Debian 9错误连接VPN L2TP

时间:2018-08-28 19:06:18

标签: debian vpn l2tp

我尝试了vpn l2tp连接,但无法连接。我使用GUI网络管理器。这是调试代码

nm-l2tp[25816] <info>  starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.5.1 IPsec [starter]...
Loading config setup
Loading conn 'b90b8bb2-cbd9-456c-a33e-b43adc975dec'
found netkey IPsec stack
nm-l2tp[25816] <info>  Spawned ipsec up script with PID 25879.
initiating Main Mode IKE_SA b90b8bb2-cbd9-456c-a33e-b43adc975dec[1] to 103.76.22.130
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.42.162[500] to 103.76.22.130[500] (240 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.42.162[500] to 103.76.22.130[500] (240 bytes)
nm-l2tp[25816] <warn>  Timeout trying to establish IPsec connection
nm-l2tp[25816] <info>  Terminating ipsec script with PID 25879.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection 'b90b8bb2-cbd9-456c-a33e-b43adc975dec' failed
nm-l2tp[25816] <warn>  Could not establish IPsec tunnel.

(nm-l2tp-service:25816): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed

有人可以帮助我解决或解决问题吗? 我已经尝试过herehere

中的教程

1 个答案:

答案 0 :(得分:0)

您提供的第二个链接中运行./ike-scan.sh脚本的结果为:

    sudo ipsec stop
    sudo ./ike-scan.sh 103.76.22.130 | grep SA=
      SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=14:modp2048 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=128 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=128 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=192 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=192 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=256 LifeType=Seconds LifeDuration(4)=0x00007080)
      SA=(Enc=AES Hash=SHA1 Auth=PSK Group=14:modp2048 KeyLength=256 LifeType=Seconds LifeDuration(4)=0x00007080)

该VPN服务器的所有建议都被认为是弱的,因为它们正在使用SHA1和/或modp1024。您可以尝试以下第1阶段和第2阶段算法吗?

  • 第1阶段算法:aes256-sha1-modp2048,aes256-sha1-modp1024!
  • 第2阶段算法:aes256-sha1!

我已经选择了VPN服务器在阶段1中提供的两个最强建议。感叹号(!)是将VPN客户端限制为指定的建议,并且不包括strongSwan的默认建议。一些VPN服务器不喜欢被客户端的大量提议淹没。