Не могу подключиться к VPN, используя nm-l2tp-сервис - PullRequest
Новая
       67

Не могу подключиться к VPN, используя nm-l2tp-сервис

0 голосов
/ 12 июня 2018

Я использую Centos 7 машину и хочу подключиться к l2tp VPN используя nm-l2tp-service:

Выход услуги: 

[gefalko@localhost ~]$ sudo /usr/libexec/nm-l2tp-service --debug
nm-l2tp[20335] nm-l2tp-service (version 1.2.10-1.el7) starting...
nm-l2tp[20335] uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[20335] ipsec enable flag: yes
** Message: Check port 1701
connection
id : "L2TP IPSec (PSK) - otravo" (s)
uuid : "49a95a8c-275b-464b-8f62-a7639b48e966" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:gefalko:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
autoconnect-retries : -1 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : NULL (sd)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
stable-id : NULL (sd)
auth-retries : -1 (sd)

ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x1e8f780) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x1e8f6e0) (s)
route-metric : -1 (sd)
route-table : 0 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
addr-gen-mode : 1 (sd)
token : NULL (sd)

proxy
method : 0 (sd)
browser-only : FALSE (sd)
pac-url : NULL (sd)
pac-script : NULL (sd)

vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "gefalko" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x1e764c0) (s)
secrets : ((GHashTable*) 0x1e76400) (s)
timeout : 0 (sd)

ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x1e8f560) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x1e8f600) (s)
route-metric : -1 (sd)
route-table : 0 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)

nm-l2tp[20335] starting ipsec
Redirecting to: systemctl stop ipsec.service
warning: could not open include filename: '/etc/ipsec.d/.conf'
warning: could not open include filename: '/etc/ipsec.d/.conf'
warning: could not open include filename: '/etc/ipsec.d/.conf'
warning: could not open include filename: '/etc/ipsec.d/.conf'
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface virbr0/virbr0 192.168.122.1:500
002 adding interface virbr0/virbr0 192.168.122.1:4500
002 adding interface wlp2s0/wlp2s0 192.168.1.176:500
002 adding interface wlp2s0/wlp2s0 192.168.1.176:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets"
opening file: /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf
debugging mode enabled
end of file /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf
Loading conn 49a95a8c-275b-464b-8f62-a7639b48e966
starter: left is KH_DEFAULTROUTE
loading named conns: 49a95a8c-275b-464b-8f62-a7639b48e966
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst via 192.168.1.254 dev wlp2s0 src table 254
set nexthop: 192.168.1.254
dst 192.168.1.0 via dev wlp2s0 src 192.168.1.176 table 254
dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
dst 192.168.1.0 via dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.1.176 via dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.1.255 via dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 192.168.1.254 via dev wlp2s0 src 192.168.1.176 table 254
set addr: 192.168.1.176

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" labeled_ipsec=0
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdns=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdomains=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgbanner=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-in=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-out=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" vti_iface=(null)
002 added connection description "49a95a8c-275b-464b-8f62-a7639b48e966"
nm-l2tp[20335] Spawned ipsec auto --up script with PID 21334.
002 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: initiating Main Mode
104 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: initiate
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
nm-l2tp[20335] Timeout trying to establish IPsec connection
nm-l2tp[20335] Terminating ipsec script with PID 21334.
nm-l2tp[20335] Could not establish IPsec tunnel.

(nm-l2tp-service:20335): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 16 seconds for response

1 Ответ

0 голосов
/ 25 июня 2018

Полагаю, вам нужно настроить алгоритмы фазы 1 и 2 IPsec на те же, что используются на сервере VPN, или перенастроить сервер VPN, чтобы предлагать более мощные предложения.

...