如题,有一个softether配置的l2tp vpn server,跑在vps虚拟机上,该vpn通过windows 10,android手机,苹果手机都可以顺利连接。
在ubuntu 16.04里该如何连入该vpn?
尝试过安装network-manager-l2tp,试过几种配置连接vpn均失败。
ubuntu 16.04 如何连接l2tp vpn
-
- 帖子: 124
- 注册时间: 2008-08-30 10:52
-
- 论坛版主
- 帖子: 18279
- 注册时间: 2009-08-04 16:33
-
- 帖子: 304
- 注册时间: 2011-01-02 12:31
Re: ubuntu 16.04 如何连接l2tp vpn
最近就为了 L2TP 改用 fedora 去了,因为它里面有 NetworkManager-l2tp-gnome 包~!
-
- 帖子: 124
- 注册时间: 2008-08-30 10:52
Re: ubuntu 16.04 如何连接l2tp vpn
我就是从这里看到安装的nm-l2tp 和 nm-l2tp-gnome,然而并不work。poloshiao 写了:https://askubuntu.com/questions/789421/ ... untu-16-04
L2tp IPSEC PSK VPN client on (x)ubuntu 16.04
Log如下,53行出现错误
代码: 全选
3 May 6 10:36:56 leslie-cz880 NetworkManager[940]: <info> [1494038216.1627] keyfile: update /etc/NetworkManager/system-connections/Ramnode (aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode" )
4 May 6 10:36:56 leslie-cz880 NetworkManager[940]: <info> [1494038216.1630] audit: op="connection-update" uuid="aa69a6e0-cc83-46e1-a60f-57759b2891a5" name="Ramnode" pid=3061 uid=1000 res ult="success"
5 May 6 10:37:00 leslie-cz880 NetworkManager[940]: <info> [1494038220.1073] audit: op="connection-activate" uuid="aa69a6e0-cc83-46e1-a60f-57759b2891a5" name="Ramnode" pid=2038 uid=1000 r esult="success"
6 May 6 10:37:00 leslie-cz880 NetworkManager[940]: <info> [1494038220.1102] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: Started the VPN service, PID 3072
7 May 6 10:37:00 leslie-cz880 NetworkManager[940]: <info> [1494038220.1153] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: Saw the service appear; activating connection
8 May 6 10:37:00 leslie-cz880 NetworkManager[940]: <info> [1494038220.1513] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN connection: (ConnectInteractiv e) reply received
