服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 具有多个IP的IPSec / L2TP VPN服务器:连接不同的IP失败
Intereting Posts
在i386机器上编译amd64的debian软件包? 开源库存系统 Outlook 2010日历 – 无法查看忙/闲计划 如何为使用共享IP地址而无WHM访问的单个域安装SSL证书 长时间运行的PHP脚本终止 PowerShell脚本从命令行运行,而不是从任务计划程序运行。 为什么? .htaccess 301与正则expression式redirect 双磁盘RAID0 / RAID1设置中硬件与软件RAID的性能影响是什么? 允许用于libvirt / lxc容器的cgroup设备 安装zend服务器后,apache服务器无法正常工作 使用iptables添加白名单后无法连接到Internet build立Esxi团队 最好/最安全的方法来停止和启动slapd ufw取消端口转发 使用MDT从networking中对PC进行成像

具有多个IP的IPSec / L2TP VPN服务器:连接不同的IP失败

我在运行Ubuntu Server 12.04的EC2上搭build了一个IPSec / L2TP VPN服务器,使用openswan 2.6.37 / xl2tpd 1.3.1。 成功连接默认IP(私有IP:172.31.14.4,公网IP:54.69.159.5),但连接第二个IP(私网IP:172.31.1.40,公网IP:54.68.144.45)则失败。

我想设置这个VPN服务器可以连接不同的IP,并使客户端IP显示为连接VPN公共IP。

这里是错误连接时的日志:

在/ var / log / syslog的 

Jun 30 11:03:16 hostname xl2tpd[9964]: get_call: allocating new tunnel for host xxxx, port 1701. Jun 30 11:03:18 hostname xl2tpd[9964]: get_call: allocating new tunnel for host xxxx, port 1701. Jun 30 11:03:18 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one. Jun 30 11:03:18 hostname xl2tpd[9964]: build_fdset: closing down tunnel 51911 Jun 30 11:03:19 hostname xl2tpd[9964]: get_call: allocating new tunnel for host xxxx, port 1701. Jun 30 11:03:19 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one. Jun 30 11:03:19 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:19 hostname xl2tpd[9964]: build_fdset: closing down tunnel 32530 Jun 30 11:03:19 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:23 xl2tpd[9964]: last message repeated 3 times Jun 30 11:03:23 hostname xl2tpd[9964]: get_call: allocating new tunnel for host xxxx, port 1701. Jun 30 11:03:23 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one. Jun 30 11:03:23 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:23 hostname xl2tpd[9964]: build_fdset: closing down tunnel 44586 Jun 30 11:03:23 hostname xl2tpd[9964]: Maximum retries exceeded for tunnel 32176. Closing. Jun 30 11:03:23 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:23 hostname xl2tpd[9964]: Connection 2 closed to xxxx, port 1701 (Timeout) Jun 30 11:03:24 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:28 xl2tpd[9964]: last message repeated 3 times Jun 30 11:03:28 hostname xl2tpd[9964]: Unable to deliver closing message for tunnel 32176. Destroying anyway. Jun 30 11:03:31 hostname xl2tpd[9964]: get_call: allocating new tunnel for host xxxx, port 1701. Jun 30 11:03:33 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:38 xl2tpd[9964]: last message repeated 4 times Jun 30 11:03:38 hostname xl2tpd[9964]: Maximum retries exceeded for tunnel 55170. Closing. Jun 30 11:03:38 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:38 hostname xl2tpd[9964]: Connection 2 closed to xxxx, port 1701 (Timeout) Jun 30 11:03:39 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:40 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:41 hostname xl2tpd[9964]: get_call: allocating new tunnel for host xxxx, port 1701. Jun 30 11:03:41 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one. Jun 30 11:03:41 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:41 hostname xl2tpd[9964]: build_fdset: closing down tunnel 16380 Jun 30 11:03:41 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:42 hostname xl2tpd[9964]: udp_xmit failed to xxxx:1701 with err=-1:Operation not permitted Jun 30 11:03:43 hostname xl2tpd[9964]: Unable to deliver closing message for tunnel 55170. Destroying anyway.

这是我的configuration:

/etc/ipsec.conf 

 config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey conn %default forceencaps=yes conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=172.31.14.4 leftprotoport=17/1701 right=%any rightprotoport=17/%any conn L2TP-PSK-noNAT-2 authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=172.31.1.40 leftprotoport=17/1701 right=%any rightprotoport=17/%any

/etc/xl2tpd/xl2tpd.conf 

 [global] ipsec saref = yes debug tunnel = yes [lns default] ip range = 10.1.2.2-10.1.2.20 local ip = 10.1.2.1 refuse chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes

/etc/ppp/options.xl2tpd 

 require-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth crtscts lock hide-password modem debug name l2tpd proxyarp lcp-echo-interval 30 lcp-echo-failure 4

不确定你是否仍然需要这个答案,但是我从未在类似的问题上看到Google的答案。 我在EC2实例上有一对IP,但在日志中有相同的错误: udp_xmit failed... Operation not permitted 。 这个configuration编辑帮助我: nat_traversal=no