He estado intentando conectarme a la VPN de mi empresa utilizando el administrador de red Strongswan. No tengo ni idea de qué está pasando. A mí me parece que simplemente no logra establecer una conexión después de autenticarme.
Estoy usando Ubuntu 22.04.1
Aug 19 10:24:05 bumpusbox NetworkManager[711]: <info> [1660929845.1405] audit: op="connection-activate" uuid="16404d0f-b19b-4af9-9e44-7a596c8d3892" name="jimsFishyBusiness vpn" pid=2006 uid=1000 result="success"
Aug 19 10:24:05 bumpusbox charon-nm: 00[DMN] Starting charon NetworkManager backend (strongSwan 5.9.5)
Aug 19 10:24:05 bumpusbox charon-nm: 00[LIB] providers loaded by OpenSSL: legacy default
Aug 19 10:24:05 bumpusbox charon-nm: 00[LIB] created TUN device: tun0
Aug 19 10:24:05 bumpusbox NetworkManager[711]: <info> [1660929845.1503] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/10)
Aug 19 10:24:05 bumpusbox systemd-udevd[67536]: Using default interface naming scheme 'v249'.
Aug 19 10:24:05 bumpusbox charon-nm: 00[LIB] loaded plugins: nm-backend charon-nm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg kernel-netlink socket-default bypass-lan eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
Aug 19 10:24:05 bumpusbox charon-nm: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 19 10:24:05 bumpusbox charon-nm: 00[JOB] spawning 16 worker threads
Aug 19 10:24:05 bumpusbox charon-nm: 07[IKE] installed bypass policy for 169.254.0.0/16
Aug 19 10:24:05 bumpusbox charon-nm: 07[IKE] installed bypass policy for 172.17.0.0/16
Aug 19 10:24:05 bumpusbox charon-nm: 07[IKE] installed bypass policy for 192.168.0.0/24
Aug 19 10:24:05 bumpusbox charon-nm: 07[IKE] installed bypass policy for ::1/128
Aug 19 10:24:05 bumpusbox charon-nm: 07[IKE] installed bypass policy for fe80::/64
Aug 19 10:24:05 bumpusbox charon-nm: 06[CFG] received initiate for NetworkManager connection jimsFishyBusiness vpn
Aug 19 10:24:05 bumpusbox charon-nm: 06[CFG] using gateway identity '9.999.999.999'
Aug 19 10:24:05 bumpusbox charon-nm: 06[IKE] initiating IKE_SA jimsFishyBusiness vpn[1] to 9.999.999.999
Aug 19 10:24:05 bumpusbox charon-nm: 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 19 10:24:05 bumpusbox charon-nm: 06[NET] sending packet: from 192.168.0.223[36581] to 9.999.999.999[500] (904 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 13[NET] received packet: from 9.999.999.999[500] to 192.168.0.223[36581] (38 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 13[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Aug 19 10:24:05 bumpusbox charon-nm: 13[IKE] peer didn't accept DH group CURVE_25519, it requested ECP_256
Aug 19 10:24:05 bumpusbox charon-nm: 13[IKE] initiating IKE_SA jimsFishyBusiness vpn[1] to 9.999.999.999
Aug 19 10:24:05 bumpusbox charon-nm: 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 19 10:24:05 bumpusbox charon-nm: 13[NET] sending packet: from 192.168.0.223[36581] to 9.999.999.999[500] (936 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 14[NET] received packet: from 9.999.999.999[500] to 192.168.0.223[36581] (270 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Aug 19 10:24:05 bumpusbox charon-nm: 14[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/ECP_256
Aug 19 10:24:05 bumpusbox charon-nm: 14[IKE] local host is behind NAT, sending keep alives
Aug 19 10:24:05 bumpusbox charon-nm: 14[IKE] remote host is behind NAT
Aug 19 10:24:05 bumpusbox charon-nm: 14[IKE] sending cert request for "CN=VPN root CA"
Aug 19 10:24:05 bumpusbox charon-nm: 14[IKE] establishing CHILD_SA jimsFishyBusiness vpn{1}
Aug 19 10:24:05 bumpusbox charon-nm: 14[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 19 10:24:05 bumpusbox charon-nm: 14[NET] sending packet: from 192.168.0.223[44877] to 9.999.999.999[4500] (416 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 15[NET] received packet: from 9.999.999.999[4500] to 192.168.0.223[44877] (1236 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 15[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Aug 19 10:24:05 bumpusbox charon-nm: 15[ENC] received fragment #1 of 2, waiting for complete IKE message
Aug 19 10:24:05 bumpusbox charon-nm: 01[NET] received packet: from 9.999.999.999[4500] to 192.168.0.223[44877] (788 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 01[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Aug 19 10:24:05 bumpusbox charon-nm: 01[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1952 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 01[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
Aug 19 10:24:05 bumpusbox charon-nm: 01[IKE] received end entity cert "CN=9.999.999.999"
Aug 19 10:24:05 bumpusbox charon-nm: 01[CFG] using certificate "CN=9.999.999.999"
Aug 19 10:24:05 bumpusbox charon-nm: 01[CFG] using trusted ca certificate "CN=VPN root CA"
