无法在 Ubuntu 桌面版 14.04 上使用 L2TP IPsec VPN Manager 1.0.9 进行连接

tag-icon tag-icon networking network-manager vpn
无法在 Ubuntu 桌面版 14.04 上使用 L2TP IPsec VPN Manager 1.0.9 进行连接

使用 Synaptic 安装 L2TP
并检查依赖项是否也已安装。
但无法连接到工作 VPN
当我单击连接时 Ubuntu 报告
错误 410

$> sudo ipsec 验证

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.38/K3.13.0-34-generic (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

    [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

    [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

系统日志 >

Aug 21 18:56:30 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection
Aug 21 18:56:30 WITTY105 L2tpIPsecVpnControlDaemon: Executing command ipsec setup stop
Aug 21 18:56:30 WITTY105 ipsec_setup: Stopping Openswan IPsec...
Aug 21 18:56:32 WITTY105 kernel: [ 4417.877398] NET: Unregistered protocol family 15
Aug 21 18:56:32 WITTY105 ipsec_setup: ...Openswan IPsec stopped
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command ipsec setup stop finished     with exit code 0
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop
Aug 21 18:56:32 WITTY105 xl2tpd[1307]: death_handler: Fatal signal 15 received
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd start
Aug 21 18:56:32 WITTY105 xl2tpd[5487]: setsockopt recvref[30]: Protocol not available
Aug 21 18:56:32 WITTY105 xl2tpd[5487]: This binary does not support kernel L2TP.
Aug 21 18:56:32 WITTY105 xl2tpd[5488]: xl2tpd version xl2tpd-1.3.6 started on WITTY105 PID:5488
Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Inherited by Jeff McAdams, (C) 2002
Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Aug 21 18:56:32 WITTY105 xl2tpd[5488]: Listening on IP address 0.0.0.0, port 1701
Aug 21 18:56:32 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd start finished with exit code 0
Aug 21 18:56:33 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection
Aug 21 18:56:33 WITTY105 xl2tpd[5488]: Connecting to host vpn.mycompany.com, port 1701
Aug 21 18:56:38 WITTY105 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541.  Closing.
Aug 21 18:56:38 WITTY105 xl2tpd[5488]: Connection 0 closed to 50.***.***.206, port 1701 (Timeout)
Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Opening client connection
Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Executing command service xl2tpd stop
Aug 21 18:56:38 WITTY105 xl2tpd[5488]: death_handler: Fatal signal 15 received
Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Command service xl2tpd stop finished with exit code 0
Aug 21 18:56:38 WITTY105 L2tpIPsecVpnControlDaemon: Closing client connection

MYCO-VPN.选项.xl2tpd

plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock
hide-password
modem
noipx

ipparam L2tpIPsecVpn-MYCO-VPN

promptprog "/usr/bin/L2tpIPsecVpn"

refuse-eap
refuse-chap
refuse-mschap
refuse-mschap-v2

remotename ""
name "[email protected]"
password "mypass"

ipsec 配置

version 2.0 # conforms to second version of ipsec.conf specification

config setup
    plutodebug="parsing emitting control private"
    # plutodebug=none
    strictcrlpolicy=no
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
    # which IPsec stack to use. netkey,klips,mast,auto or none
    protostack=netkey

conn %default
    keyingtries=3
    pfs=no
    rekey=yes
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701

# Add connections here.

ipsec.secrets > 为空

VPN 管理器日志显示 >

Aug 21 18:56:30.789 ipsec_setup: Stopping Openswan IPsec...
Aug 21 18:56:32.206 Stopping xl2tpd: xl2tpd.
Aug 21 18:56:32.206 xl2tpd[1307]: death_handler: Fatal signal 15 received
Aug 21 18:56:32.216 <b>recvref[30]: Protocol not available</b>
Aug 21 18:56:32.217 <b>xl2tpd[5487]: This binary does not support kernel L2TP.</b>
Aug 21 18:56:32.217 xl2tpd[5488]: xl2tpd version xl2tpd-1.3.6 started on WITTY105     PID:5488
Aug 21 18:56:32.218 xl2tpd[5488]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug 21 18:56:32.218 xl2tpd[5488]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 21 18:56:32.218 xl2tpd[5488]: Inherited by Jeff McAdams, (C) 2002
Aug 21 18:56:32.220 xl2tpd[5488]: Forked again by Xelerance (www.xelerance.com) (C)     2006
Aug 21 18:56:32.220 xl2tpd[5488]: Listening on IP address 0.0.0.0, port 1701
Aug 21 18:56:32.220 Starting xl2tpd: xl2tpd.
Aug 21 18:56:33.659 xl2tpd[5488]: Connecting to host vpn.obeohealth.com, port 1701
Aug 21 18:56:38.665 xl2tpd[5488]: Maximum retries exceeded for tunnel 47541.      Closing.
Aug 21 18:56:38.665 [ERROR  410]   Connection attempt to 'MYCO-VPN' timed out
Aug 21 18:56:38.667 xl2tpd[5488]: Connection 0 closed to 50.***.***.205, port 1701 (Timeout)
Aug 21 18:56:38.676 Stopping xl2tpd: xl2tpd.
Aug 21 18:56:38.676 xl2tpd[5488]: death_handler: Fatal signal 15 received


这些行是不言自明的
recvref[30]: 协议不可用
xl2tpd[5487]: 此二进制文件不支持内核 L2TP。

内核:[4417.877398] NET:未注册的协议系列 15
那么,如何使用 L2TP?
如果 Ubuntu Desktop 不支持,哪个发行版支持?

TIA

答案1

L2TP/IPSec VPN 是一个两阶段 VPN。首先是 IPSec,然后是带 PPP 的 L2TP。在尝试解决 L2TP 的任何问题(无论是否带 NAT)之前,您必须确保第一阶段(IPSec)没有问题。IPSec 身份验证/加密有两种可能的方法,ssl 证书或预共享密钥。如果您使用的是 ssl 证书,那么您可以有一个空的 ipsec.secrets,但是如果您计划使用预共享密钥,您的 ipsec.secrets 必须有一个预共享密钥。如果您对 IPSec 没有任何问题,您将能够与 IPSec 建立安全关联,并且第一阶段就完成了。

第二阶段,您必须选择一种 PPP 身份验证方法,并且拒绝所有 pppd 可用的密码方法...reject-eap rejection-chap rejection-mschap rejection-mschap-v​​2 您至少需要接受一种...

您的问题在这里:8 月 21 日 18:56:33.659 xl2tpd[5488]:连接到主机 vpn.obeohealth.com,端口 1701 8 月 21 日 18:56:38.665 xl2tpd[5488]:隧道 47541 的最大重试次数已超过。正在关闭。8 月 21 日 18:56:38.665 [错误 410] 尝试连接“MYCO-VPN”超时

这意味着您无法建立 L2 隧道,可能是因为您的 IPSec 连接尚未建立。

您可以打开 L2TP 中的调试来帮助您,并且您还应该检查冥王星日志。

相关内容