我一直在嘗試讓 Ubuntu 筆記型電腦連接到我們的 L2TP VPN 伺服器,我嘗試使用 18.04 和 19.04,遵循了幾個基本上相當於安裝network-manager-l2tp和network-manager-l2tp-gnome.我已經到了這一點:
May 17 12:34:14 lap-linux-001 NetworkManager[583]: <info> [1558110854.8704] audit: op="connection-activate" uuid="2dba1ee5-c86e-46e9-b0e4-5ce89738d380" name="ADS" pid=1509 uid=1000 result="success"
May 17 12:34:14 lap-linux-001 NetworkManager[583]: <info> [1558110854.8758] vpn-connection[0x5603ef4be7a0,2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS",0]: Started the VPN service, PID 8635
May 17 12:34:14 lap-linux-001 NetworkManager[583]: <info> [1558110854.8878] vpn-connection[0x5603ef4be7a0,2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS",0]: Saw the service appear; activating connection
May 17 12:34:18 lap-linux-001 systemd[1]: NetworkManager-dispatcher.service: Succeeded.
May 17 12:34:19 lap-linux-001 NetworkManager[583]: <info> [1558110859.3039] settings-connection[0x5603ef3ae480,2dba1ee5-c86e-46e9-b0e4-5ce89738d380]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/ADS.nmconnection (2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS")), connection was modified in the process
May 17 12:34:19 lap-linux-001 NetworkManager[583]: <info> [1558110859.3085] vpn-connection[0x5603ef4be7a0,2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS",0]: VPN connection: (ConnectInteractive) reply received
May 17 12:34:19 lap-linux-001 nm-l2tp-service[8635]: Check port 1701
May 17 12:34:19 lap-linux-001 nm-l2tp-service[8635]: Can't bind to port 1701
May 17 12:34:19 lap-linux-001 NetworkManager[583]: Stopping strongSwan IPsec failed: starter is not running
May 17 12:34:21 lap-linux-001 NetworkManager[583]: Starting strongSwan 5.7.1 IPsec [starter]...
May 17 12:34:21 lap-linux-001 NetworkManager[583]: Loading config setup
May 17 12:34:21 lap-linux-001 NetworkManager[583]: Loading conn '2dba1ee5-c86e-46e9-b0e4-5ce89738d380'
May 17 12:34:21 lap-linux-001 NetworkManager[583]: found netkey IPsec stack
May 17 12:34:21 lap-linux-001 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.1, Linux 5.0.0-13-generic, x86_64)
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-2dba1ee5-c86e-46e9-b0e4-5ce89738d380.secrets'
May 17 12:34:21 lap-linux-001 charon: 00[CFG] loaded IKE secret for %any
May 17 12:34:21 lap-linux-001 charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
May 17 12:34:21 lap-linux-001 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
May 17 12:34:21 lap-linux-001 charon: 00[JOB] spawning 16 worker threads
May 17 12:34:21 lap-linux-001 charon: 06[CFG] received stroke: add connection '2dba1ee5-c86e-46e9-b0e4-5ce89738d380'
May 17 12:34:21 lap-linux-001 charon: 06[CFG] algorithm 'ecp_384' not recognized
May 17 12:34:21 lap-linux-001 charon: 06[CFG] skipped invalid proposal string: aes256-sha1-ecp_384
May 17 12:34:22 lap-linux-001 charon: 08[CFG] rereading secrets
May 17 12:34:22 lap-linux-001 charon: 08[CFG] loading secrets from '/etc/ipsec.secrets'
May 17 12:34:22 lap-linux-001 charon: 08[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-2dba1ee5-c86e-46e9-b0e4-5ce89738d380.secrets'
May 17 12:34:22 lap-linux-001 charon: 08[CFG] loaded IKE secret for %any
May 17 12:34:22 lap-linux-001 charon: 09[CFG] received stroke: initiate '2dba1ee5-c86e-46e9-b0e4-5ce89738d380'
May 17 12:34:22 lap-linux-001 charon: 09[CFG] no config named '2dba1ee5-c86e-46e9-b0e4-5ce89738d380'
May 17 12:34:22 lap-linux-001 NetworkManager[583]: no config named '2dba1ee5-c86e-46e9-b0e4-5ce89738d380'
May 17 12:34:22 lap-linux-001 NetworkManager[583]: Stopping strongSwan IPsec...
May 17 12:34:22 lap-linux-001 charon: 00[DMN] signal of type SIGINT received. Shutting down
May 17 12:34:22 lap-linux-001 nm-l2tp-service[8635]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
May 17 12:34:22 lap-linux-001 NetworkManager[583]: <info> [1558110862.8278] vpn-connection[0x5603ef4be7a0,2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS",0]: VPN plugin: state changed: stopped (6)
May 17 12:34:22 lap-linux-001 NetworkManager[583]: <info> [1558110862.8313] vpn-connection[0x5603ef4be7a0,2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS",0]: VPN service disappeared
May 17 12:34:22 lap-linux-001 NetworkManager[583]: <warn> [1558110862.8326] vpn-connection[0x5603ef4be7a0,2dba1ee5-c86e-46e9-b0e4-5ce89738d380,"ADS",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
我也能夠在 Fedora 中正常工作,所以我很確定我使用了正確的配置選項,但我什至沒有看到在 Ubuntu 端禁用 PFS 的選項。
從我讀到的內容來看,它似乎正在尋找一個不存在的配置?但我不確定它希望我把它放在哪裡/創建/添加它。也許 ipsec.conf?但該字串看起來與我見過的任何其他示例都不一樣。
我對 Linux 不太有經驗,但這是我第一次接觸 VPN。感謝您閱讀本文,任何幫助將不勝感激。
答案1
我可以為您提供讓我的 ipsec vpn 正常運作所需的步驟(在 18.04 上)。
sudo apt install strongswan
然後安裝 libcharon-extra-plugins 和 libstrongswan-extra-plugins。我用突觸包管理器做到了這一點。我需要這些用於模組 eap-identity。根據 VPN 設定建立正確的 /etc/ipsec.conf。建立或修改 ipsec.secrets
我需要一些額外的步驟,但這可能取決於 VPN:
在 /etc/strongswan.d/charon/constraints.conf 中,將“load = yes”更改為“load = no”
更改證書
sudo rmdir /etc/ipsec.d/cacerts (maybe make a backup first) sudo ln -s /etc/ssl/certs /etc/ipsec.d/cacerts就我個人而言,我需要在VPN期間進行下一個DNS操作
sudo apt install resolvconf sudo dpkg-reconfigure resolvconf reboot
最後 :
sudo ipsec restart
sudo ipsec up <vpn-name>
希望這對您有進一步的幫助。