9 May 6 10:37:00 leslie-cz880 NetworkManager[940]: nm-l2tp[3072] <info> ipsec enable flag: yes
10 May 6 10:37:00 leslie-cz880 NetworkManager[940]: ** Message: Check port 1701
11 May 6 10:37:00 leslie-cz880 NetworkManager[940]: ** Message: Check port 1701
12 May 6 10:37:00 leslie-cz880 NetworkManager[940]: nm-l2tp[3072] <info> starting ipsec
13 May 6 10:37:00 leslie-cz880 NetworkManager[940]: Stopping strongSwan IPsec...
14 May 6 10:37:00 leslie-cz880 charon: 00[DMN] signal of type SIGINT received. Shutting down
15 May 6 10:37:00 leslie-cz880 ipsec[3094]: Stopping strongSwan IPsec failed: starter is not running
16 May 6 10:37:02 leslie-cz880 NetworkManager[940]: Starting strongSwan 5.3.5 IPsec [starter]...
17 May 6 10:37:02 leslie-cz880 NetworkManager[940]: Loading config setup
18 May 6 10:37:02 leslie-cz880 NetworkManager[940]: Loading conn 'nm-ipsec-l2tp-3072'
19 May 6 10:37:02 leslie-cz880 NetworkManager[940]: found netkey IPsec stack
20 May 6 10:37:02 leslie-cz880 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-75-generic, x86_64)
21 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
22 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
23 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
24 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
25 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
26 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
27 May 6 10:37:02 leslie-cz880 charon: 00[CFG] loaded IKE secret for %any
28 May 6 10:37:02 leslie-cz880 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dn skey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown
