尝试连接 PPTP 和 l2TP 时，NetworkManager 显示“激活网络连接失败”

2024-6-4 • tag-icon

尝试连接 PPTP 和 l2TP 时，NetworkManager 显示“激活网络连接失败”

这是我的日志：

Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 28 12:30:07 MEHRDADSYS systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS whack: 002 shutting down
Nov 28 12:30:07 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 28 12:30:07 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst  via 172.30.12.1 dev wlp3s0 src  table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via  dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via  dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.177 via  dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.13.255 via  dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.1 via  dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set addr: 172.30.12.177
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 28 12:30:08 MEHRDADSYS dbus-daemon: 'list' object has no attribute 'split'
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: Plugin Exception restorecon_source
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/bin/systemctl from read access on the directory journal. For complete SELinux messages. run sealert -l 3bb108a2-b0ed-40c3-928c-035ab49c8432
Nov 28 12:30:08 MEHRDADSYS python: SELinux is preventing /usr/bin/systemctl from read access on the directory journal.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that systemctl should be allowed read access on the journal directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep systemctl /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 28 12:30:09 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 28 12:30:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 28 12:30:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 28 12:30:17 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info>  [1511859617.9235] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info>  [1511859617.9305] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <warn>  [1511859617.9327] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 28 12:30:18 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process. For complete SELinux messages. run sealert -l 5e3bc0ea-8c25-4d72-8e96-c9116a34c7de
Nov 28 12:30:18 MEHRDADSYS python: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that nm-l2tp-service should be allowed signull access on processes labeled ipsec_mgmt_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep nm-l2tp-service /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:23 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 28 12:30:39 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 32000ms for response
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 031 "ad863ada-231b-4179-948d-42063a8291ba" #1: max number of retransmissions (8) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKEv1 message
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 000 "ad863ada-231b-4179-948d-42063a8291ba" #1: starting keying attempt 2 of an unlimited number, but releasing whack

更新：

禁用SELinux后的日志：

Nov 30 02:45:50 MEHRDADSYS systemd: Starting Hostname Service...
Nov 30 02:45:50 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS systemd: Started Hostname Service.
Nov 30 02:46:57 MEHRDADSYS obexd[4675]: OBEX daemon 5.23
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info>  [1511997548.5713] audit: op="connection-activate" uuid="ad863ada-231b-4179-948d-42063a8291ba" name="VPN 1" pid=2638 uid=1000 result="success"
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info>  [1511997548.5866] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Started the VPN service, PID 4813
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info>  [1511997548.6180] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Saw the service appear; activating connection
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info>  [1511997548.8160] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Nov 30 02:49:08 MEHRDADSYS journal: Check port 1701
Nov 30 02:49:08 MEHRDADSYS NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Nov 30 02:49:09 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 30 02:49:09 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:09 MEHRDADSYS kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: NET: Registered protocol family 15
Nov 30 02:49:09 MEHRDADSYS kernel: IPv4 over IPsec tunneling driver
Nov 30 02:49:09 MEHRDADSYS NetworkManager[936]: <info>  [1511997549.9890] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
Nov 30 02:49:10 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 30 02:49:10 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 30 02:49:11 MEHRDADSYS kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Nov 30 02:49:11 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 30 02:49:11 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst  via 172.30.12.1 dev wlp3s0 src  table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via  dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via  dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.192 via  dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.13.255 via  dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.1 via  dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set addr: 172.30.12.192
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 30 02:49:12 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 30 02:49:13 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 30 02:49:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 30 02:49:19 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 30 02:49:21 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info>  [1511997561.1745] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info>  [1511997561.1779] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <warn>  [1511997561.1795] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 30 02:49:27 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS systemd: Starting Fingerprint Authentication Daemon...
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS systemd: Started Fingerprint Authentication Daemon.
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS fprintd: Launching FprintObject
Nov 30 02:49:30 MEHRDADSYS journal: D-Bus service launched with name: net.reactivated.Fprint
Nov 30 02:49:30 MEHRDADSYS journal: entering main loop

答案1

我认为问题出在 SELinux 上，我认为 Ubuntu 上没有针对 strongswan、xl2tpd、pptpd 等的任何 SELinux 策略。

Ubuntu 通常使用 AppArmor 而不是 SELinux，并且已安装适当的 AppArmor 配置文件。

更新：

当前的问题是您的 VPN 服务器正在使用 libreswan（和 strongswan）认为过时且有缺陷的算法，请参阅：

https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithms

正确的解决方法是重新配置 VPN 服务器以使用更强大的算法。

但是您可以在该页面上找到使用 3DES、SHA1 和 MODP1024 失效算法的 VPN 服务器的解决方法示例。

您可以使用ike-scan.sh以下页面中的脚本向VPN服务器查询其支持的算法：

https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-supported-ipsec-ikev1-algorithms

答案1

相关内容