L2TP/IPSec：Linux 无法连接到 Cisco ASA（但 Windows 可以）

Question 1

根据您的 Strongswan/mpd5 日志，如果它们来自一个实例 - 您已成功建立客户端 l2tp/ipsec 连接：

[B_uz] IPCP: LayerUp
[B_uz]   10.10.181.222 -> 195.149.70.70
[B_uz] IFACE: Add address 10.10.181.222/32->195.149.70.70 to ng2
[B_uz] IFACE: Up event
[B_uz] IFACE: Change interface ng2 flags: -0 +1

但后来糟糕的事情开始发生：

EVENT: Processing event EVENT_READ LinkNgDataEvent() done
L2TP: RECV [MESSAGE_TYPE HELLO]
L2TP: rec'd HELLO in state established
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
[L_uz] LCP: no reply to 1 echo request(s)
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
L2TP: XMIT [MESSAGE_TYPE HELLO]
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
[L_uz] LCP: no reply to 2 echo request(s)
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
[L_uz] LCP: no reply to 3 echo request(s)

LCP（线路控制协议）回显未得到答复，因此连接终止。这要么是配置错误的 [有状态] 数据包过滤器问题，要么可能是配置错误的 DPD（死对等检测）问题。您需要进一步调查。

另请注意：

IPCP（IP 控制协议）有时无法协商 IP，您可能需要增强 mpd5.conf 的这一部分。
您的 mpd5 日志要么被严重混淆，要么被损坏，在后一种情况下，这是一个令人不安的迹象。

Answer

根据您的 Strongswan/mpd5 日志，如果它们来自一个实例 - 您已成功建立客户端 l2tp/ipsec 连接：

[B_uz] IPCP: LayerUp
[B_uz]   10.10.181.222 -> 195.149.70.70
[B_uz] IFACE: Add address 10.10.181.222/32->195.149.70.70 to ng2
[B_uz] IFACE: Up event
[B_uz] IFACE: Change interface ng2 flags: -0 +1

但后来糟糕的事情开始发生：

EVENT: Processing event EVENT_READ LinkNgDataEvent() done
L2TP: RECV [MESSAGE_TYPE HELLO]
L2TP: rec'd HELLO in state established
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
[L_uz] LCP: no reply to 1 echo request(s)
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
L2TP: XMIT [MESSAGE_TYPE HELLO]
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
[L_uz] LCP: no reply to 2 echo request(s)
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires() done
EVENT: Processing event EVENT_TIMEOUT TimerExpires()
EVENT: Processing timer "FsmKeepAlive" FsmEchoTimeout()
[L_uz] LCP: no reply to 3 echo request(s)

LCP（线路控制协议）回显未得到答复，因此连接终止。这要么是配置错误的 [有状态] 数据包过滤器问题，要么可能是配置错误的 DPD（死对等检测）问题。您需要进一步调查。

另请注意：

IPCP（IP 控制协议）有时无法协商 IP，您可能需要增强 mpd5.conf 的这一部分。
您的 mpd5 日志要么被严重混淆，要么被损坏，在后一种情况下，这是一个令人不安的迹象。

Question 2

根据 Drookie 的提示，我开始进一步挖掘，并成功解决了这个问题！我没能让 MPD5 工作，但 XL2TPd+LibreSwan（在 CentOS 中）工作正常。我只需添加以下行

:10.0.0.1

到“/etc/ppp/options.vpn-uz”，一切就都好了！

Answer

根据 Drookie 的提示，我开始进一步挖掘，并成功解决了这个问题！我没能让 MPD5 工作，但 XL2TPd+LibreSwan（在 CentOS 中）工作正常。我只需添加以下行

:10.0.0.1

到“/etc/ppp/options.vpn-uz”，一切就都好了！

L2TP/IPSec：Linux 无法连接到 Cisco ASA（但 Windows 可以）

答案1

答案2

相关内容