在某个时候(记不清具体时间了),我的 L2TP VPN 在 Ubuntu 20.04 上停止工作了。以下是 journactl 的输出
apr 07 19:14:35 GS66 NetworkManager[312934]: Stopping strongSwan IPsec failed: starter is not running
apr 07 19:14:37 GS66 NetworkManager[312931]: Starting strongSwan 5.8.2 IPsec [starter]...
apr 07 19:14:37 GS66 NetworkManager[312931]: Loading config setup
apr 07 19:14:37 GS66 NetworkManager[312931]: Loading conn 'b7b9df74-4fbf-408c-bd6e-91dcd1787e3a'
apr 07 19:14:37 GS66 ipsec_starter[312931]: Starting strongSwan 5.8.2 IPsec [starter]...
apr 07 19:14:37 GS66 ipsec_starter[312931]: Loading config setup
apr 07 19:14:37 GS66 ipsec_starter[312931]: Loading conn 'b7b9df74-4fbf-408c-bd6e-91dcd1787e3a'
apr 07 19:14:37 GS66 ipsec_starter[312948]: Attempting to start charon...
apr 07 19:14:37 GS66 charon[312949]: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.11.0-27-generic, x86_64)
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
apr 07 19:14:37 GS66 charon[312949]: 00[CFG] loaded IKE secret for %any
apr 07 19:14:37 GS66 charon[312949]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
apr 07 19:14:37 GS66 charon[312949]: 00[LIB] dropped capabilities, running as uid 0, gid 0
apr 07 19:14:37 GS66 charon[312949]: 00[JOB] spawning 16 worker threads
apr 07 19:14:37 GS66 ipsec_starter[312948]: charon (312949) started after 40 ms
apr 07 19:14:37 GS66 charon[312949]: 05[CFG] received stroke: add connection 'b7b9df74-4fbf-408c-bd6e-91dcd1787e3a'
apr 07 19:14:37 GS66 charon[312949]: 05[CFG] added configuration 'b7b9df74-4fbf-408c-bd6e-91dcd1787e3a'
apr 07 19:14:38 GS66 charon[312949]: 07[CFG] rereading secrets
apr 07 19:14:38 GS66 charon[312949]: 07[CFG] loading secrets from '/etc/ipsec.secrets'
apr 07 19:14:38 GS66 charon[312949]: 07[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
apr 07 19:14:38 GS66 charon[312949]: 07[CFG] loaded IKE secret for %any
apr 07 19:14:38 GS66 charon[312949]: 09[CFG] received stroke: initiate 'b7b9df74-4fbf-408c-bd6e-91dcd1787e3a'
apr 07 19:14:38 GS66 charon[312949]: 11[IKE] initiating Main Mode IKE_SA b7b9df74-4fbf-408c-bd6e-91dcd1787e3a[1] to X.Y.X.Y
apr 07 19:14:38 GS66 charon[312949]: 11[IKE] initiating Main Mode IKE_SA b7b9df74-4fbf-408c-bd6e-91dcd1787e3a[1] to X.Y.X.Y
apr 07 19:14:38 GS66 charon[312949]: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
apr 07 19:14:38 GS66 charon[312949]: 11[NET] sending packet: from 127.0.0.1[500] to X.Y.X.Y[500] (532 bytes)
apr 07 19:14:42 GS66 charon[312949]: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
apr 07 19:14:42 GS66 charon[312949]: 12[NET] sending packet: from 127.0.0.1[500] to X.Y.X.Y[500] (532 bytes)
apr 07 19:14:48 GS66 NetworkManager[313076]: Stopping strongSwan IPsec...
apr 07 19:14:48 GS66 charon[312949]: 00[DMN] signal of type SIGINT received. Shutting down
apr 07 19:14:48 GS66 charon[312949]: 00[IKE] destroying IKE_SA in state CONNECTING without notification
apr 07 19:14:48 GS66 NetworkManager[312978]: initiating Main Mode IKE_SA b7b9df74-4fbf-408c-bd6e-91dcd1787e3a[1] to X.Y.X.Y
apr 07 19:14:48 GS66 NetworkManager[312978]: generating ID_PROT request 0 [ SA V V V V V ]
apr 07 19:14:48 GS66 NetworkManager[312978]: sending packet: from 127.0.0.1[500] to X.Y.X.Y[500] (532 bytes)
apr 07 19:14:48 GS66 NetworkManager[312978]: sending retransmit 1 of request message ID 0, seq 1
apr 07 19:14:48 GS66 NetworkManager[312978]: sending packet: from 127.0.0.1[500] to X.Y.X.Y[500] (532 bytes)
apr 07 19:14:48 GS66 NetworkManager[312978]: destroying IKE_SA in state CONNECTING without notification
apr 07 19:14:48 GS66 NetworkManager[312978]: establishing connection 'b7b9df74-4fbf-408c-bd6e-91dcd1787e3a' failed
apr 07 19:14:48 GS66 ipsec_starter[312948]: child 312949 (charon) has quit (exit code 0)
我搜索了互联网,但找不到有效的解决方案。我重新安装了 networkmanager-lt2p 插件,但还是没用。
在将输出与 VPN 连接正在运行的 VM 进行比较后,我注意到一个奇怪的事情,那就是数据包是从哪个地址发送的。
似乎正在设置数据包来自 127.0.0.1这很奇怪(在所有其他环境中,IP 来自网络接口而不是环回)。
答案1
看来我的路由表出了问题。lo 接口具有最高优先级,并且是默认路由,导致 VPN 连接尝试使用该路由。由于该消息没有超出我的计算机(因为 127.0.0.1 不会超出 PC),因此我无法连接到 VPN
解决方案是修改路由表,使我的本地 IP 路由具有更高的优先级,并将其设置为默认路由