Aug 19 10:24:05 bumpusbox charon-nm: 01[CFG] checking certificate status of "CN=9.999.999.999"
Aug 19 10:24:05 bumpusbox charon-nm: 01[CFG] certificate status is not available
Aug 19 10:24:05 bumpusbox charon-nm: 01[CFG] reached self-signed root ca with a path length of 0
Aug 19 10:24:05 bumpusbox charon-nm: 01[IKE] authentication of '9.999.999.999' with RSA_EMSA_PKCS1_SHA2_384 successful
Aug 19 10:24:05 bumpusbox charon-nm: 01[IKE] server requested EAP_MSCHAPV2 authentication (id 0xD1)
Aug 19 10:24:05 bumpusbox charon-nm: 01[ENC] generating IKE_AUTH request 2 [ EAP/RES/MSCHAPV2 ]
Aug 19 10:24:05 bumpusbox charon-nm: 01[NET] sending packet: from 192.168.0.223[44877] to 9.999.999.999[4500] (144 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 04[NET] received packet: from 9.999.999.999[4500] to 192.168.0.223[44877] (144 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 04[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Aug 19 10:24:05 bumpusbox charon-nm: 04[IKE] EAP-MS-CHAPv2 succeeded: 'Welcome2strongSwan'
Aug 19 10:24:05 bumpusbox charon-nm: 04[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Aug 19 10:24:05 bumpusbox charon-nm: 04[NET] sending packet: from 192.168.0.223[44877] to 9.999.999.999[4500] (80 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 08[NET] received packet: from 9.999.999.999[4500] to 192.168.0.223[44877] (80 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 08[ENC] parsed IKE_AUTH response 3 [ EAP/SUCC ]
Aug 19 10:24:05 bumpusbox charon-nm: 08[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
Aug 19 10:24:05 bumpusbox charon-nm: 08[IKE] authentication of 'myuser' (myself) with EAP
Aug 19 10:24:05 bumpusbox charon-nm: 08[ENC] generating IKE_AUTH request 4 [ AUTH ]
Aug 19 10:24:05 bumpusbox charon-nm: 08[NET] sending packet: from 192.168.0.223[44877] to 9.999.999.999[4500] (96 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 09[NET] received packet: from 9.999.999.999[4500] to 192.168.0.223[44877] (128 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 09[ENC] parsed IKE_AUTH response 4 [ AUTH N(MOBIKE_SUP) N(NO_ADD_ADDR) N(FAIL_CP_REQ) N(TS_UNACCEPT) ]
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] authentication of '9.999.999.999' with EAP successful
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] IKE_SA jimsFishyBusiness vpn[1] established between 192.168.0.223[myuser]...9.999.999.999[9.999.999.999]
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] scheduling rekeying in 35530s
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] maximum IKE_SA lifetime 36130s
Aug 19 10:24:05 bumpusbox NetworkManager[711]: <warn> [1660929845.8775] vpn[0x55b4cab76220,16404d0f-b19b-4af9-9e44-7a596c8d3892,"jimsFishyBusiness vpn"]: dbus: failure: connect-failed (1)
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] received FAILED_CP_REQUIRED notify, no CHILD_SA built
Aug 19 10:24:05 bumpusbox NetworkManager[711]: <warn> [1660929845.8776] vpn[0x55b4cab76220,16404d0f-b19b-4af9-9e44-7a596c8d3892,"jimsFishyBusiness vpn"]: dbus: failure: connect-failed (1)
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] failed to establish CHILD_SA, keeping IKE_SA
Aug 19 10:24:05 bumpusbox charon-nm: 09[IKE] peer supports MOBIKE
Aug 19 10:24:05 bumpusbox charon-nm: 10[IKE] deleting IKE_SA jimsFishyBusiness vpn[1] between 192.168.0.223[myuser]...9.999.999.999[9.999.999.999]
Aug 19 10:24:05 bumpusbox charon-nm: 10[IKE] sending DELETE for IKE_SA jimsFishyBusiness vpn[1]
Aug 19 10:24:05 bumpusbox charon-nm: 10[ENC] generating INFORMATIONAL request 5 [ D ]
Aug 19 10:24:05 bumpusbox charon-nm: 10[NET] sending packet: from 192.168.0.223[44877] to 9.999.999.999[4500] (80 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 11[NET] received packet: from 9.999.999.999[4500] to 192.168.0.223[44877] (80 bytes)
Aug 19 10:24:05 bumpusbox charon-nm: 11[ENC] parsed INFORMATIONAL response 5 [ ]
Aug 19 10:24:05 bumpusbox charon-nm: 11[IKE] IKE_SA deleted```
Respuesta1
En caso de que aún no haya encontrado una solución, tuve un problema similar y logré que mi caso funcionara. Mi solución terminó siendo lo que se describe en la sección de actualización deesta pregunta.
Específicamente, tenía una conexión VPN Strongswan que funcionaba, pero luego de actualizar a Ubuntu 22.04 LTS, la conexión dejó de funcionar. La solución fue:
- Abierto
/etc/NetworkManager/system-connections/<VPN_Name> - En la sección [vpn], busque la línea que dice
proposal=no. Cámbielo ayes - Añade una línea debajo para
esp=aes256-sha256-ecp384
Esa solución particular pareció no funcionar para el autor de la pregunta vinculada, pero funcionó para mí y mi situación era más similar a la suya. ¡Espero que esto ayude a alguien!
Respuesta2
No tenía la configuración correcta. Tuve que marcar la opción Solicitar una dirección IP interna.