从 Ubuntu 20 升级到 22 后 L2TP IPSEC 不起作用

tag-icon tag-icon networking network-manager vpn ipsec l2tp
从 Ubuntu 20 升级到 22 后 L2TP IPSEC 不起作用

我在 Ubuntu20 上进行了配置,运行良好。最近我将系统升级到 Ubuntu 22.04,但现在无法连接到办公室 vpn。

我正在附上日志

journalctl-xe

May 03 12:59:27  pluto[20972]: adding interface wlp0s20f3/wlp0s20f3 192.168.0.108:4500
May 03 12:59:27  pluto[20972]: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
May 03 12:59:27  pluto[20972]: adding interface lo/lo 127.0.0.1:4500
May 03 12:59:27  pluto[20972]: adding interface lo/lo (esp-hw-offload not supported by kernel) [::1]:500
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.secrets"
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 03 12:59:27  pluto[20972]: listening for IKE messages
May 03 12:59:27  NetworkManager[20983]: 002 listening for IKE messages
May 03 12:59:27  NetworkManager[20983]: 002 forgetting secrets
May 03 12:59:27  NetworkManager[20983]: 002 loading secrets from "/etc/ipsec.secrets"
May 03 12:59:27  NetworkManager[20983]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 03 12:59:27  pluto[20972]: forgetting secrets
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.secrets"
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 03 12:59:27  NetworkManager[20989]: debugging mode enabled
May 03 12:59:27  NetworkManager[20989]: end of file /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May 03 12:59:27  NetworkManager[20989]: Loading conn 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May 03 12:59:27  NetworkManager[20989]: starter: left is KH_DEFAULTROUTE
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdns=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdomains=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgbanner=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-in=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-out=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" vti_iface=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" redirect-to=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" accept-redirect-to=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" esp=aes256-sha1,aes128-sha1,3des-sha1
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" ike=3des-sha1;modp1024
May 03 12:59:27  NetworkManager[20989]: opening file: /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May 03 12:59:27  NetworkManager[20989]: loading named conns: 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May 03 12:59:27  NetworkManager[20989]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
May 03 12:59:27  NetworkManager[20989]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
May 03 12:59:27  NetworkManager[20989]: dst  via 192.168.0.1 dev wlp0s20f3 src  table 254
May 03 12:59:27  NetworkManager[20989]: set nexthop: 192.168.0.1
May 03 12:59:27  NetworkManager[20989]: dst 169.254.0.0 via  dev wlp0s20f3 src  table 254
May 03 12:59:27  NetworkManager[20989]: dst 172.17.0.0 via  dev docker0 src 172.17.0.1 table 254
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.0 via  dev wlp0s20f3 src 192.168.0.108 table 254
May 03 12:59:27  NetworkManager[20989]: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 172.17.0.1 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 172.17.255.255 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.108 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.255 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
May 03 12:59:27  NetworkManager[20989]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.1 via  dev wlp0s20f3 src 192.168.0.108 table 254
May 03 12:59:27  NetworkManager[20989]: set addr: 192.168.0.108
May 03 12:59:27  NetworkManager[20989]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
May 03 12:59:27  pluto[20972]: Failed to add connection "362cefc3-d0c3-40eb-8259-0d4ad4c16c58": ike string error: IKE DH algorithm 'modp1024' is not supported
May 03 12:59:27  nm-l2tp-service[20671]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed`enter

系统日志

May  3 13:11:40  nm-l2tp-service[21869]: Check port 1701
May  3 13:11:40  nm-l2tp-service[21869]: Can't bind to port 1701
May  3 13:11:40  NetworkManager[21881]: Redirecting to: systemctl restart ipsec.service
May  3 13:11:40  systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May  3 13:11:40  whack[21885]: 002 shutting down
May  3 13:11:40  systemd[1]: ipsec.service: Deactivated successfully.
May  3 13:11:40  systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May  3 13:11:40  systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May  3 13:11:40  ipsec[22159]: nflog ipsec capture disabled
May  3 13:11:40  systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May  3 13:11:40  NetworkManager[22181]: 002 listening for IKE messages
May  3 13:11:40  NetworkManager[22181]: 002 forgetting secrets
May  3 13:11:40  NetworkManager[22181]: 002 loading secrets from "/etc/ipsec.secrets"
May  3 13:11:40  NetworkManager[22181]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May  3 13:11:41  NetworkManager[22187]: debugging mode enabled
May  3 13:11:41  NetworkManager[22187]: end of file /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May  3 13:11:41  NetworkManager[22187]: Loading conn 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May  3 13:11:41  NetworkManager[22187]: starter: left is KH_DEFAULTROUTE
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdns=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdomains=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgbanner=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-in=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-out=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" vti_iface=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" redirect-to=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" accept-redirect-to=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" esp=aes256-sha1,aes128-sha1,3des-sha1
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" ike=3des-sha1;modp1024
May  3 13:11:41  NetworkManager[22187]: opening file: /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May  3 13:11:41  NetworkManager[22187]: loading named conns: 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May  3 13:11:41  NetworkManager[22187]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
May  3 13:11:41  NetworkManager[22187]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
May  3 13:11:41  NetworkManager[22187]: dst  via 192.168.0.1 dev wlp0s20f3 src  table 254
May  3 13:11:41  NetworkManager[22187]: set nexthop: 192.168.0.1
May  3 13:11:41  NetworkManager[22187]: dst 169.254.0.0 via  dev wlp0s20f3 src  table 254
May  3 13:11:41  NetworkManager[22187]: dst 172.17.0.0 via  dev docker0 src 172.17.0.1 table 254
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.0 via  dev wlp0s20f3 src 192.168.0.108 table 254
May  3 13:11:41  NetworkManager[22187]: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 172.17.0.1 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 172.17.255.255 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.108 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.255 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
May  3 13:11:41  NetworkManager[22187]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.1 via  dev wlp0s20f3 src 192.168.0.108 table 254
May  3 13:11:41  NetworkManager[22187]: set addr: 192.168.0.108
May  3 13:11:41  NetworkManager[22187]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
May  3 13:11:41  nm-l2tp-service[21869]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
May  3 13:11:44  rtkit-daemon[1537]: Supervising 11 threads of 4 processes of 1 users.

我认为错误出在阶段 1 算法上。我没有使用阶段 2 算法。此外,升级后我还没有更改 VPN 配置

我的 xl2tpd 版本

$ apt list xl2tpd -a    
Listing... Done
xl2tpd/jammy-updates,now 1.3.16-1ubuntu0.1 amd64 [installed]
xl2tpd/jammy 1.3.16-1 amd64

我是这个主题的新手,需要连接到 vpn 进行工作。任何指导都会有帮助。

相关内容