29 May 6 10:37:02 leslie-cz880 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
30 May 6 10:37:02 leslie-cz880 charon: 00[JOB] spawning 16 worker threads
31 May 6 10:37:02 leslie-cz880 charon: 05[CFG] received stroke: add connection 'nm-ipsec-l2tp-3072'
32 May 6 10:37:02 leslie-cz880 charon: 05[CFG] added configuration 'nm-ipsec-l2tp-3072'
33 May 6 10:37:03 leslie-cz880 charon: 03[CFG] rereading secrets
34 May 6 10:37:03 leslie-cz880 charon: 03[CFG] loading secrets from '/etc/ipsec.secrets'
35 May 6 10:37:03 leslie-cz880 charon: 03[CFG] loaded IKE secret for %any
36 May 6 10:37:03 leslie-cz880 charon: 09[CFG] received stroke: initiate 'nm-ipsec-l2tp-3072'
37 May 6 10:37:03 leslie-cz880 charon: 10[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-3072[1] to 81.?.???.??
38 May 6 10:37:03 leslie-cz880 charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V ]
39 May 6 10:37:03 leslie-cz880 charon: 10[NET] sending packet: from 192.168.0.104[500] to 81.?.???.??[500] (256 bytes)
40 May 6 10:37:03 leslie-cz880 charon: 11[NET] received packet: from 81.?.???.??[500] to 192.168.0.104[500] (200 bytes)
41 May 6 10:37:03 leslie-cz880 charon: 11[ENC] parsed ID_PROT response 0 [ SA V V V V V V ]
42 May 6 10:37:03 leslie-cz880 charon: 11[IKE] received NAT-T (RFC 3947) vendor ID
43 May 6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
44 May 6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
45 May 6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
46 May 6 10:37:03 leslie-cz880 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
47 May 6 10:37:03 leslie-cz880 charon: 11[IKE] received DPD vendor ID
48 May 6 10:37:03 leslie-cz880 charon: 11[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
49 May 6 10:37:03 leslie-cz880 charon: 11[NET] sending packet: from 192.168.0.104[500] to 81.?.???.??[500] (308 bytes)
50 May 6 10:37:04 leslie-cz880 charon: 12[NET] received packet: from 81.?.???.??[500] to 192.168.0.104[500] (292 bytes)
51 May 6 10:37:04 leslie-cz880 charon: 12[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
52 May 6 10:37:04 leslie-cz880 charon: 12[IKE] ENCRYPTION_ALGORITHM 3DES_CBC (key size 0) not supported!
53 May 6 10:37:04 leslie-cz880 charon: 12[IKE] key derivation for pre-shared key failed
54 May 6 10:37:04 leslie-cz880 charon: 12[ENC] generating INFORMATIONAL_V1 request 3574203447 [ HASH N(INVAL_KE) ]
55 May 6 10:37:04 leslie-cz880 charon: 12[NET] sending packet: from 192.168.0.104[500] to 81.?.???.??[500] (80 bytes)
56 May 6 10:37:04 leslie-cz880 NetworkManager[940]: initiating Main Mode IKE_SA nm-ipsec-l2tp-3072[1] to 81.?.???.??
57 May 6 10:37:04 leslie-cz880 NetworkManager[940]: generating ID_PROT request 0 [ SA V V V V ]
58 May 6 10:37:04 leslie-cz880 NetworkManager[940]: sending packet: from 192.168.0.104[500] to 81.?.???.??[500] (256 bytes)
59 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received packet: from 81.?.???.??[500] to 192.168.0.104[500] (200 bytes)
60 May 6 10:37:04 leslie-cz880 NetworkManager[940]: parsed ID_PROT response 0 [ SA V V V V V V ]
61 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received NAT-T (RFC 3947) vendor ID
62 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-03 vendor ID
63 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
64 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-02 vendor ID
65 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received draft-ietf-ipsec-nat-t-ike-00 vendor ID
66 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received DPD vendor ID
67 May 6 10:37:04 leslie-cz880 NetworkManager[940]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
68 May 6 10:37:04 leslie-cz880 NetworkManager[940]: sending packet: from 192.168.0.104[500] to 81.?.???.??[500] (308 bytes)
69 May 6 10:37:04 leslie-cz880 NetworkManager[940]: received packet: from 81.?.???.??[500] to 192.168.0.104[500] (292 bytes)
70 May 6 10:37:04 leslie-cz880 NetworkManager[940]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
71 May 6 10:37:04 leslie-cz880 NetworkManager[940]: ENCRYPTION_ALGORITHM 3DES_CBC (key size 0) not supported!
72 May 6 10:37:04 leslie-cz880 NetworkManager[940]: key derivation for pre-shared key failed
73 May 6 10:37:04 leslie-cz880 NetworkManager[940]: generating INFORMATIONAL_V1 request 3574203447 [ HASH N(INVAL_KE) ]
74 May 6 10:37:04 leslie-cz880 NetworkManager[940]: sending packet: from 192.168.0.104[500] to 81.?.???.??[500] (80 bytes)
75 May 6 10:37:04 leslie-cz880 NetworkManager[940]: establishing connection 'nm-ipsec-l2tp-3072' failed
76 May 6 10:37:04 leslie-cz880 NetworkManager[940]: nm-l2tp[3072] <warn> Could not establish IPsec tunnel.
77 May 6 10:37:04 leslie-cz880 charon: 15[CFG] rereading secrets
78 May 6 10:37:04 leslie-cz880 charon: 15[CFG] loading secrets from '/etc/ipsec.secrets'
79 May 6 10:37:04 leslie-cz880 NetworkManager[940]: (nm-l2tp-service:3072): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
80 May 6 10:37:04 leslie-cz880 NetworkManager[940]: <info> [1494038224.0212] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN plugin: state changed: stopped (6)
81 May 6 10:37:04 leslie-cz880 NetworkManager[940]: <info> [1494038224.0219] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN plugin: state change reason: u nknown (0)
82 May 6 10:37:04 leslie-cz880 NetworkManager[940]: <info> [1494038224.0227] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN service disappeared
83 May 6 10:37:04 leslie-cz880 NetworkManager[940]: <warn> [1494038224.0232] vpn-connection[0x1bb91c0,aa69a6e0-cc83-46e1-a60f-57759b2891a5,"Ramnode",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
-
- 帖子: 304
- 注册时间: 2011-01-02 12:31
Re: ubuntu 16.04 如何连接l2tp vpn
给你一个亲测好使的吧
ubuntu 16.04 L2TP
以前的系统 可以 sudo apt-get install l2tp-ipsec-vpn 安装 l2tp-ipsec-vpn
但是,ubuntu 16.04把这个package去掉了。如今使用xl2tp和strongswan,而这两个东西并不是安装好就行了,离连接VPN远着。
在网上找到 一个 教程 Enabling L2TP over IPSec on Ubuntu 16.04 ,才最终成功。
1.安装
sudo apt install intltool libtool network-manager-dev libnm-util-dev libnm-glib-dev libnm-glib-vpn-dev libnm-gtk-dev libnm-dev libnma-dev ppp-dev libdbus-glib-1-dev libsecret-1-dev libgtk-3-dev libglib2.0-dev xl2tpd strongswan
2.
