3 xl2tpd[10340]: control_finish: sending SCCRQ
Jul 15 13:18:38 H61N-USB3 xl2tpd[10340]: network_thread: select timeout
Jul 15 13:18:42 H61N-USB3 xl2tpd[10340]: message repeated 4 times: [ network_thread: select timeout]
Jul 15 13:18:42 H61N-USB3 xl2tpd[10340]: Maximum retries exceeded for tunnel 65296.  Closing.
Jul 15 13:18:42 H61N-USB3 xl2tpd[10340]: Connection 0 closed to 52.x.x.91, port 1701 (Timeout)
Jul 15 13:18:43 H61N-USB3 xl2tpd[10340]: network_thread: select timeout
Jul 15 13:18:47 H61N-USB3 xl2tpd[10340]: message repeated 4 times: [ network_thread: select timeout]
Jul 15 13:18:47 H61N-USB3 xl2tpd[10340]: Unable to deliver closing message for tunnel 65296. Destroying anyway.

在服务器上我什么也没得到。

Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: xl2tpd version xl2tpd-1.3.6 started on ip-172-31-38-36 PID:4751
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Inherited by Jeff McAdams, (C) 2002
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Jul 15 12:14:06 ip-172-31-38-36 xl2tpd[4751]: Listening on IP address 0.0.0.0, port 1701

我认为一定是我遗漏了某些步骤。有人能帮忙吗?

相关内容