我最近更換了網路供應商,之後我無法再連接到我工作的 VPN。我將路由器更換為 TP-Link WR840N,但這不起作用。路由器中啟用了 IPSec 直通。在此更改之前,一切都運行良好。
我使用的是 OS X El Captain (10.11.6),嘗試連線時得到的日誌是:
Aug 8 21:07:59 my-machine nesessionmanager[1553]: IPSec connecting to server <server - secret>
Aug 8 21:07:59 my-machine nesessionmanager[1553]: IPSec Phase1 starting.
Aug 8 21:07:59 my-machine racoon[2139]: accepted connection on vpn control socket.
Aug 8 21:07:59 --- last message repeated 1 time ---
Aug 8 21:07:59 my-machine racoon[2139]: IPSec connecting to server ***.***.***.*
Aug 8 21:07:59 --- last message repeated 1 time ---
Aug 8 21:07:59 my-machine racoon[2139]: Connecting.
Aug 8 21:07:59 my-machine racoon[2139]: IPSec Phase 1 started (Initiated by me).
Aug 8 21:07:59 --- last message repeated 1 time ---
Aug 8 21:07:59 my-machine racoon[2139]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Aug 8 21:07:59 my-machine racoon[2139]: >>>>> phase change status = Phase 1 started by us
Aug 8 21:08:02 --- last message repeated 1 time ---
Aug 8 21:08:02 my-machine racoon[2139]: IKE Packet: transmit success. (Phase 1 Retransmit).
Aug 8 21:08:09 --- last message repeated 2 times ---
Aug 8 21:08:09 my-machine nesessionmanager[1553]: IPSec Controller: retry IPSec aggressive mode with DH Group 2
Aug 8 21:08:09 my-machine nesessionmanager[1553]: IPSec Phase1 starting.
Aug 8 21:08:09 my-machine racoon[2139]: IPSec connecting to server ***.***.***.*
Aug 8 21:08:09 --- last message repeated 1 time ---
Aug 8 21:08:09 my-machine racoon[2139]: Connecting.
Aug 8 21:08:09 my-machine racoon[2139]: IPSec Phase 1 started (Initiated by me).
Aug 8 21:08:09 --- last message repeated 1 time ---
Aug 8 21:08:09 my-machine racoon[2139]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Aug 8 21:08:09 my-machine racoon[2139]: >>>>> phase change status = Phase 1 started by us
Aug 8 21:08:12 --- last message repeated 1 time ---
Aug 8 21:08:12 my-machine racoon[2139]: IKE Packet: transmit success. (Phase 1 Retransmit).
Aug 8 21:08:19 --- last message repeated 2 times ---
Aug 8 21:08:19 my-machine nesessionmanager[1553]: NESMLegacySession[<secret>]: status changed to disconnecting
Aug 8 21:08:19 my-machine nesessionmanager[1553]: IPSec disconnecting from server ***.***.***.*
Aug 8 21:08:19 my-machine racoon[2139]: IPSec disconnecting from server ***.***.***.*
Aug 8 21:08:19 --- last message repeated 3 times ---
Aug 8 21:08:19 my-machine nesessionmanager[1553]: NESMLegacySession[<secret>]: status changed to disconnected, last stop reason None
Aug 8 21:08:19 my-machine racoon[2139]: glob found no matches for path "/var/run/racoon/*.conf"
A
有誰知道發生了什麼或如何調試這個問題?
謝謝!
答案1
您的新提供者確實阻止了 UDP 連接埠 500 出站和/或入站。
即您的日誌顯示您正在傳送 IKE AM 的訊息 1:
8月8日21:07:59 my-machine racoon[2139]:IKE封包:傳輸成功。 (發起者,主動模式訊息 1)。
但是沒有回應,所以一段時間後您重新傳輸第一個資料包:
8 月 8 日 21:08:02 my-machine racoon[2139]:IKE 封包:傳輸成功。 (第一階段重傳)。
由於仍然沒有任何反應,我們又嘗試了幾次,最後放棄了。
那為什麼我們沒有得到回應呢?
- 路徑中的某些東西阻塞了資料包
- VPN 頭端正在丟棄它
- VPN 頭端回應,但路徑中的某些內容丟棄了回應
鑑於此方法過去運作正常,僅在更改 ISP 後才失敗,看來 ISP 很可能阻止出站或入站資料包。
我建議詢問您工作中的 VPN 管理員是否有其他連線方式,例如使用 TCP 上的 IPsec 或使用 TLS。