EAP-MS-CHAPv2 验证失败 Arch Linux（strongswan）

我无法让 Strongswan、networkmanager-strongswan（客户端）在您的 Arch-PC 上运行。我的 vpn-strongswan 服务器（以下简称 deb（服务器））已配置很长时间，除了我的 arch linux（以下简称 arch（客户端））之外，任何设备（例如 android、windows）都可以成功连接到它。

当我尝试连接到我的 vpn deb（服务器）时，出现用户数据无效的错误。我使用与其他设备相同的证书进行连接。我尝试过不同的唯一用户，但总是收到包含不正确用户信息的消息。我做错了什么？

我已经在我的 arch（客户端）上安装了 Strongswan 和 networkmanager-strongswan

sudo pacman -S networkmanager-strongswan strongswan

我的其他设备可以从与我的 arch（客户端）相同的网络连接到服务器，因此有关 nat 的错误与它无关。

我的 deb（服务器）上的 ipsec.secrets 文件的格式正确：

: RSA "server-key.pem"
test : EAP "password"

在 deb（服务器）上，时间与 Arch（客户端）时间不同（在 Android 和 Windows 上，时间与 Arch（客户端）上的时间相同），这是因为 deb（服务器）处于不同的时区。但这并不妨碍其他设备顺利连接到它。

登录 arch(客户端)

-- Journal begins at Tue 2021-10-05 23:12:10 MSK, ends at Wed 2021-10-06 21:10:15 MSK. --
Oct 06 21:10:13 Arch-PC charon-nm[16823]: 01[IKE] server requested EAP_MSCHAPV2 authentication (id 0x8B)
Oct 06 21:10:13 Arch-PC charon-nm[16823]: 01[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Oct 06 21:10:13 Arch-PC charon-nm[16823]: 01[NET] sending packet: from 172.16.1.20[53461] to my_white_ip_vpn[4500] (140 bytes)
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[NET] received packet: from my_white_ip_vpn[4500] to 172.16.1.20[53461] (124 bytes)
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Oct 06 21:10:15 Arch-PC audit[16823]: SYSCALL arch=c000003e syscall=44 success=yes exit=40 a0=8 a1=7f69867fb5a0 a2=28 a3=0 items=0 ppid=1 pid=16823 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="charon-nm" exe="/usr/lib/strongswan/charon-nm" key=(null)
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[IKE] EAP-MS-CHAPv2 failed with error ERROR_AUTHENTICATION_FAILURE: '(null)'
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[IKE] EAP_MSCHAPV2 method failed
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[ENC] generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
Oct 06 21:10:15 Arch-PC charon-nm[16823]: 07[NET] sending packet: from 172.16.1.20[53461] to my_white_ip_vpn[4500] (76 bytes)

登录 deb(服务器)

Oct 06 18:10:14 vpn-srv charon[1611]: 16[NET] received packet: from my_white_ip_home[34671] to 172.26.6.255[500] (464 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] my_white_ip_home is initiating an IKE_SA
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] my_white_ip_home is initiating an IKE_SA
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] local host is behind NAT, sending keep alives
Oct 06 18:10:14 vpn-srv charon[1611]: 16[IKE] remote host is behind NAT
Oct 06 18:10:14 vpn-srv charon[1611]: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 16[NET] sending packet: from 172.26.6.255[500] to my_white_ip_home[34671] (472 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (348 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] received cert request for "CN=VPN Root CA"
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] initiating EAP_IDENTITY method (id 0x00)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] peer supports MOBIKE
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] authentication of 'my_deb_vpn_server_domain' (myself) with RSA_EMSA_PKCS1_SHA2_384 successful
Oct 06 18:10:14 vpn-srv charon[1611]: 05[IKE] sending end entity cert "CN=my_deb_vpn_server_domain"
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] splitting IKE message (1980 bytes) into 2 fragments
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Oct 06 18:10:14 vpn-srv charon[1611]: 05[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (1248 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 05[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (800 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 06[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (76 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 06[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Oct 06 18:10:14 vpn-srv charon[1611]: 06[IKE] received EAP identity 'test'
Oct 06 18:10:14 vpn-srv charon[1611]: 06[IKE] initiating EAP_MSCHAPV2 method (id 0x8B)
Oct 06 18:10:14 vpn-srv charon[1611]: 06[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Oct 06 18:10:14 vpn-srv charon[1611]: 06[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (108 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 07[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (140 bytes)
Oct 06 18:10:14 vpn-srv charon[1611]: 07[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Oct 06 18:10:14 vpn-srv charon[1611]: 07[IKE] EAP-MS-CHAPv2 verification failed, retry (1)
Oct 06 18:10:16 vpn-srv charon[1611]: 07[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Oct 06 18:10:16 vpn-srv charon[1611]: 07[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (124 bytes)
Oct 06 18:10:16 vpn-srv charon[1611]: 08[NET] received packet: from my_white_ip_home[53461] to 172.26.6.255[4500] (76 bytes)
Oct 06 18:10:16 vpn-srv charon[1611]: 08[ENC] parsed INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
Oct 06 18:10:16 vpn-srv charon[1611]: 08[ENC] generating INFORMATIONAL response 4 [ N(AUTH_FAILED) ]
Oct 06 18:10:16 vpn-srv charon[1611]: 08[NET] sending packet: from 172.26.6.255[4500] to my_white_ip_home[53461] (76 bytes)

我该怎么做才能连接到我的 VPN？请帮帮我