Назад | Перейти на главную страницу

Настройка VPN-соединения как на роутере, так и на ubuntu box

РЕДАКТИРОВАТЬ2

Тем временем я понял, что у меня другие проблемы.

Starting Nmap 7.60 ( https://nmap.org ) at 2020-02-28 15:11 CET
Nmap scan report for xxxxxxxx (xxx.xxx.xxx.xxx)
Host is up (0.054s latency).

PORT    STATE         SERVICE
500/udp open|filtered isakmp

Но для ike-scan -M xxx.xxx.xxx.xxx У меня есть:

0 returned handshake; 0 returned notify

Что может вызвать это?

ОРИГИНАЛ

Я безуспешно пытаюсь настроить L2TP / IPSec около двух дней назад. Я использую Ubuntu 18.04 LTS.

Простое L2TP соединение работает нормально, только IPSec нет.

Конфигурация роутера:

Tunnel Protocol: ESP
Remote Gateway IP: [the static IP address what we get from ISP, this is the xxx.xxx.xxx.xxx in the log below]
Local LAN/Mask: 192.168.0.0/24
Remote LAN/Mask: 192.168.10.0/24
Key negotiation method: Auto negotiation
Authentication Type: Shared key
Pre-shared Key: xxxxxxx

Period 1
Mode: Main
Encryption Algorithm: 3DES
Integrity Verification Algorithm: SHA 1
Diffie-Hellman Group: 1024
Key Expiration: 3600

Period 2

PFS: enabled
Encryption Algorithm: 3DES
Integrity Verification Algorithm: SHA 1
Diffie-Hellman Group: 768
Key Expiration: 3600

В моем ящике Ubuntu настройки IPsec:

Gateway ID: [empty]
Pre-shared key: [the given pre shared key]
Phase 1 Algorithms: 3des-sha1-modp1024
Phase 2 Algorithms: 3des-sha1
Enforce UDP encapsulation: none

Позвольте мне сказать вам, что я всегда включаю Enforce UDP-инкапсуляцию, но по какой-то причине она не сохраняется.

Может кто-нибудь мне помочь, что я не так?

РЕДАКТИРОВАТЬ:

Между тем, я перечислил поддерживаемые микросхемы, а * DES нет. Итак, я установил это на AES128-SHA1-modp1536 (и, конечно, я установил его на роутере). Результат такой же. Нет ответа от маршрутизатора.

И когда я хочу подключиться, у меня есть это в системном журнале:

