我正在尝试使用 strongswan 客户端将 Ubuntu Server 16.04 连接到 IPSec L2TP VPN。
显然连接已成功建立,但接口 ppp0 尚未创建。
其结果如下sudo ipsec up myconnection
:
initiating Main Mode IKE_SA myconnection[2] to 116.38.129.101
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (212 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (132 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (244 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (236 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (100 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (68 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myconnection[2] established between 192.168.0.104[192.168.0.104]...116.38.129.101[116.38.129.101]
scheduling reauthentication in 10033s
maximum IKE_SA lifetime 10573s
generating QUICK_MODE request 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (220 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (188 bytes)
parsed QUICK_MODE response 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
connection 'myconnection' established successfully
有什么提示吗?
答案1
首先检查uname -a
你的 Linux 内核版本,如果你有4.14
,我有个坏消息要告诉你:你的内核有问题。 似乎4.13
没问题, 也一样4.15
,但 不是4.14
。请参阅libreswan 错误报告中的这个答案。
无论如何,您也可以尝试网络管理器。安装该network-manager-l2tp
软件包。
下面是一个您可以保存的有效 NetworkManager VPN 文件的示例/etc/NetworkManager/system-connections/MY_DAMN_VPN
:
[connection]
id=MY_DAMN_VPN
uuid=very-random-stuff
type=vpn
[vpn]
gateway=IP_OF_MY_DAMN_VPN
ipsec-enabled=yes
ipsec-esp=aes256-sha1,aes128-sha1,3des-sha1!
ipsec-ike=aes256-sha1-ecp384,aes128-sha1-ecp256,3des-sha1-modp1536!
ipsec-psk=MY_SUPER_SECRET_SHARED_PASSWORD
password-flags=0
user=local-vpn
service-type=org.freedesktop.NetworkManager.l2tp
[vpn-secrets]
password=MY_SUPER_SECRET_PASSWORD
[ipv4]
dns-search=
method=auto
never-default=true
然后重新启动网络管理器并激活 VPN:
systemctl restart NetworkManager
nmcli connection up MY_DAMN_VPN
这个东西在 Debian GNU/Linux buster 和一个该死的 Microsoft Windows VPN 服务器上进行了测试。
祝你好运!
附言
不要尝试使用 OpenVPN 与专有 VPN 服务器通信:OpenVPN 基于 TLS 技术(因为它考虑到了安全性)。L2TP/IPsec 似乎不是。[1]
[1]:https://en.wikipedia.org/wiki/IPsec您可以从维基百科上进一步了解 NSA 对 IPsec 的干扰,这要感谢一些相关资料。