Ubuntu 16.04 VPN服务上的VPN L2TP / IPSec客户端无法启动

12

在Ubuntu 16.04上,我已经遵循了一些教程来重建网络管理器,它们也可以通过安装apt-get install network-manager-l2tp network-manager-l2tp-gnome

一直工作到昨天,直到随机消息说The VPN connection failed because the VPN service failed to start。配置上没有错误,因为在另一个Ubuntu 16.04和Windows 8.1中使用了相同的VPN凭据和主机。

/var/log/syslog

NetworkManager[899]: <info>  [1496143714.1953] audit: op="connection-activate" uuid="cac1651d-9cbd-4989-bc57-b9707ddd012a" name="VPNCS" pid=2295 uid=1000 result="success"
NetworkManager[899]: <info>  [1496143714.1973] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Started the VPN service, PID 5798
NetworkManager[899]: <info>  [1496143714.2013] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Saw the service appear; activating connection
NetworkManager[899]: <info>  [1496143714.2760] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[899]: nm-l2tp[5798] <info>  ipsec enable flag: yes
NetworkManager[899]: ** Message: Check port 1701
NetworkManager[899]: nm-l2tp[5798] <info>  starting ipsec
NetworkManager[899]: Stopping strongSwan IPsec...
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22167, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22168, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22169, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22170, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22171, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22172, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22173, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22174, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22175, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22176, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22177, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22178, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22179, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22180, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22181, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22182, major_opcode = 33, minor_opcode = 0
NetworkManager[899]: Starting strongSwan 5.5.2 IPsec [starter]...
NetworkManager[899]: Loading config setup
NetworkManager[899]: Loading conn 'cac1651d-9cbd-4989-bc57-b9707ddd012a'
NetworkManager[899]: found netkey IPsec stack
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 4.4.0-78-generic, x86_64)
NetworkManager[899]: nm-l2tp[5798] <warn>  IPsec service is not ready.
NetworkManager[899]: nm-l2tp[5798] <warn>  Could not establish IPsec tunnel.
NetworkManager[899]: (nm-l2tp-service:5798): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
NetworkManager[899]: <info>  [1496143732.4905] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state changed: stopped (6)
NetworkManager[899]: <info>  [1496143732.4929] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state change reason: unknown (0)
NetworkManager[899]: <info>  [1496143732.4952] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN service disappeared
NetworkManager[899]: <warn>  [1496143732.4971] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

我已经尝试过删除network-manager-l2tp-gnome打包并重新安装它们,但是我仍然遇到相同的错误。

可以解决吗?

16.04  networking  network-manager  vpn  ipsec 
法比亚诺
source

Answers:

14

我在开发人员的存储库中找到了解决方案。

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

版本1.2.6不再覆盖默认的IPsec密码,我怀疑您的VPN服务器使用的是旧密码,较新的strongSwan版本被认为已损坏。

请参阅README.md文件中用户指定的IPsec密码套件部分,以了解如何用您自己的IP地址补充StrongSwan默认密码:

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

我建议您安装ike-scan软件包,以检查您的VPN服务器正在宣传其支持的密码,例如:

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

因此,在此示例中,发布了一个破损的3DES密码,在IPsec对话框的1.2.6版的高级部分中,添加以下内容:

  • 阶段1算法:3des-sha1-modp1024

  • 阶段2算法:3des-sha1

在完成所有步骤后,您必须建立L2TP连接。

PRIHLOP
source
救生员!我想补充一点,如果您运行sudo ike-scan <address>并且返回有关绑定和已在使用中的端口的信息,则可能systemctl stop strongswan还不够,charon并且仍在运行。可以确认正在运行sudo netstat -npl并检查上方的块,其中显示了正在使用的进程和端口。我完全可以停止charon的运行sudo service strongswan stop,不确定为什么行为会有所不同systemctl
法比亚诺
3
ca 的-s开关为ike-scan您节省了一些PID搜寻;)。它甚至可以节省您sudoike-scan -s 60066 <IP>
-brissou
我认为,因为Strongswan是一项“旧版”服务,因此systemctl脚本会转交给兼容性层,该兼容性层可能无法正确处理所有依赖项。我注意到systemctl停止不足以启用ike-scan时也遇到类似的问题。
dragon788
我只是在使用端口500的过程中遇到了另一个问题。这也使我的连接返回超时。在这种情况下,我通过尝试运行找到了它,ike-scan并说端口500已被使用。使用netstat -npl表明docker-proxy正在使用它。因为我不依赖docker,所以我停止了它,sudo service docker stop我可以成功连接到L2TP VPN。
法比亚诺
2

该答案特定于连接到L2TP / IP VPN上的Cisco Meraki帐户。该解决方案可在我的Ubuntu 16.04系统上使用。Pigman在此Meraki论坛主题上直接从答案中复制了所有说明。向他致敬,他救了我几个小时的无奈。

  1. 安装network-manager-l2tp: sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp和`sudo apt-get update sudo apt-get install network-manager-l2tp
  2. 如果使用gnome,请安装gnome插件(如果使用其他桌面环境,请查看其网络管理器是否有插件): sudo apt-get install network-manager-l2tp-gnome
  3. 重启
  4. 导航到设置>网络>单击+按钮>选择“第2层隧道协议(L2TP)”
  5. 为新的VPN连接命名
  6. 将主机名或地址放在网关字段中。
  7. 将用户名放在用户名字段中。
  8. 单击“密码”字段中的图标,然后选择如何提供密码的首选项。
  9. 单击IPSec设置...
  10. 单击“启用到L2TP主机的IPsec隧道”框
  11. 在“预共享密钥”字段中输入共享密钥。
  12. 将网关ID字段留空。
  13. 展开高级选项区域
  14. 在“阶段1算法”框中输入“ 3des-sha1-modp1024”。
  15. 在“阶段2算法”框中输入“ 3des-sha1”。
  16. 保持选中“强制UDP封装”复选框。
  17. 单击确定。
  18. 单击保存。
  19. 打开终端并输入以下命令以永久禁用xl2tpdservice: sudo service xl2tpd stop
  20. 还要输入以下内容: sudo systemctl disable xl2tpd
  21. 打开“网络设置”,然后尝试打开VPN。

从先前的答案中采取了一些步骤,只是为了万无一失

  1. sudo service strongswan stop
  2. sudo systemctl disable strongswan
  3. 您可以通过单击密码文本框右侧的图标来将密码保存在VPN配置页面上
twitu
source
1
谢谢,这对我有用。Linux Mint 19.2(U18.04)。我不必关闭Strongswan或xl2tpd,我只是在“网关ID”字段中输入了一个值,而这就是打破它的原因。对于工作TP-Link Box,它是3des-md5-modp1024。
亚伦·张伯伦
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.