我正在尝试配置我的 OpenWRT 路由器以连接到远程 VPN 服务器。我拥有的凭据是正确的,但由于某种原因,连接无法在路由器上进行身份验证。以下是我的配置
/etc/ipsec.conf
conn l2tpconn
keyexchange=ikev1
authby=xauthpsk
xauth=client
left=%defaultroute
leftsourceip=%config
leftfirewall=yes
leftauth=psk
leftauth2=xauth
leftid=user
right=<server_ip>
rightsubnet=0.0.0.0/0
rightauth=psk
rightauth2=xauth
auto=add
/etc/ipsec.secrets
%any <server_ip> : PSK 'secret'
'user' : XAUTH 'password'
日志
initiating Main Mode IKE_SA l2tpconn[39] to <server_ip>
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.1.18[500] to <server_ip>[500] (224 bytes)
received packet: from <server_ip>[500] to 192.168.1.18[500] (156 bytes)
parsed ID_PROT response 0 [ SA V V V V ]
received DPD vendor ID
received FRAGMENTATION vendor ID
received XAuth vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.18[500] to <server_ip>[500] (372 bytes)
received packet: from <server_ip>[500] to 192.168.1.18[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
remote host is behind NAT
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (92 bytes)
received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes)
parsed TRANSACTION request 2614881849 [ HASH CPRQ(X_USER X_PWD) ]
generating TRANSACTION response 2614881849 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (108 bytes)
received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes)
parsed TRANSACTION request 645236074 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'user' (myself) failed
generating TRANSACTION response 645236074 [ HASH CPA(X_STATUS) ]
sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (76 bytes)
establishing connection 'l2tpconn' failed
也许这是很简单的事情,而我却忽略了它,但如果你们有任何建议,那将非常有帮助。谢谢。
答案1
所以,我弄清楚了我的问题是什么,它是多种因素的结合。
我没有意识到服务器正在将 XAUTH 请求记录到 /var/log/auth.log 我以为它在 /var/log/syslog 中
阅读日志后,我注意到它正在检查 /etc/ipsec.d/passwd 中的凭据,而不是像我所想的那样在 /etc/ppp/chap-secrets 中检查凭据,无论出于什么原因。
然后,我将我的用户名和散列密码(openssl passwd -1“密码”)添加到 /etc/ipconf.d/passwd 并且成功了。