Feb 28 11:18:11 mymachine NetworkManager[1025]: <info>  [1582885091.8643] vpn-connection[0x556016a220e0,30257b76-90ca-49bb-9c13-999c1babc8d8,"L2TP with IPSec",0]: Saw the service appear; activating connection
Feb 28 11:18:11 mymachine NetworkManager[1025]: <info>  [1582885091.8677] vpn-connection[0x556016a220e0,30257b76-90ca-49bb-9c13-999c1babc8d8,"L2TP with IPSec",0]: VPN connection: (ConnectInteractive) reply received
Feb 28 11:18:11 mymachine nm-l2tp-service[20999]: Check port 1701
Feb 28 11:18:11 mymachine NetworkManager[1025]: Stopping strongSwan IPsec failed: starter is not running
Feb 28 11:18:13 mymachine NetworkManager[1025]: Starting strongSwan 5.6.2 IPsec [starter]...
Feb 28 11:18:13 mymachine NetworkManager[1025]: Loading config setup
Feb 28 11:18:13 mymachine NetworkManager[1025]: Loading conn '30257b76-90ca-49bb-9c13-999c1babc8d8'
Feb 28 11:18:13 mymachine NetworkManager[1025]: found netkey IPsec stack
Feb 28 11:18:13 mymachine charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.3.0-40-generic, x86_64)
Feb 28 11:18:13 mymachine charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Feb 28 11:18:13 mymachine charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Feb 28 11:18:13 mymachine charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Feb 28 11:18:13 mymachine charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Feb 28 11:18:13 mymachine charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Feb 28 11:18:13 mymachine charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Feb 28 11:18:13 mymachine charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-30257b76-90ca-49bb-9c13-999c1babc8d8.secrets'
Feb 28 11:18:13 mymachine charon: 00[CFG]   loaded IKE secret for %any
Feb 28 11:18:13 mymachine charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a8ce8f20-6008-4eb3-b922-0086ad134989.secrets'
Feb 28 11:18:13 mymachine charon: 00[CFG]   loaded IKE secret for %any
Feb 28 11:18:13 mymachine charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Feb 28 11:18:13 mymachine charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Feb 28 11:18:13 mymachine charon: 00[JOB] spawning 16 worker threads
Feb 28 11:18:13 mymachine charon: 06[CFG] received stroke: add connection '30257b76-90ca-49bb-9c13-999c1babc8d8'
Feb 28 11:18:13 mymachine charon: 06[CFG] added configuration '30257b76-90ca-49bb-9c13-999c1babc8d8'
Feb 28 11:18:14 mymachine charon: 07[CFG] rereading secrets
Feb 28 11:18:14 mymachine charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Feb 28 11:18:14 mymachine charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-30257b76-90ca-49bb-9c13-999c1babc8d8.secrets'
Feb 28 11:18:14 mymachine charon: 07[CFG]   loaded IKE secret for %any
Feb 28 11:18:14 mymachine charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-a8ce8f20-6008-4eb3-b922-0086ad134989.secrets'
Feb 28 11:18:14 mymachine charon: 07[CFG]   loaded IKE secret for %any
Feb 28 11:18:14 mymachine charon: 10[CFG] received stroke: initiate '30257b76-90ca-49bb-9c13-999c1babc8d8'
Feb 28 11:18:14 mymachine charon: 11[IKE] initiating Main Mode IKE_SA 30257b76-90ca-49bb-9c13-999c1babc8d8[1] to xxx.xxx.xxx.xxx
Feb 28 11:18:14 mymachine charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Feb 28 11:18:14 mymachine charon: 11[NET] sending packet: from 192.168.43.178[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
Feb 28 11:18:18 mymachine charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
Feb 28 11:18:18 mymachine charon: 12[NET] sending packet: from 192.168.43.178[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
Feb 28 11:18:24 mymachine NetworkManager[1025]: Stopping strongSwan IPsec...
Feb 28 11:18:24 mymachine charon: 00[DMN] signal of type SIGINT received. Shutting down
Feb 28 11:18:24 mymachine charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Feb 28 11:18:24 mymachine NetworkManager[1025]: initiating Main Mode IKE_SA 30257b76-90ca-49bb-9c13-999c1babc8d8[1] to xxx.xxx.xxx.xxx
Feb 28 11:18:24 mymachine NetworkManager[1025]: generating ID_PROT request 0 [ SA V V V V V ]
Feb 28 11:18:24 mymachine NetworkManager[1025]: sending packet: from 192.168.43.178[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
Feb 28 11:18:24 mymachine NetworkManager[1025]: sending retransmit 1 of request message ID 0, seq 1
Feb 28 11:18:24 mymachine NetworkManager[1025]: sending packet: from 192.168.43.178[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
Feb 28 11:18:24 mymachine NetworkManager[1025]: destroying IKE_SA in state CONNECTING without notification
Feb 28 11:18:24 mymachine NetworkManager[1025]: establishing connection '30257b76-90ca-49bb-9c13-999c1babc8d8' failed
Feb 28 11:18:25 mymachine nm-l2tp-service[20999]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Feb 28 11:18:25 mymachine NetworkManager[1025]: <info>  [1582885105.0298] vpn-connection[0x556016a220e0,30257b76-90ca-49bb-9c13-999c1babc8d8,"L2TP with IPSec",0]: VPN plugin: state changed: stopped (6)
Feb 28 11:18:25 mymachine NetworkManager[1025]: <info>  [1582885105.0352] vpn-connection[0x556016a220e0,30257b76-90ca-49bb-9c13-999c1babc8d8,"L2TP with IPSec",0]: VPN service disappeared
Feb 28 11:18:25 mymachine NetworkManager[1025]: <warn>  [1582885105.0358] vpn-connection[0x556016a220e0,30257b76-90ca-49bb-9c13-999c1babc8d8,"L2TP with IPSec",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'