Vpn
OpenWRT StrongSwan IPsec 客戶端連接(“使用者”(我自己)的 XAuth 身份驗證失敗)
我正在嘗試配置我的 OpenWRT 路由器以連接到遠端 VPN 伺服器。我擁有的憑據是正確的,但由於某種原因,連接無法在路由器上進行身份驗證。這是我的配置
/etc/ipsec.conf
conn l2tpconn keyexchange=ikev1 authby=xauthpsk xauth=client left=%defaultroute leftsourceip=%config leftfirewall=yes leftauth=psk leftauth2=xauth leftid=user right=<server_ip> rightsubnet=0.0.0.0/0 rightauth=psk rightauth2=xauth auto=add
/etc/ipsec.secrets
%any <server_ip> : PSK 'secret' 'user' : XAUTH 'password'
日誌
initiating Main Mode IKE_SA l2tpconn[39] to <server_ip> generating ID_PROT request 0 [ SA V V V V ] sending packet: from 192.168.1.18[500] to <server_ip>[500] (224 bytes) received packet: from <server_ip>[500] to 192.168.1.18[500] (156 bytes) parsed ID_PROT response 0 [ SA V V V V ] received DPD vendor ID received FRAGMENTATION vendor ID received XAuth vendor ID received NAT-T (RFC 3947) vendor ID generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 192.168.1.18[500] to <server_ip>[500] (372 bytes) received packet: from <server_ip>[500] to 192.168.1.18[500] (372 bytes) parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] local host is behind NAT, sending keep alives remote host is behind NAT generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (92 bytes) received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes) parsed ID_PROT response 0 [ ID HASH ] received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes) parsed TRANSACTION request 2614881849 [ HASH CPRQ(X_USER X_PWD) ] generating TRANSACTION response 2614881849 [ HASH CPRP(X_USER X_PWD) ] sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (108 bytes) received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes) parsed TRANSACTION request 645236074 [ HASH CPS(X_STATUS) ] XAuth authentication of 'user' (myself) failed generating TRANSACTION response 645236074 [ HASH CPA(X_STATUS) ] sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (76 bytes) establishing connection 'l2tpconn' failed
也許這很簡單,我很想念它,但是如果你們都有任何非常有幫助的建議。謝謝。
所以,我弄清楚了我的問題是什麼,它是不同事物的結合。
- 我沒有意識到伺服器正在將 XAUTH 請求記錄到 /var/log/auth.log 我以為它在 /var/log/syslog
- 閱讀日誌後,我注意到它正在檢查 /etc/ipsec.d/passwd 中的憑據,而不是像我想的那樣檢查 /etc/ppp/chap-secrets 中的憑據,無論出於何種原因。
然後我將我的使用者名和散列密碼(openssl passwd -1 “password”)添加到 /etc/ipconf.d/passwd 並且它起作用了。