Ich habe mein System gemäß einem Tutorial eingerichtet, das ich im Internet gefunden habe.
Ich habe grundsätzlich die notwendigen Abhängigkeiten installiert:
sudo apt install network-manager
sudo apt install network-manager-l2tp
sudo apt install network-manager-strongswan
Und konfigurierte sie, indem ich Änderungen an den folgenden Dateien vornahm (VPN_SERVER_IP, VPN_IPSEC_PSK, VPN_USERNAME, VPN_PASSWORD werden durch die tatsächlichen Werte ersetzt; XXX.XXX.XXX.XXX in den Protokollen weiter unten ist die IP-Adresse des VPN-Servers)
/etc/ipsec.conf:
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=$VPN_SERVER_IP
/etc/ipsec.secrets:
: PSK "$VPN_IPSEC_PSK"
/etc/xl2tpd/xl2tpd.conf:
[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name $VPN_USERNAME
password $VPN_PASSWORD
/etc/NetworkManager/NetworkManager.conf (Standard, nichts geändert):
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no
Wenn ich eine Verbindung zum VPN herstellen möchte /etc/init.d/network-manager start, wird in den Protokollen nichts Außergewöhnliches angezeigt:
ifupdown configuration found.
<info> [1559053123.4216] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
<info> [1559053123.4216] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found.
<info> [1559053123.4216] end _init.
<info> [1559053123.4216] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-settings-plugin-ifupdown.so)
<info> [1559053123.4217] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': new request (1 scripts)
<info> [1559053123.4217] (735157440) ... get_connections.
May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': start running ordered scripts...
<info> [1559053123.4217] (735157440) ... get_connections (managed=false): return empty list.
<info> [1559053123.4218] get unmanaged devices count: 0
<info> [1559053123.4218] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
<info> [1559053123.4218] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
<info> [1559053123.4218] manager: Networking is enabled by state file
<info> [1559053123.4219] dhcp-init: Using DHCP client 'dhclient'
<info> [1559053123.4220] Loaded device plugin: NMBondDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMBridgeDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMDummyDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMEthernetDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMInfinibandDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMMacsecDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMMacvlanDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMPppDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMTunDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMVethDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMVlanDeviceFactory (internal)
<info> [1559053123.4222] Loaded device plugin: NMVxlanDeviceFactory (internal)
<info> [1559053123.4229] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wwan.so)
<info> [1559053123.4234] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-bluetooth.so)
<info> [1559053123.4236] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wifi.so)
<info> [1559053123.4242] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-team.so)
<info> [1559053123.4244] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adsl.so)
<info> [1559053123.4252] device (lo): carrier: link connected
<info> [1559053123.4258] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
<info> [1559053123.4262] device (enp5s0): carrier: link connected
<info> [1559053123.4285] manager: (enp5s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
<info> [1559053123.4335] modem-manager: ModemManager available
<info> [1559053123.4336] manager: startup complete
ipsec up myvpnscheint auch erfolgreich zu sein:
initiating Main Mode IKE_SA myvpn[1] to 82.161.237.247
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (212 bytes)
received packet: from 82.161.237.247[500] to 192.168.10.56[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (244 bytes)
received packet: from 82.161.237.247[500] to 192.168.10.56[500] (244 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (108 bytes)
received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.10.56[192.168.10.56]...82.161.237.247[82.161.237.247]
scheduling reauthentication in 3420s
maximum IKE_SA lifetime 3600s
generating QUICK_MODE request 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (364 bytes)
received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (332 bytes)
parsed QUICK_MODE response 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
CHILD_SA myvpn{1} established with SPIs c970ab39_i cf32f312_o and TS 192.168.10.56/32[udp/l2f] === 82.161.237.247/32[udp/l2f]
generating QUICK_MODE request 1511457566 [ HASH ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (60 bytes)
connection 'myvpn' established successfully
Im Großen und Ganzen scheint es also keine Fehler zu geben, aber ich kann nicht überprüfen, ob ich die Verbindung tatsächlich hergestellt habe oder nicht. Das größte Problem ist, dass kein ppp0-Gerät angezeigt wird, wenn ich Folgendes ausführe ip link:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 6c:f0:49:70:55:16 brd ff:ff:ff:ff:ff:ff
Aus diesem Grund kann ich nicht definieren, welcher Datenverkehr über den VPN-Server laufen soll. Wie kann ich sicherstellen, dass das ppp0-Gerät angezeigt wird und ihm vom DHCP/VPN-Server die IP-Adresse zugewiesen wird?
Antwort1
echo "c myvpn" > /var/run/xl2tpd/l2tp-controlals Root ausgeführt sollte die ppp0-Schnittstelle erstellen. Ich habe einige Änderungen an den Konfigurationsdateien vorgenommen und als ich diesen Befehl ausgab, fand ich Protokolle, die sich darüber beschwerten, dass lockdie Option in /etc/ppp/options.l2tpd.clientunbekannt sei (in ). Ich habe es aus der Konfigurationsdatei /var/log/syslogentfernt und jetzt funktioniert es.lock
Meine aktuelle Konfiguration ist unten eingefügt.
/etc/ipsec.conf:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
rekey=no
type=transport
left=%any
leftprotoport=17/1701
rightprotoport=17/1701
right=VPN_SERVER
rightid=%any
dpdaction=clear
/etc/xl2tpd/xl2tpd.conf:
[lac myvpn]
lns = VPN_SERVER
require chap = yes
refuse pap = yes
require authentication = yes
name = VPN_USER
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client:
ipcp-accept-local
ipcp-accept-remote
require-chap
#refuse-chap
refuse-eap
refuse-pap
require-mschap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
nodefaultroute
usepeerdns
debug
connect-delay 5000
name VPN_USER
password VPN_USER_PASSWORD
remotename myvpn
ipparam myvpn
/etc/Netzwerk/Schnittstellen:
iface tunnel inet ppp
provider myvpn
Ergebnis:
~# ifconfig
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
RX packets 822593 bytes 135972174 (135.9 MB)
RX errors 0 dropped 31185 overruns 0 frame 0
TX packets 854688 bytes 150862324 (150.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 70050 bytes 5703649 (5.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 70050 bytes 5703649 (5.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 3 bytes 54 (54.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 54 (54.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Antwort2
Für Ubuntu 18.04 LTS für einen Meraki-Router habe ich im Wesentlichenhttps://help.vpntunnel.com/support/solutions/articles/5000782608-vpntunnel-l2tp-installation-guide-for-ubuntu-18-04-
Aktualisieren und bereinigen Sie zuerst die Maschine
sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot
# Wait for reboot, log back in
sudo apt autoremove
VPN-Software installieren
sudo apt-get install strongswan xl2tpd net-tools
sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome
sudo apt-get install network-manager-strongswan
sudo reboot
Nach dem Neustart schalten Sie den L2TP-Server aus, wir wollen nur den Client
sudo service xl2tpd stop
sudo systemctl disable xl2tpd
Anweisungen zum Einrichten des VPN:
Settings -> Network -> VPN - > "+"
Details:
Make available to other users, check (if desired)
Identity:
Name: Make a description
Gateway: the IP address (or dyn dns name from the meraki page)
User Name: [email protected]
Password: Leave blank, will prompt
NT Domain: <blank>
IPSec Settings:
Enable IpSec tunnel to L2TP host: check
Pre-Shared Key: Get from the meraki setup page
Phase1 Algorithms: 3des-sha1-modp1024
Phase2 Algorithms: aes128-sha1
Enforce UDP encap: <un checked>
PPP Settings: Default
Und dann in der GUI verbinden.