我尝试了vpn l2tp连接,但无法连接。我使用GUI网络管理器。这是调试代码
nm-l2tp[25816] <info> starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.5.1 IPsec [starter]...
Loading config setup
Loading conn 'b90b8bb2-cbd9-456c-a33e-b43adc975dec'
found netkey IPsec stack
nm-l2tp[25816] <info> Spawned ipsec up script with PID 25879.
initiating Main Mode IKE_SA b90b8bb2-cbd9-456c-a33e-b43adc975dec[1] to 103.76.22.130
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.42.162[500] to 103.76.22.130[500] (240 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.42.162[500] to 103.76.22.130[500] (240 bytes)
nm-l2tp[25816] <warn> Timeout trying to establish IPsec connection
nm-l2tp[25816] <info> Terminating ipsec script with PID 25879.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection 'b90b8bb2-cbd9-456c-a33e-b43adc975dec' failed
nm-l2tp[25816] <warn> Could not establish IPsec tunnel.
(nm-l2tp-service:25816): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
中的教程
答案 0 :(得分:0)
您提供的第二个链接中运行./ike-scan.sh脚本的结果为:
sudo ipsec stop
sudo ./ike-scan.sh 103.76.22.130 | grep SA=
SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=14:modp2048 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=128 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=128 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=192 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=192 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=256 LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=256 LifeType=Seconds LifeDuration(4)=0x00007080)
该VPN服务器的所有建议都被认为是弱的,因为它们正在使用SHA1和/或modp1024。您可以尝试以下第1阶段和第2阶段算法吗?
我已经选择了VPN服务器在阶段1中提供的两个最强建议。感叹号(!
)是将VPN客户端限制为指定的建议,并且不包括strongSwan的默认建议。一些VPN服务器不喜欢被客户端的大量提议淹没。