leo*_*ame 6 ipsec strongswan ubuntu-16.04
我正在尝试使用 strongswan 客户端将 Ubuntu Server 16.04 连接到 IPSec L2TP VPN。
显然连接建立成功,但没有创建接口 ppp0。
这是结果sudo ipsec up myconnection:
initiating Main Mode IKE_SA myconnection[2] to 116.38.129.101
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (212 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (132 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.0.104[500] to 116.38.129.101[500] (244 bytes)
received packet: from 116.38.129.101[500] to 192.168.0.104[500] (236 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (100 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (68 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myconnection[2] established between 192.168.0.104[192.168.0.104]...116.38.129.101[116.38.129.101]
scheduling reauthentication in 10033s
maximum IKE_SA lifetime 10573s
generating QUICK_MODE request 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.0.104[4500] to 116.38.129.101[4500] (220 bytes)
received packet: from 116.38.129.101[4500] to 192.168.0.104[4500] (188 bytes)
parsed QUICK_MODE response 1590491286 [ HASH SA No ID ID NAT-OA NAT-OA ]
connection 'myconnection' established successfully
任何提示?
首先检查uname -a您的 Linux 内核版本,如果您有4.14,我有坏消息给您:您的内核有缺陷。看起来4.13不错,而且也不错4.15,但不是4.14。请参阅libreswan 错误报告中的答案。
无论如何,您也可以尝试网络管理器。安装network-manager-l2tp软件包。
以下是您可以保存的有效 NetworkManager VPN 文件的示例/etc/NetworkManager/system-connections/MY_DAMN_VPN:
[connection]
id=MY_DAMN_VPN
uuid=very-random-stuff
type=vpn
[vpn]
gateway=IP_OF_MY_DAMN_VPN
ipsec-enabled=yes
ipsec-esp=aes256-sha1,aes128-sha1,3des-sha1!
ipsec-ike=aes256-sha1-ecp384,aes128-sha1-ecp256,3des-sha1-modp1536!
ipsec-psk=MY_SUPER_SECRET_SHARED_PASSWORD
password-flags=0
user=local-vpn
service-type=org.freedesktop.NetworkManager.l2tp
[vpn-secrets]
password=MY_SUPER_SECRET_PASSWORD
[ipv4]
dns-search=
method=auto
never-default=true
然后重新启动网络管理器并激活 VPN:
systemctl restart NetworkManager
nmcli connection up MY_DAMN_VPN
这个东西已经在 Debian GNU/Linux buster 和该死的 Microsoft Windows VPN 服务器上进行了测试。
祝你好运!
聚苯乙烯
不要尝试使用 OpenVPN 与专有 VPN 服务器通信:OpenVPN 基于 TLS 技术(因为它考虑到了安全性)。L2TP/IPsec 好像不是。[1]
[1]: https: //en.wikipedia.org/wiki/IPsec从 Wikipedia 您可以进一步了解 NSA 对 IPsec 的干扰,这要归功于一些相关来源。
| 归档时间: |
|
| 查看次数: |
3818 次 |
| 最近记录: |