ubuntu 16.04 如何连接l2tp vpn

[leslielg]

如题，有一个softether配置的l2tp vpn server，跑在vps虚拟机上，该vpn通过windows 10，android手机，苹果手机都可以顺利连接。

在ubuntu 16.04里该如何连入该vpn？

尝试过安装network-manager-l2tp，试过几种配置连接vpn均失败。

[poloshiao]

https://askubuntu.com/questions/789421/ ... untu-16-04
L2tp IPSEC PSK VPN client on (x)ubuntu 16.04

[zhangjint5]

最近就为了 L2TP 改用 fedora 去了，因为它里面有 NetworkManager-l2tp-gnome 包～！

[leslielg]

https://askubuntu.com/questions/789421/ ... untu-16-04
L2tp IPSEC PSK VPN client on (x)ubuntu 16.04

我就是从这里看到安装的nm-l2tp 和 nm-l2tp-gnome，然而并不work。

Log如下，53行出现错误

代码： 全选

3 May  6 10:36:56 leslie-cz880 NetworkManager[940]: <info>  [1494038216.1627] keyfile: update /etc/NetworkManager/system-connections/Ramnode (aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode"    )
  4 May  6 10:36:56 leslie-cz880 NetworkManager[940]: <info>  [1494038216.1630] audit: op="connection-update" uuid="aa69a6e0-cc83-46e1-a60f-57759b2891a5" name="Ramnode" pid=3061 uid=1000 res    ult="success"
  5 May  6 10:37:00 leslie-cz880 NetworkManager[940]: <info>  [1494038220.1073] audit: op="connection-activate" uuid="aa69a6e0-cc83-46e1-a60f-57759b2891a5" name="Ramnode" pid=2038 uid=1000 r    esult="success"
  6 May  6 10:37:00 leslie-cz880 NetworkManager[940]: <info>  [1494038220.1102] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: Started the VPN service, PID 3072
  7 May  6 10:37:00 leslie-cz880 NetworkManager[940]: <info>  [1494038220.1153] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: Saw the service appear; activating     connection
  8 May  6 10:37:00 leslie-cz880 NetworkManager[940]: <info>  [1494038220.1513] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN connection: (ConnectInteractiv    e) reply received
  9 May  6 10:37:00 leslie-cz880 NetworkManager[940]: nm-l2tp[3072] <info>  ipsec enable flag: yes
 10 May  6 10:37:00 leslie-cz880 NetworkManager[940]: ** Message: Check port 1701
 11 May  6 10:37:00 leslie-cz880 NetworkManager[940]: ** Message: Check port 1701
 12 May  6 10:37:00 leslie-cz880 NetworkManager[940]: nm-l2tp[3072] <info>  starting ipsec
 13 May  6 10:37:00 leslie-cz880 NetworkManager[940]: Stopping strongSwan IPsec...
 14 May  6 10:37:00 leslie-cz880 charon: 00[DMN] signal of type SIGINT received. Shutting down
 15 May  6 10:37:00 leslie-cz880 ipsec[3094]: Stopping strongSwan IPsec failed: starter is not running
 16 May  6 10:37:02 leslie-cz880 NetworkManager[940]: Starting strongSwan 5.3.5 IPsec [starter]...
 17 May  6 10:37:02 leslie-cz880 NetworkManager[940]: Loading config setup
 18 May  6 10:37:02 leslie-cz880 NetworkManager[940]: Loading conn 'nm-ipsec-l2tp-3072'
 19 May  6 10:37:02 leslie-cz880 NetworkManager[940]: found netkey IPsec stack
 20 May  6 10:37:02 leslie-cz880 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-75-generic, x86_64)
 21 May  6 10:37:02 leslie-cz880 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
 22 May  6 10:37:02 leslie-cz880 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
 23 May  6 10:37:02 leslie-cz880 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
 24 May  6 10:37:02 leslie-cz880 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
 25 May  6 10:37:02 leslie-cz880 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
 26 May  6 10:37:02 leslie-cz880 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
 27 May  6 10:37:02 leslie-cz880 charon: 00[CFG]   loaded IKE secret for %any
 28 May  6 10:37:02 leslie-cz880 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dn    skey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown
 29 May  6 10:37:02 leslie-cz880 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
 30 May  6 10:37:02 leslie-cz880 charon: 00[JOB] spawning 16 worker threads
 31 May  6 10:37:02 leslie-cz880 charon: 05[CFG] received stroke: add connection 'nm-ipsec-l2tp-3072'
 32 May  6 10:37:02 leslie-cz880 charon: 05[CFG] added configuration 'nm-ipsec-l2tp-3072'
 33 May  6 10:37:03 leslie-cz880 charon: 03[CFG] rereading secrets
 34 May  6 10:37:03 leslie-cz880 charon: 03[CFG] loading secrets from '/etc/ipsec.secrets'
 35 May  6 10:37:03 leslie-cz880 charon: 03[CFG]   loaded IKE secret for %any
 36 May  6 10:37:03 leslie-cz880 charon: 09[CFG] received stroke: initiate 'nm-ipsec-l2tp-3072'
 37 May  6 10:37:03 leslie-cz880 charon: 10[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-3072[1] to 81.？.？？？.？？
 38 May  6 10:37:03 leslie-cz880 charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V ]
 39 May  6 10:37:03 leslie-cz880 charon: 10[NET] sending packet: from 192.168.0.104[500] to 81.？.？？？.？？[500] (256 bytes)
