L2TP / IPsec VPN Debian / Ubuntu IPsec无法协商或建立安全关联

0

我花了2天的时间来配置和计算这个L2TP / IPsec VPN设置有什么问题。我在我的VPS服务器上使用Debian 8.6,在笔记本电脑上的虚拟机上使用Ubuntu 14.04.5。在我的VPS上使用Strongswan进行IKE,xl2tpd和ppp。我有来自Charon的错误称为“没有为我的VPS IP地址找到共享密钥 - 我的IP地址”,您可以在日志中查看此日志。这是来自我的Debian,Ubuntu和文件内容的文件和日志,我不知道什么是错的。我认为它的小错误或遗漏了我在这里看不到的东西。

journalctl log http://i.imgur.com/TynjKk3.png

/etc/ipsec.conf

config setup
    # strictcrlpolicy=yes
    # uniqueids = no

# Add connections here.
conn vpnserver
        type=transport
        authby=secret
        pfs=no
        rekey=no
        keyingtries=1
        left=%any
        leftprotoport=udp/l2tp
        #leftid=@vpn.example.com
        right=%any
        rightprotoport=udp/%any
        auto=add

/etc/ipsec.secrets

MY VPS IP ADDRESS%any:PSK“testkeyy1234”

/etc/xl2tpd/xl2tpd.conf

[全球]

listen-addr = access control = no debug avp = yes debug network = yes debug state = yes debug tunnel = yes

[lns默认]

ip range = 192.168.200.100-192.168.200.110
local ip = 192.168.200.10

拒绝pap = yes拒绝chap = no
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = / etc / ppp / xl2tpd-options
length bit = yes

/etc/ipsec.d/l2tp-psk.conf

conn L2TP-PSK-NAT
rightsubnet = vhost:%priv
也= L2TP-PSK-noNAT

conn L2TP-PSK-noNAT

authby = secret
pfs = no
auto = add
keyingtries = 3 rekey = no
dpddelay = 10
dpdtimeout = 90
dpdaction = clear
ikelifetime = 8h keylife = 1h
type = transport
left = GATEWAY IP
leftprotoport = 17/1701

right =%any
rightprotoport = 17 /%any

conn passthrough-for-non-l2tp

    type=passthrough
    left=<MY VPS IP ADDRESS>
    leftnexthop=<MY VPS GATEWAY ADDRESS>
    right=0.0.0.0
    rightsubnet=0.0.0.0/0
    auto=route

在/ etc / ppp / xl2tpd选项

mru 1280
mtu 1280
require-mschap-v​​2
auth
nodefaultroute
lock proxyarp
require-chap
ms-dns 8.8.8.8
ms-dns 8.8.4.4

在/ etc / ppp / chap-secrets中

用户l2tpd密码*

这是从Ubuntu连接信息的日志我有错误300 comunicate

Linux日志 http://i.imgur.com/ET2scWn.png

我检查了ipsec verify命令,它没有给我任何错误。这是其余的ubuntu文件内容:

/etc/ipsec.secrets

%MY VPS IP ADDRESS:PSK“testkeyy1234”

/etc/ipsec.conf

版本2.0
配置设置

    plutodebug=none
    strictcrlpolicy=no
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
    protostack=netkey

conn%默认值

    keyingtries=3
    pfs=no
    rekey=yes
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701 conn test      authby=secret
    right=<MY VPS IP ADDRESS>
    rightid="<MY VPS IP ADDRESS>"
    auto=add

/etc/xl2tpd/xl2tpd.conf

[全球]

debug avp = no
debug network = no
debug packet = no debug state = no
debug tunnel = no

[lac test]
lns = MY VPS IP ADDRESS
pppoptfile = /etc/ppp/test.options.xl2tpd
length bit = yes
redial = no

/etc/ppp/test.options.xl2tpd

插件passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock hide-password
modem
noipx

ipparam L2tpIPsecVpn-test
promptprog“/ usr / bin / L2tpIPsecVpn”

拒绝垃圾 -
垃圾

remotename“”
名称“用户”

ubuntu  debian  vpn  ipsec  l2tp 
雅各
source

Answers:

0

看起来你没有在结肠前面放一个空格%any: PSK。冒号两侧必须至少有一个空格字符(除非冒号开始行),否则strongSwan的笔画插件将无法加载秘密。

ECDSA
source
谢谢你的工作。我在IP之前在服务器文件上放置空格,在%之后现在看起来像:(空格)IP%any:PSK“password”。在我的ubuntu现在它看起来像:(没有空格)%任何IP:PSK“密码”。问题解决了。
雅各布
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.