无法使用nm-l2tp-service连接到VPN

时间:2018-06-12 14:53:12

标签: centos vpn l2tp

我使用Centos 7计算机并希望使用l2tp VPN连接到nm-l2tp-service

服务输出:

[gefalko@localhost ~]$ sudo /usr/libexec/nm-l2tp-service --debug
nm-l2tp[20335] nm-l2tp-service (version 1.2.10-1.el7) starting...
nm-l2tp[20335] uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[20335] ipsec enable flag: yes
** Message: Check port 1701
connection
id : "L2TP IPSec (PSK) - otravo" (s)
uuid : "49a95a8c-275b-464b-8f62-a7639b48e966" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:gefalko:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
autoconnect-retries : -1 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : NULL (sd)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
stable-id : NULL (sd)
auth-retries : -1 (sd)

ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x1e8f780) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x1e8f6e0) (s)
route-metric : -1 (sd)
route-table : 0 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
addr-gen-mode : 1 (sd)
token : NULL (sd)

proxy
method : 0 (sd)
browser-only : FALSE (sd)
pac-url : NULL (sd)
pac-script : NULL (sd)

vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "gefalko" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x1e764c0) (s)
secrets : ((GHashTable*) 0x1e76400) (s)
timeout : 0 (sd)

ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x1e8f560) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x1e8f600) (s)
route-metric : -1 (sd)
route-table : 0 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)

nm-l2tp[20335] starting ipsec
Redirecting to: systemctl stop ipsec.service
warning: could not open include filename: '/etc/ipsec.d/.conf'
warning: could not open include filename: '/etc/ipsec.d/.conf'
warning: could not open include filename: '/etc/ipsec.d/.conf'
warning: could not open include filename: '/etc/ipsec.d/.conf'
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface virbr0/virbr0 192.168.122.1:500
002 adding interface virbr0/virbr0 192.168.122.1:4500
002 adding interface wlp2s0/wlp2s0 192.168.1.176:500
002 adding interface wlp2s0/wlp2s0 192.168.1.176:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets"
opening file: /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf
debugging mode enabled
end of file /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf
Loading conn 49a95a8c-275b-464b-8f62-a7639b48e966
starter: left is KH_DEFAULTROUTE
loading named conns: 49a95a8c-275b-464b-8f62-a7639b48e966
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst via 192.168.1.254 dev wlp2s0 src table 254
set nexthop: 192.168.1.254
dst 192.168.1.0 via dev wlp2s0 src 192.168.1.176 table 254
dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
dst 192.168.1.0 via dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.1.176 via dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.1.255 via dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 192.168.1.254 via dev wlp2s0 src 192.168.1.176 table 254
set addr: 192.168.1.176

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" labeled_ipsec=0
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdns=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdomains=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgbanner=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-in=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-out=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" vti_iface=(null)
002 added connection description "49a95a8c-275b-464b-8f62-a7639b48e966"
nm-l2tp[20335] Spawned ipsec auto --up script with PID 21334.
002 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: initiating Main Mode
104 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: initiate
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
nm-l2tp[20335] Timeout trying to establish IPsec connection
nm-l2tp[20335] Terminating ipsec script with PID 21334.
nm-l2tp[20335] Could not establish IPsec tunnel.

(nm-l2tp-service:20335): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 16 seconds for response

1 个答案:

答案 0 :(得分:0)

我相信您需要将IPsec阶段1和2的算法设置为与VPN服务器使用的算法相同,或者重新配置VPN服务器以提供更强的建议。