 40 May  6 10:37:03 leslie-cz880 charon: 11[NET] received packet: from 81.？.？？？.？？[500] to 192.168.0.104[500] (200 bytes)
 41 May  6 10:37:03 leslie-cz880 charon: 11[ENC] parsed ID_PROT response 0 [ SA V V V V V V ]
 42 May  6 10:37:03 leslie-cz880 charon: 11[IKE] received NAT-T (RFC 3947) vendor ID
 43 May  6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
 44 May  6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
 45 May  6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
46 May  6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
 47 May  6 10:37:03 leslie-cz880 charon: 11[IKE] received DPD vendor ID
 48 May  6 10:37:03 leslie-cz880 charon: 11[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
 49 May  6 10:37:03 leslie-cz880 charon: 11[NET] sending packet: from 192.168.0.104[500] to 81.？.？？？.？？[500] (308 bytes)
 50 May  6 10:37:04 leslie-cz880 charon: 12[NET] received packet: from 81.？.？？？.？？[500] to 192.168.0.104[500] (292 bytes)
 51 May  6 10:37:04 leslie-cz880 charon: 12[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
 52 May  6 10:37:04 leslie-cz880 charon: 12[IKE] ENCRYPTION_ALGORITHM 3DES_CBC (key size 0) not supported!
 53 May  6 10:37:04 leslie-cz880 charon: 12[IKE] key derivation for pre-shared key failed
 54 May  6 10:37:04 leslie-cz880 charon: 12[ENC] generating INFORMATIONAL_V1 request 3574203447 [ HASH N(INVAL_KE) ]
 55 May  6 10:37:04 leslie-cz880 charon: 12[NET] sending packet: from 192.168.0.104[500] to 81.？.？？？.？？[500] (80 bytes)
 56 May  6 10:37:04 leslie-cz880 NetworkManager[940]: initiating Main Mode IKE_SA nm-ipsec-l2tp-3072[1] to 81.？.？？？.？？
 57 May  6 10:37:04 leslie-cz880 NetworkManager[940]: generating ID_PROT request 0 [ SA V V V V ]
 58 May  6 10:37:04 leslie-cz880 NetworkManager[940]: sending packet: from 192.168.0.104[500] to 81.？.？？？.？？[500] (256 bytes)
 59 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received packet: from 81.？.？？？.？？[500] to 192.168.0.104[500] (200 bytes)
 60 May  6 10:37:04 leslie-cz880 NetworkManager[940]: parsed ID_PROT response 0 [ SA V V V V V V ]
 61 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received NAT-T (RFC 3947) vendor ID
 62 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-03 vendor ID
 63 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
 64 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-02 vendor ID
 65 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-00 vendor ID
 66 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received DPD vendor ID
 67 May  6 10:37:04 leslie-cz880 NetworkManager[940]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
 68 May  6 10:37:04 leslie-cz880 NetworkManager[940]: sending packet: from 192.168.0.104[500] to 81.？.？？？.？？[500] (308 bytes)
 69 May  6 10:37:04 leslie-cz880 NetworkManager[940]: received packet: from 81.？.？？？.？？[500] to 192.168.0.104[500] (292 bytes)
 70 May  6 10:37:04 leslie-cz880 NetworkManager[940]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
 71 May  6 10:37:04 leslie-cz880 NetworkManager[940]: ENCRYPTION_ALGORITHM 3DES_CBC (key size 0) not supported!
 72 May  6 10:37:04 leslie-cz880 NetworkManager[940]: key derivation for pre-shared key failed
 73 May  6 10:37:04 leslie-cz880 NetworkManager[940]: generating INFORMATIONAL_V1 request 3574203447 [ HASH N(INVAL_KE) ]
 74 May  6 10:37:04 leslie-cz880 NetworkManager[940]: sending packet: from 192.168.0.104[500] to 81.？.？？？.？？[500] (80 bytes)
 75 May  6 10:37:04 leslie-cz880 NetworkManager[940]: establishing connection 'nm-ipsec-l2tp-3072' failed
 76 May  6 10:37:04 leslie-cz880 NetworkManager[940]: nm-l2tp[3072] <warn>  Could not establish IPsec tunnel.
 77 May  6 10:37:04 leslie-cz880 charon: 15[CFG] rereading secrets
 78 May  6 10:37:04 leslie-cz880 charon: 15[CFG] loading secrets from '/etc/ipsec.secrets'
 79 May  6 10:37:04 leslie-cz880 NetworkManager[940]: (nm-l2tp-service:3072): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
 80 May  6 10:37:04 leslie-cz880 NetworkManager[940]: <info>  [1494038224.0212] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN plugin: state changed: stopped     (6)
 81 May  6 10:37:04 leslie-cz880 NetworkManager[940]: <info>  [1494038224.0219] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN plugin: state change reason: u    nknown (0)
 82 May  6 10:37:04 leslie-cz880 NetworkManager[940]: <info>  [1494038224.0227] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN service disappeared
 83 May  6 10:37:04 leslie-cz880 NetworkManager[940]: <warn>  [1494038224.0232] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN connection: failed to connect:     'Message recipient disconnected from message bus without replying'

