如何使用 Ubuntu 13.10 连接到 ipsec VPN

如何使用 Ubuntu 13.10 连接到 ipsec VPN

在升级到 13.10 之前,我一直使用 L2TP IPsec VPN 管理器

以前它可以工作。但是现在却不工作了。

ipsec 服务器(Fortigate 防火墙,记录一切正常,然后显示客户端已断开连接。)

这一行IPCP terminated by peer (Unauthorized remote IP address) - 没有意义,IP 由 FW 提供,并且来自正确的池。

此外,FW 没有记录任何问题。

最后:使用 Android 连接到同一个 FW - 运行良好。

log from ipsec client:
    Nov 21 11:58:16.839 ipsec_setup: Stopping Openswan IPsec...
Nov 21 11:58:18.580 Stopping xl2tpd: xl2tpd.
Nov 21 11:58:18.581 xl2tpd[19495]: death_handler: Fatal signal 15 received
Nov 21 11:58:18.612 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.11.0-13-generic...
Nov 21 11:58:18.886 ipsec__plutorun: Starting Pluto subsystem...
Nov 21 11:58:18.892 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Nov 21 11:58:18.900 recvref[30]: Protocol not available
Nov 21 11:58:18.900 xl2tpd[21494]: This binary does not support kernel L2TP.
Nov 21 11:58:18.901 xl2tpd[21497]: xl2tpd version xl2tpd-1.3.1 started on andre-OptiPlex-990 PID:21497
Nov 21 11:58:18.902 xl2tpd[21497]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 11:58:18.902 xl2tpd[21497]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 11:58:18.902 xl2tpd[21497]: Inherited by Jeff McAdams, (C) 2002
Nov 21 11:58:18.902 xl2tpd[21497]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Nov 21 11:58:18.902 xl2tpd[21497]: Listening on IP address 0.0.0.0, port 1701
Nov 21 11:58:18.903 Starting xl2tpd: xl2tpd.
Nov 21 11:58:19.031 ipsec__plutorun: 002 added connection description "Valhall"
Nov 21 11:58:19.386 104 "Valhall" #1: STATE_MAIN_I1: initiate
Nov 21 11:58:19.387 003 "Valhall" #1: received Vendor ID payload [RFC 3947] method set to=115 
Nov 21 11:58:19.387 003 "Valhall" #1: received Vendor ID payload [Dead Peer Detection]
Nov 21 11:58:19.387 003 "Valhall" #1: ignoring unknown Vendor ID payload [8299031757a36082c6a621de000402a0]
Nov 21 11:58:19.387 106 "Valhall" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 21 11:58:19.388 003 "Valhall" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
Nov 21 11:58:19.388 108 "Valhall" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 21 11:58:19.388 004 "Valhall" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 21 11:58:19.388 117 "Valhall" #2: STATE_QUICK_I1: initiate
Nov 21 11:58:19.388 003 "Valhall" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=0530bd3b
Nov 21 11:58:19.389 003 "Valhall" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
Nov 21 11:58:19.389 004 "Valhall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xea9d24b4 <0xc36d9ff6 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Nov 21 11:58:20.391 xl2tpd[21497]: Connecting to host mydomain.com, port 1701
Nov 21 11:58:20.461 xl2tpd[21497]: Connection established to x.x.x.199, 1701.  Local: 46031, Remote: 3 (ref=0/0).
Nov 21 11:58:20.461 xl2tpd[21497]: Calling on tunnel 46031
Nov 21 11:58:20.529 xl2tpd[21497]: Call established with x.x.x.199, Local: 65516, Remote: 4, Serial: 1 (ref=0/0)
Nov 21 11:58:20.529 xl2tpd[21497]: start_pppd: I'm running: 
Nov 21 11:58:20.530 xl2tpd[21497]: "/usr/sbin/pppd" 
Nov 21 11:58:20.530 xl2tpd[21497]: "passive" 
Nov 21 11:58:20.530 xl2tpd[21497]: "nodetach" 
Nov 21 11:58:20.530 xl2tpd[21497]: ":" 
Nov 21 11:58:20.531 xl2tpd[21497]: "file" 
Nov 21 11:58:20.531 xl2tpd[21497]: "/etc/ppp/Valhall.options.xl2tpd" 
Nov 21 11:58:20.531 xl2tpd[21497]: "ipparam" 
Nov 21 11:58:20.531 xl2tpd[21497]: "x.x.x.199" 
Nov 21 11:58:20.532 xl2tpd[21497]: "/dev/pts/5" 
Nov 21 11:58:20.539 pppd[21544]: Plugin passprompt.so loaded.
Nov 21 11:58:20.547 pppd[21544]: pppd 2.4.5 started by root, uid 0
Nov 21 11:58:20.548 pppd[21544]: Using interface ppp0
Nov 21 11:58:20.548 pppd[21544]: Connect: ppp0 <--> /dev/pts/5
Nov 21 11:58:23.693 pppd[21544]: Deflate (15) compression enabled
Nov 21 11:58:23.754 pppd[21544]: local  IP address 192.168.1.141
Nov 21 11:58:23.755 pppd[21544]: remote IP address 192.168.1.140
Nov 21 11:58:23.755 pppd[21544]: primary   DNS address x.x.x.x
Nov 21 11:58:23.755 pppd[21544]: secondary DNS address x.x.x.x
Nov 21 11:58:23.761 pppd[21544]: IPCP terminated by peer (Unauthorized remote IP address)
Nov 21 11:58:23.761 pppd[21544]: Connect time 0.0 minutes.
Nov 21 11:58:23.762 pppd[21544]: Sent 0 bytes, received 34 bytes.
Nov 21 11:58:23.831 pppd[21544]: LCP terminated by peer (No network protocols running)
Nov 21 11:58:24.048 xl2tpd[21497]: control_finish: Connection closed to x.x.x.199, serial 1 ()
Nov 21 11:58:24.049 xl2tpd[21497]: Terminating pppd: sending TERM signal to pid 21544
Nov 21 11:58:24.049 pppd[21544]: Modem hangup
Nov 21 11:58:24.049 pppd[21544]: Connection terminated.
Nov 21 11:58:24.074 pppd[21544]: Terminating on signal 15
Nov 21 11:58:24.075 pppd[21544]: Exit.

那么如何连接到 ipsec VPN?

相关内容