git clone https://github.com/nm-l2tp/network-manager-l2tp.git
cd network-manager-l2tp
autoreconf -fi
intltoolize
./configure --disable-static --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu --libexecdir=/usr/lib/NetworkManager --localstatedir=/var --with-pppd-plugin-dir=/usr/lib/pppd/2.4.7
make
sudo make install
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.stroke
sudo apt remove xl2tpd
sudo apt install libpcap0.8-dev
wget https://github.com/xelerance/xl2tpd/arc ... 3.6.tar.gz
tar xvzf xl2tpd-1.3.6.tar.gz
cd xl2tpd-1.3.6
make
sudo make install
ubuntu 16.04 L2TP
以前的系统 可以 sudo apt-get install l2tp-ipsec-vpn 安装 l2tp-ipsec-vpn
但是,ubuntu 16.04把这个package去掉了。如今使用xl2tp和strongswan,而这两个东西并不是安装好就行了,离连接VPN远着。
在网上找到 一个 教程 Enabling L2TP over IPSec on Ubuntu 16.04 ,才最终成功。
1.安装
sudo apt install intltool libtool network-manager-dev libnm-util-dev libnm-glib-dev libnm-glib-vpn-dev libnm-gtk-dev libnm-dev libnma-dev ppp-dev libdbus-glib-1-dev libsecret-1-dev libgtk-3-dev libglib2.0-dev xl2tpd strongswan
2.
git clone https://github.com/nm-l2tp/network-manager-l2tp.git
cd network-manager-l2tp
autoreconf -fi
intltoolize
./configure --disable-static --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu --libexecdir=/usr/lib/NetworkManager --localstatedir=/var --with-pppd-plugin-dir=/usr/lib/pppd/2.4.7
make
sudo make install
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.stroke
sudo apt remove xl2tpd
sudo apt install libpcap0.8-dev
wget https://github.com/xelerance/xl2tpd/arc ... 3.6.tar.gz
tar xvzf xl2tpd-1.3.6.tar.gz
cd xl2tpd-1.3.6
make
sudo make install
-
- 论坛版主
- 帖子: 18279
- 注册时间: 2009-08-04 16:33
Re: ubuntu 16.04 如何连接l2tp vpn
53 行 出现错误
參閱 看看是否能幫到你53 May 6 10:37:04 leslie-cz880 charon: 12[IKE] key derivation for pre-shared key failed
1. https://bugs.launchpad.net/ubuntu/+sour ... ug/1457078
L2TP client support for PSK removed from 15.04/15.10
StrongSwan-network-manager shipped (1.3.0-2) doesn't support pre-shared keys (support added in 1.3.1) many users will not be able to connect to business VPNs after the upgrade to 15.04.
1-1. 確認一下
套件 StrongSwan-network-manager 版本是否 >= 1.3.1
2. https://askubuntu.com/questions/586751/ ... work-manag.
Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC
3. https://www.howtoforge.com/tutorial/str ... sed-tunnel
Pre-shared key based tunnel
4. https://raymii.org/s/tutorials/IPSEC_vp ... 16.04.html
The domain name or IP address of your VPN server, which is later entered in the clients connection properties, MUST be contained either in the subject Distinguished Name (CN) and/or in a subject Alternative Name (--san). If this does not match the clients will fail to connect.
-
- 帖子: 124
- 注册时间: 2008-08-30 10:52
Re: ubuntu 16.04 如何连接l2tp vpn
终于勉强搞定了
按照这个链接的方法:
https://github.com/hwdsl2/setup-ipsec-v ... h.md#linux
最后连接时:
sudo echo "c myvpn" > /var/run/xl2tpd/l2tp-control
如果出现permission denied,换为
echo "c myvpn" | sudo tee /var/run/xl2tpd/l2tp-control
就是每次连接非常麻烦,还要自己填写路由表。
还是需要更自动化的连接方法,最好是图形界面的。
按照这个链接的方法:
https://github.com/hwdsl2/setup-ipsec-v ... h.md#linux
最后连接时:
sudo echo "c myvpn" > /var/run/xl2tpd/l2tp-control
如果出现permission denied,换为
echo "c myvpn" | sudo tee /var/run/xl2tpd/l2tp-control
就是每次连接非常麻烦,还要自己填写路由表。
还是需要更自动化的连接方法,最好是图形界面的。