Ubuntu
我無法從 Windows 和 Android 客戶端連接到我的 L2TP 伺服器
在我的 Ubuntu 16.04 伺服器
xl2tpd
上執行成功。我的
/etc/ipsec.conf
:version 2.0 config setup nat_traversal=yes oe=off protostack=netkey conn L2TP-PSK authby=secret pfs=no rekey=no type=tunnel esp=aes128-sha1 ike=aes128-sha-modp1024 ikelifetime=8h keylife=1h left=51.15.67.126 leftnexthop=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any rightsubnetwithin=0.0.0.0/0 auto=add dpddelay=30 dpdtimeout=120 dpdaction=clear
我的
/etc/ipsec.secrets
:%any %any: PSK "MySecret"
我的
/etc/xl2tpd/xl2tpd.conf
:[global] ipsec saref = yes [lns default] ip range = 192.168.1.231-192.168.1.239 local ip = 192.168.1.230 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = no pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
我的
/etc/ppp/options.xl2tpd
:require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4
我的
/etc/ppp/chap-secrets
:* * MyText *
我的
/etc/rc.local
:echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
journalctl -xe
輸出:Jun 05 14:29:07 vkmarket.ru kernel: random: nonblocking pool is initialized Jun 05 14:29:08 vkmarket.ru charon[3375]: 11[NET] received packet: from 92.63.69.35[478] to 10.8.76.29[500] (444 bytes) Jun 05 14:29:08 vkmarket.ru charon[3375]: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V ] Jun 05 14:29:08 vkmarket.ru charon[3375]: 11[IKE] no IKE config found for 10.8.76.29...92.63.69.35, sending NO_PROPOSAL_CHOSEN Jun 05 14:29:08 vkmarket.ru charon[3375]: 11[ENC] generating INFORMATIONAL_V1 request 1643143040 [ N(NO_PROP) ] Jun 05 14:29:08 vkmarket.ru charon[3375]: 11[NET] sending packet: from 10.8.76.29[500] to 92.63.69.35[478] (40 bytes) Jun 05 14:29:11 vkmarket.ru charon[3375]: 12[NET] received packet: from 92.63.69.35[478] to 10.8.76.29[500] (444 bytes) Jun 05 14:29:11 vkmarket.ru charon[3375]: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V ] Jun 05 14:29:11 vkmarket.ru charon[3375]: 12[IKE] no IKE config found for 10.8.76.29...92.63.69.35, sending NO_PROPOSAL_CHOSEN Jun 05 14:29:11 vkmarket.ru charon[3375]: 12[ENC] generating INFORMATIONAL_V1 request 2523483634 [ N(NO_PROP) ] Jun 05 14:29:11 vkmarket.ru charon[3375]: 12[NET] sending packet: from 10.8.76.29[500] to 92.63.69.35[478] (40 bytes) Jun 05 14:29:14 vkmarket.ru charon[3375]: 13[NET] received packet: from 92.63.69.35[478] to 10.8.76.29[500] (444 bytes) Jun 05 14:29:14 vkmarket.ru charon[3375]: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V ] Jun 05 14:29:14 vkmarket.ru charon[3375]: 13[IKE] no IKE config found for 10.8.76.29...92.63.69.35, sending NO_PROPOSAL_CHOSEN Jun 05 14:29:14 vkmarket.ru charon[3375]: 13[ENC] generating INFORMATIONAL_V1 request 3268885545 [ N(NO_PROP) ] Jun 05 14:29:14 vkmarket.ru charon[3375]: 13[NET] sending packet: from 10.8.76.29[500] to 92.63.69.35[478] (40 bytes) Jun 05 14:29:36 vkmarket.ru systemd[1]: sys-subsystem-net-devices-eth0.device: Job sys-subsystem-net-devices-eth0.device/start timed out. Jun 05 14:29:36 vkmarket.ru systemd[1]: Timed out waiting for device sys-subsystem-net-devices-eth0.device. -- Subject: Unit sys-subsystem-net-devices-eth0.device has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit sys-subsystem-net-devices-eth0.device has failed. -- -- The result is timeout. Jun 05 14:29:36 vkmarket.ru systemd[1]: sys-subsystem-net-devices-eth0.device: Job sys-subsystem-net-devices-eth0.device/start failed with result 'timeout'. Jun 05 14:29:36 vkmarket.ru systemd[1]: Startup finished in 19.348s (kernel) + 1min 30.912s (userspace) = 1min 50.261s. -- Subject: System start-up is now complete -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- All system services necessary queued for starting at boot have been -- successfully started. Note that this does not mean that the machine is -- now idle as services might still be busy with completing start-up. -- -- Kernel start-up required 19348529 microseconds. -- -- Initial RAM disk start-up required INITRD_USEC microseconds. -- -- Userspace start-up required 90912634 microseconds. Jun 05 14:35:01 vkmarket.ru CRON[3950]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 05 14:35:01 vkmarket.ru CRON[3954]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) Jun 05 14:35:01 vkmarket.ru CRON[3950]: pam_unix(cron:session): session closed for user root Jun 05 14:43:08 vkmarket.ru systemd[1]: Starting Cleanup of Temporary Directories... -- Subject: Unit systemd-tmpfiles-clean.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit systemd-tmpfiles-clean.service has begun starting up. Jun 05 14:43:08 vkmarket.ru systemd-tmpfiles[3979]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jun 05 14:43:08 vkmarket.ru systemd[1]: Started Cleanup of Temporary Directories. -- Subject: Unit systemd-tmpfiles-clean.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit systemd-tmpfiles-clean.service has finished starting up. -- -- The start-up result is done.
在您的日誌中,我看不到 xl2tp 執行的證據,可能服務未啟動或未啟動(配置錯誤?)。
試試這個設置,對我幫助很大:(來源:strongSwan + xl2tpd VPN 伺服器:如何配置幾個配置文件?)
不要使用激進模式,連接會不太安全。無論如何嘗試使用此配置。我用 strongswan-5.3.5 和 xl2tpd-1.3.6 在我的 VPN 伺服器上使用它
ipsec.conf
config setup cachecrls=yes uniqueids=yes charondebug="" conn %default keyingtries=%forever dpddelay=30s dpdtimeout=120s conn L2TP dpdaction=clear #Server IP left=192.168.1.130 #Server default gateway leftnexthop=192.168.1.254 leftprotoport=17/1701 rightprotoport=17/%any right=%any rightsubnet=0.0.0.0/0 leftauth=psk rightauth=psk leftid="<insert-the-public-ip-here>" ikelifetime=1h keylife=8h ike=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024 esp=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024 auto=add keyexchange=ike type=transport conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore
ipsec.secrets
<insert-the-left-id-here> %any : PSK "<my-password>"
/etc/xl2tpd/xl2tpd.conf
[global] ipsec saref = no debug tunnel = no debug avp = no debug network = no debug state = no [lns default] ip range = 10.0.0.20-10.0.0.30 local ip = 10.0.0.1 require authentication = yes name = l2tp pass peer = yes ppp debug = no pppoptfile = /etc/ppp/options.xl2tpd length bit = yes unix authentication = yes
/etc/ppp/options.xl2tpd
ipcp-accept-local ipcp-accept-remote ms-dns 10.0.0.1 auth idle 1800 mtu 1200 mru 1200 nodefaultroute lock proxyarp connect-delay 5000 name l2tpd ifname l2tp login
/etc/ppp/chap-secrets
username * "l2tppassword" *
重啟服務
sudo service strongswan restart sudo service xl2tpd restart