我的情况完全一样就像这里的 sashok_bg:我正尝试通过 Debian 上的 Swanstrong 客户端 vpn 访问我的 Freebox pro VPN。
到目前为止,根据他在与 ecdsa 的对话中所说的内容,并相应地修改了我的配置文件,我设法解决了此错误:
initiating IKE_SA vpn-test[1] to <remote_ip>
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from <local_ip>[500] to <remote_ip>[500] (936 bytes)
received packet: from <remote_ip>[500] to <local_ip>[500] (280 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
local host is behind NAT, sending keep alives
remote host is behind NAT
sending cert request for "C=US, O=Let's Encrypt, CN=R3"
no IDi configured, fall back on IP address
establishing CHILD_SA vpn-test{1}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from <local_ip>[4500] to 8<remote_ip>[4500] (368 bytes)
received packet: from <remote_ip>[4500] to <local_ip>[4500] (80 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'vpn-test' failed
这是我的 ipsec.conf 文件:
config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, 0"
conn vpn-test
keyexchange=ikev2
leaftauth=eap
rightauth=pubkey
left=<local_ip>
right=<remote_ip>
eap_identity=<username>
auto=add
这就是 ipsec.secrets 文件包含的内容:
<username> : EAP "<pass>"
<local_ip> <remote_ip> : EAP "<pass>"
这是 ISP 提供的有关 VPN 的“文档”:https://support-pro.free.fr/comment-se-connecter-au-vpn-depuis-mon-peripherique-android/
我必须说,这是我第一次设置这样的客户端 VPN。我无法访问路由器 VPN 的日志或证书。