我无法让 Strongswan、networkmanager-strongswan(客户端)在您的 Arch-PC 上运行。我的 vpn-strongswan 服务器(以下简称 deb(服务器))已配置很长时间,除了我的 arch linux(以下简称 arch(客户端))之外,任何设备(例如 android、windows)都可以成功连接到它。
当我尝试连接到我的 vpn deb(服务器)时,出现用户数据无效的错误。我使用与其他设备相同的证书进行连接。我尝试过不同的唯一用户,但总是收到包含不正确用户信息的消息。我做错了什么?
我已经在我的 arch(客户端)上安装了 Strongswan 和 networkmanager-strongswan
sudo pacman -S networkmanager-strongswan strongswan
我的其他设备可以从与我的 arch(客户端)相同的网络连接到服务器,因此有关 nat 的错误与它无关。
我的 deb(服务器)上的 ipsec.secrets 文件的格式正确:
: RSA "server-key.pem"
test : EAP "password"
在 deb(服务器)上,时间与 Arch(客户端)时间不同(在 Android 和 Windows 上,时间与 Arch(客户端)上的时间相同),这是因为 deb(服务器)处于不同的时区。但这并不妨碍其他设备顺利连接到它。
登录 arch(客户端)
-- Journal begins at Tue 2021-10-05 23:12:10 MSK, ends at Wed 2021-10-06 21:10:15 MSK. --
Oct 06 21:10:13 Arch-PC charon-nm[16823]: 01[IKE] server requested EAP_MSCHAPV2 authentication (id 0x8B)
Oct 06 21:10:13 Arch-PC charon-nm[16823]: 01[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Oct 06 21:10:13 Arch-PC charon-nm[16823]: 01[NET] sending packet: from 172.16.1.20[53461] to my_white_ip_vpn[4500] (140 bytes)
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[NET] received packet: from my_white_ip_vpn[4500] to 172.16.1.20[53461] (124 bytes)
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Oct 06 21:10:15 Arch-PC audit[16823]: SYSCALL arch=c000003e syscall=44 success=yes exit=40 a0=8 a1=7f69867fb5a0 a2=28 a3=0 items=0 ppid=1 pid=16823 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="charon-nm" exe="/usr/lib/strongswan/charon-nm" key=(null)
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[IKE] EAP-MS-CHAPv2 failed with error ERROR_AUTHENTICATION_FAILURE: '(null)'
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[IKE] EAP_MSCHAPV2 method failed
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[ENC] generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[NET] sending packet: from 172.16.1.20[53461] to my_white_ip_vpn[4500] (76 bytes)
登录 deb(服务器)
Oct 06 18:10:14 vpn-srv charon[1611]: 16[NET] received packet: from my_white_ip_home[34671] to 172.26.6.255[500] (464 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] my_white_ip_home is initiating an IKE_SA
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] my_white_ip_home is initiating an IKE_SA
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] local host is behind NAT, sending keep alives
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] remote host is behind NAT
Oct 06 18:10:14 vpn-srv charon[1611]: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 16[NET] sending packet: from 172.26.6.255[500] to my_white_ip_home[34671] (472 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (348 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] received cert request for "CN=VPN Root CA"
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] initiating EAP_IDENTITY method (id 0x00)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] peer supports MOBIKE
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] authentication of 'my_deb_vpn_server_domain' (myself) with RSA_EMSA_PKCS1_SHA2_384 successful
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] sending end entity cert "CN=my_deb_vpn_server_domain"
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] splitting IKE message (1980 bytes) into 2 fragments
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (1248 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (800 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 06[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (76 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 06[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Oct 06 18:10:14 vpn-srv charon[1611]: 06[IKE] received EAP identity 'test'
Oct 06 18:10:14 vpn-srv charon[1611]: 06[IKE] initiating EAP_MSCHAPV2 method (id 0x8B)
Oct 06 18:10:14 vpn-srv charon[1611]: 06[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Oct 06 18:10:14 vpn-srv charon[1611]: 06[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (108 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 07[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (140 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 07[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Oct 06 18:10:14 vpn-srv charon[1611]: 07[IKE] EAP-MS-CHAPv2 verification failed, retry (1)
Oct 06 18:10:16 vpn-srv charon[1611]: 07[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Oct 06 18:10:16 vpn-srv charon[1611]: 07[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (124 bytes)
Oct 06 18:10:16 vpn-srv charon[1611]: 08[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (76 bytes)
Oct 06 18:10:16 vpn-srv charon[1611]: 08[ENC] parsed INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
Oct 06 18:10:16 vpn-srv charon[1611]: 08[ENC] generating INFORMATIONAL response 4 [ N(AUTH_FAILED) ]
Oct 06 18:10:16 vpn-srv charon[1611]: 08[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (76 bytes)
我该怎么做才能连接到我的 VPN?请帮帮我
答案1
要从控制台连接,有关配置客户端 stronswan 的指南对我有帮助:https://protonvpn.com/support/linux-ikev2-protonvpn/
在 IDE 中,当您首次连接新的 VPN 连接时,NetworkManager-Strongswan 会要求从 VPN 输入密码,而不是从 Sudo 输入密码。因此,从 ide 连接时,会发生授权错误。