在升级到 13.10 之前,我一直使用 L2TP IPsec VPN 管理器
以前它可以工作。但是现在却不工作了。
ipsec 服务器(Fortigate 防火墙,记录一切正常,然后显示客户端已断开连接。)
这一行IPCP terminated by peer (Unauthorized remote IP address)
- 没有意义,IP 由 FW 提供,并且来自正确的池。
此外,FW 没有记录任何问题。
最后:使用 Android 连接到同一个 FW - 运行良好。
log from ipsec client:
Nov 21 11:58:16.839 ipsec_setup: Stopping Openswan IPsec...
Nov 21 11:58:18.580 Stopping xl2tpd: xl2tpd.
Nov 21 11:58:18.581 xl2tpd[19495]: death_handler: Fatal signal 15 received
Nov 21 11:58:18.612 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.11.0-13-generic...
Nov 21 11:58:18.886 ipsec__plutorun: Starting Pluto subsystem...
Nov 21 11:58:18.892 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Nov 21 11:58:18.900 recvref[30]: Protocol not available
Nov 21 11:58:18.900 xl2tpd[21494]: This binary does not support kernel L2TP.
Nov 21 11:58:18.901 xl2tpd[21497]: xl2tpd version xl2tpd-1.3.1 started on andre-OptiPlex-990 PID:21497
Nov 21 11:58:18.902 xl2tpd[21497]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 11:58:18.902 xl2tpd[21497]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 11:58:18.902 xl2tpd[21497]: Inherited by Jeff McAdams, (C) 2002
Nov 21 11:58:18.902 xl2tpd[21497]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Nov 21 11:58:18.902 xl2tpd[21497]: Listening on IP address 0.0.0.0, port 1701
Nov 21 11:58:18.903 Starting xl2tpd: xl2tpd.
Nov 21 11:58:19.031 ipsec__plutorun: 002 added connection description "Valhall"
Nov 21 11:58:19.386 104 "Valhall" #1: STATE_MAIN_I1: initiate
Nov 21 11:58:19.387 003 "Valhall" #1: received Vendor ID payload [RFC 3947] method set to=115
Nov 21 11:58:19.387 003 "Valhall" #1: received Vendor ID payload [Dead Peer Detection]
Nov 21 11:58:19.387 003 "Valhall" #1: ignoring unknown Vendor ID payload [8299031757a36082c6a621de000402a0]
Nov 21 11:58:19.387 106 "Valhall" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 21 11:58:19.388 003 "Valhall" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
Nov 21 11:58:19.388 108 "Valhall" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 21 11:58:19.388 004 "Valhall" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 21 11:58:19.388 117 "Valhall" #2: STATE_QUICK_I1: initiate
Nov 21 11:58:19.388 003 "Valhall" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=0530bd3b
Nov 21 11:58:19.389 003 "Valhall" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
Nov 21 11:58:19.389 004 "Valhall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xea9d24b4 <0xc36d9ff6 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Nov 21 11:58:20.391 xl2tpd[21497]: Connecting to host mydomain.com, port 1701
Nov 21 11:58:20.461 xl2tpd[21497]: Connection established to x.x.x.199, 1701. Local: 46031, Remote: 3 (ref=0/0).
Nov 21 11:58:20.461 xl2tpd[21497]: Calling on tunnel 46031
Nov 21 11:58:20.529 xl2tpd[21497]: Call established with x.x.x.199, Local: 65516, Remote: 4, Serial: 1 (ref=0/0)
Nov 21 11:58:20.529 xl2tpd[21497]: start_pppd: I'm running:
Nov 21 11:58:20.530 xl2tpd[21497]: "/usr/sbin/pppd"
Nov 21 11:58:20.530 xl2tpd[21497]: "passive"
Nov 21 11:58:20.530 xl2tpd[21497]: "nodetach"
Nov 21 11:58:20.530 xl2tpd[21497]: ":"
Nov 21 11:58:20.531 xl2tpd[21497]: "file"
Nov 21 11:58:20.531 xl2tpd[21497]: "/etc/ppp/Valhall.options.xl2tpd"
Nov 21 11:58:20.531 xl2tpd[21497]: "ipparam"
Nov 21 11:58:20.531 xl2tpd[21497]: "x.x.x.199"
Nov 21 11:58:20.532 xl2tpd[21497]: "/dev/pts/5"
Nov 21 11:58:20.539 pppd[21544]: Plugin passprompt.so loaded.
Nov 21 11:58:20.547 pppd[21544]: pppd 2.4.5 started by root, uid 0
Nov 21 11:58:20.548 pppd[21544]: Using interface ppp0
Nov 21 11:58:20.548 pppd[21544]: Connect: ppp0 <--> /dev/pts/5
Nov 21 11:58:23.693 pppd[21544]: Deflate (15) compression enabled
Nov 21 11:58:23.754 pppd[21544]: local IP address 192.168.1.141
Nov 21 11:58:23.755 pppd[21544]: remote IP address 192.168.1.140
Nov 21 11:58:23.755 pppd[21544]: primary DNS address x.x.x.x
Nov 21 11:58:23.755 pppd[21544]: secondary DNS address x.x.x.x
Nov 21 11:58:23.761 pppd[21544]: IPCP terminated by peer (Unauthorized remote IP address)
Nov 21 11:58:23.761 pppd[21544]: Connect time 0.0 minutes.
Nov 21 11:58:23.762 pppd[21544]: Sent 0 bytes, received 34 bytes.
Nov 21 11:58:23.831 pppd[21544]: LCP terminated by peer (No network protocols running)
Nov 21 11:58:24.048 xl2tpd[21497]: control_finish: Connection closed to x.x.x.199, serial 1 ()
Nov 21 11:58:24.049 xl2tpd[21497]: Terminating pppd: sending TERM signal to pid 21544
Nov 21 11:58:24.049 pppd[21544]: Modem hangup
Nov 21 11:58:24.049 pppd[21544]: Connection terminated.
Nov 21 11:58:24.074 pppd[21544]: Terminating on signal 15
Nov 21 11:58:24.075 pppd[21544]: Exit.
那么如何连接到 ipsec VPN?