[zhangjint5]

给你一个亲测好使的吧



ubuntu 16.04 L2TP



以前的系统 可以 sudo apt-get install l2tp-ipsec-vpn 安装 l2tp-ipsec-vpn

但是，ubuntu 16.04把这个package去掉了。如今使用xl2tp和strongswan，而这两个东西并不是安装好就行了，离连接VPN远着。



在网上找到 一个 教程 Enabling L2TP over IPSec on Ubuntu 16.04 ，才最终成功。

1.安装

sudo apt install intltool libtool network-manager-dev libnm-util-dev libnm-glib-dev libnm-glib-vpn-dev libnm-gtk-dev libnm-dev libnma-dev ppp-dev libdbus-glib-1-dev libsecret-1-dev libgtk-3-dev libglib2.0-dev xl2tpd strongswan

2.

git clone https://github.com/nm-l2tp/network-manager-l2tp.git

cd network-manager-l2tp

autoreconf -fi

intltoolize

./configure --disable-static --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu --libexecdir=/usr/lib/NetworkManager --localstatedir=/var --with-pppd-plugin-dir=/usr/lib/pppd/2.4.7

make

sudo make install

sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon

sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.stroke

sudo apt remove xl2tpd

sudo apt install libpcap0.8-dev

wget https://github.com/xelerance/xl2tpd/arc ... 3.6.tar.gz

tar xvzf xl2tpd-1.3.6.tar.gz

cd xl2tpd-1.3.6

make

sudo make install

[poloshiao]

53 行 出现错误

53 May 6 10:37:04 leslie-cz880 charon: 12[IKE] key derivation for pre-shared key failed

參閱 看看是否能幫到你

1. https://bugs.launchpad.net/ubuntu/+sour ... ug/1457078
L2TP client support for PSK removed from 15.04/15.10
StrongSwan-network-manager shipped (1.3.0-2) doesn't support pre-shared keys (support added in 1.3.1) many users will not be able to connect to business VPNs after the upgrade to 15.04.
1-1. 確認一下
套件 StrongSwan-network-manager 版本是否 >= 1.3.1

2. https://askubuntu.com/questions/586751/ ... work-manag.
Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC

3. https://www.howtoforge.com/tutorial/str ... sed-tunnel
Pre-shared key based tunnel

4. https://raymii.org/s/tutorials/IPSEC_vp ... 16.04.html
The domain name or IP address of your VPN server, which is later entered in the clients connection properties, MUST be contained either in the subject Distinguished Name (CN) and/or in a subject Alternative Name (--san). If this does not match the clients will fail to connect.

[leslielg]

终于勉强搞定了
按照这个链接的方法：

https://github.com/hwdsl2/setup-ipsec-v ... h.md#linux

最后连接时：
sudo echo "c myvpn" > /var/run/xl2tpd/l2tp-control
如果出现permission denied，换为
echo "c myvpn" | sudo tee /var/run/xl2tpd/l2tp-control

就是每次连接非常麻烦，还要自己填写路由表。

还是需要更自动化的连接方法，最好是图形界面的。