这么简单的问题,为什么上班这么难?
这似乎令人难以置信,但我还没有找到一个真正有效的解决方案。这就是为什么我实际上再次问这个问题。
此处或其他任何地方对类似问题的建议答案均无效,不,没有。你会注意到他们都没有接受答案。所以这个问题不断被问到。我们能结束这种疯狂吗?
我真的很高兴这个问题成为社区维基,但我不知道该怎么做。我只想知道为了整个 Ubuntu 社区的利益,我们着手进行设置。一劳永逸。
这是一个如此通用的协议,但 Ubuntu 似乎严重滞后于对它的支持。即使它在 Windows 和 OSX 上开箱即用。看来我们必须在 Ubuntu 中跳起来。
有人可以分享您个人如何使用预共享密钥使 L2TP + IPSec 工作的秘密吗?我认为一个可靠的工作答案会让许多 Ubuntu 用户在晚上休息:)
干杯。
这是我尝试过的:
1. 强天鹅
apt-get install strongswan network-manager-strongswan
好吧,那太好了,UI 似乎不允许预共享密钥?!?!
2.网络管理器-l2tp
https://launchpad.net/~seriy-pr/+archive/ubuntu/network-manager-l2tp
这看起来很有希望,但不起作用。我收到以下错误。除此之外,它现在已被弃用,因为它使用了不再受支持的 openswan。现在我们有了 strongswan(也许 Ubuntu 开发人员需要切换到 workingswan!)
我想知道其中一些错误是否是因为我使用的是 AMD CPU?
Jul 2 14:44:00 xen ipsec_setup: Starting Openswan IPsec 2.6.38...
Jul 2 14:44:01 xen ipsec_setup: Using KLIPS/legacy stack
Jul 2 14:44:01 xen kernel: [ 49.125995] sha512_ssse3: Neither AVX nor SSSE3 is available/usable.
Jul 2 14:44:01 xen kernel: [ 49.152561] sha256_ssse3: Neither AVX nor SSSE3 is available/usable.
Jul 2 14:44:01 xen kernel: [ 49.172064] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.189713] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.207982] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.232719] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.261421] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.287047] AVX or AES-NI instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.307848] AVX or AES-NI instructions are not detected.
Jul 2 14:44:01 xen ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
Jul 2 14:44:01 xen ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY
Jul 2 14:44:01 xen kernel: [ 49.329498] NET: Registered protocol family 15
Jul 2 14:44:01 xen ipsec_setup: Using NETKEY(XFRM) stack
Jul 2 14:44:01 xen kernel: [ 49.403213] Initializing XFRM netlink socket
Jul 2 14:44:01 xen kernel: [ 49.501839] sha512_ssse3: Neither AVX nor SSSE3 is available/usable.
Jul 2 14:44:01 xen kernel: [ 49.516281] sha256_ssse3: Neither AVX nor SSSE3 is available/usable.
Jul 2 14:44:01 xen kernel: [ 49.539742] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.561641] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.579962] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.604578] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.621050] AVX instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.646920] AVX or AES-NI instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.667841] AVX or AES-NI instructions are not detected.
Jul 2 14:44:01 xen kernel: [ 49.686945] netlink: 24 bytes leftover after parsing attributes in process `ip'.
Jul 2 14:44:01 xen ipsec_setup: ...Openswan IPsec started
Jul 2 14:44:01 xen pluto: adjusting ipsec.d to /etc/ipsec.d
Jul 2 14:44:01 xen ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jul 2 14:44:01 xen NetworkManager[806]: <info> VPN connection 'OTOY Cluster' (Connect) reply received.
Jul 2 14:44:11 xen NetworkManager[806]: <warn> VPN plugin failed: 7
Jul 2 14:44:42 xen NetworkManager[806]: <warn> VPN connection 'OTOY Cluster' (IP Config Get) timeout exceeded.
Jul 2 14:44:42 xen NetworkManager[806]: <info> Policy set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS.
Jul 2 14:44:47 xen NetworkManager[806]: <info> VPN service 'l2tp' disappeared
Jul 2 14:51:35 xen kernel: [ 503.672175] netlink: 24 bytes leftover after parsing attributes in process `ip'.
Jul 2 14:51:35 xen kernel: [ 503.680945] ip_tables: (C) 2000-2006 Netfilter Core Team
Jul 2 14:51:35 xen kernel: [ 503.686441] ip6_tables: (C) 2000-2006 Netfilter Core Team
Jul 2 14:52:04 xen NetworkManager[806]: <info> Starting VPN service 'l2tp'...
Jul 2 14:52:04 xen NetworkManager[806]: <info> VPN service 'l2tp' started (org.freedesktop.NetworkManager.l2tp), PID 3589
Jul 2 14:52:04 xen NetworkManager[806]: <info> VPN service 'l2tp' appeared; activating connections
Jul 2 14:52:04 xen NetworkManager[806]: <info> VPN plugin state changed: starting (3)
Jul 2 14:52:04 xen ipsec_setup: Stopping Openswan IPsec...
Jul 2 14:52:05 xen kernel: [ 533.776479] netlink: 24 bytes leftover after parsing attributes in process `ip'.
Jul 2 14:52:05 xen kernel: [ 534.105661] NET: Unregistered protocol family 15
Jul 2 14:52:06 xen ipsec_setup: ...Openswan IPsec stopped
3. 还有其他一些
这些都涉及编辑 .conf 文件。这些都没有奏效。
好吧,我从来没有让它在 Ubuntu 14.04 上运行过。
但我找到了这个链接,它在 16.04 上完美运行
http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/
特别感谢作者 Zaid Daba'een
在 Ubuntu 16.04 上启用基于 IPSec 的 L2TP
自 Precise 以来,Ubuntu 已停止为 Ubuntu 提供基于 IPSec 的 L2TP 支持。使用 network-manager-l2tp 可以解决此问题。
首先,您必须安装先决条件:
sudo apt install \
intltool \
libtool \
network-manager-dev \
libnm-util-dev \
libnm-glib-dev \
libnm-glib-vpn-dev \
libnm-gtk-dev \
libnm-dev \
libnma-dev \
ppp-dev \
libdbus-glib-1-dev \
libsecret-1-dev \
libgtk-3-dev \
libglib2.0-dev \
xl2tpd \
strongswan
然后再次构建网络管理器:
git clone https://github.com/nm-l2tp/network-manager-l2tp.git
cd network-manager-l2tp
autoreconf -fi
intltoolize
Make sure no errors have occurred.
配置构建:
./configure \
--disable-static --prefix=/usr \
--sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu \
--libexecdir=/usr/lib/NetworkManager \
--localstatedir=/var \
--with-pppd-plugin-dir=/usr/lib/pppd/2.4.7
Make sure no errors occurred.
然后制作:
make
sudo make install
Remove AppArmor settings for IPSec:
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.stroke
将 x2ltpd 替换为 libpcap:
sudo apt remove xl2tpd
sudo apt install libpcap0.8-dev
wget https://github.com/xelerance/xl2tpd/archive/v1.3.6/xl2tpd-1.3.6.tar.gz
tar xvzf xl2tpd-1.3.6.tar.gz
cd xl2tpd-1.3.6
make
sudo make install
现在重新启动您的机器。
网络管理器现在应该可以选择使用 L2TP VPN 连接。
| 归档时间: |
|
| 查看次数: |
3542 次 |
| 最近记录: |