IPSec strongswan“建立成功”,但没有 ppp0

tag-icon tag-icon ipsec ubuntu-16.04 strongswan
IPSec strongswan“建立成功”,但没有 ppp0

我正在尝试使用 strongswan 客户端将 Ubuntu Server 16.04 连接到 IPSec L2TP VPN。

显然连接已成功建立,但接口 ppp0 尚未创建。

其结果如下sudo ipsec up myconnection

initiating Main Mode IKE_SA myconnection[2] to 116.38.129.101
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (212 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (132 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (244 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (236 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (100 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (68 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myconnection[2] established between 192.168.0.104[192.168.0.104]...116.38.129.101[116.38.129.101]
scheduling reauthentication in 10033s
maximum IKE_SA lifetime 10573s
generating QUICK_MODE request 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (220 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (188 bytes)
parsed QUICK_MODE response 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
connection 'myconnection' established successfully

有什么提示吗?

答案1

首先检查uname -a你的 Linux 内核版本,如果你有4.14,我有个坏消息要告诉你:你的内核有问题。 似乎4.13没问题, 也一样4.15,但 不是4.14。请参阅libreswan 错误报告中的这个答案

无论如何,您也可以尝试网络管理器。安装该network-manager-l2tp软件包。

下面是一个您可以保存的有效 NetworkManager VPN 文件的示例/etc/NetworkManager/system-connections/MY_DAMN_VPN

[connection]
id=MY_DAMN_VPN
uuid=very-random-stuff
type=vpn

[vpn]
gateway=IP_OF_MY_DAMN_VPN
ipsec-enabled=yes
ipsec-esp=aes256-sha1,aes128-sha1,3des-sha1!
ipsec-ike=aes256-sha1-ecp384,aes128-sha1-ecp256,3des-sha1-modp1536!
ipsec-psk=MY_SUPER_SECRET_SHARED_PASSWORD
password-flags=0
user=local-vpn
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
password=MY_SUPER_SECRET_PASSWORD

[ipv4]
dns-search=
method=auto
never-default=true

然后重新启动网络管理器并激活 VPN:

systemctl restart NetworkManager
nmcli connection up MY_DAMN_VPN

这个东西在 Debian GNU/Linux buster 和一个该死的 Microsoft Windows VPN 服务器上进行了测试。

祝你好运!

附言

不要尝试使用 OpenVPN 与专有 VPN 服务器通信:OpenVPN 基于 TLS 技术(因为它考虑到了安全性)。L2TP/IPsec 似乎不是。[1]

[1]:https://en.wikipedia.org/wiki/IPsec您可以从维基百科上进一步了解 NSA 对 IPsec 的干扰,这要感谢一些相关资料。

相关内容