服务器 Gind.cn
  1. 服务器 Gind.cn
  3. OpenWRT StrongSwan IPsec客户端连接('用户'(我)的XAuthauthentication失败)
Intereting Posts
adfssrv服务的目的 服务器CPU在100%,没有响应使用PUMA和Nginx GIT私人存储库 – 在MediaTemple.net上SSH访问子域 IIS6双重编码:仍然是一个安全漏洞? 允许用户执行一些事情 Ubuntu Apache2 XSLT wilcard subdoman是否获得DNScaching? 是否支持SQL Server数据和日志文件? mail2ftp与Postfix / Cyrus接口 – 如何通过FTP自动共享邮件附件? Nginx的服务运行成功,但返回Apache的默认页面? 只接受通过SSH上传的新文件 重塑旧的后端架构以使用Docker和CI 一个域名,两个服务器 邮件发送格式问题在不同的Linux服务器 cnamelogging是做什么的?

OpenWRT StrongSwan IPsec客户端连接('用户'(我)的XAuthauthentication失败)

我正在尝试将我的OpenWRT路由器连接到远程VPN服务器。 我拥有的凭据是正确的,但出于某种原因,连接无法在路由器上进行身份validation。 这是我的configuration

/etc/ipsec.conf 

conn l2tpconn keyexchange=ikev1 authby=xauthpsk xauth=client left=%defaultroute leftsourceip=%config leftfirewall=yes leftauth=psk leftauth2=xauth leftid=user right=<server_ip> rightsubnet=0.0.0.0/0 rightauth=psk rightauth2=xauth auto=add

/etc/ipsec.secrets 

 %any <server_ip> : PSK 'secret' 'user' : XAUTH 'password'

日志 

 initiating Main Mode IKE_SA l2tpconn[39] to <server_ip> generating ID_PROT request 0 [ SA VVVV ] sending packet: from 192.168.1.18[500] to <server_ip>[500] (224 bytes) received packet: from <server_ip>[500] to 192.168.1.18[500] (156 bytes) parsed ID_PROT response 0 [ SA VVVV ] received DPD vendor ID received FRAGMENTATION vendor ID received XAuth vendor ID received NAT-T (RFC 3947) vendor ID generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 192.168.1.18[500] to <server_ip>[500] (372 bytes) received packet: from <server_ip>[500] to 192.168.1.18[500] (372 bytes) parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] local host is behind NAT, sending keep alives remote host is behind NAT generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (92 bytes) received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes) parsed ID_PROT response 0 [ ID HASH ] received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes) parsed TRANSACTION request 2614881849 [ HASH CPRQ(X_USER X_PWD) ] generating TRANSACTION response 2614881849 [ HASH CPRP(X_USER X_PWD) ] sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (108 bytes) received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes) parsed TRANSACTION request 645236074 [ HASH CPS(X_STATUS) ] XAuth authentication of 'user' (myself) failed generating TRANSACTION response 645236074 [ HASH CPA(X_STATUS) ] sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (76 bytes) establishing connection 'l2tpconn' failed

也许这是简单的,我很想念,但如果你有任何build议,将是非常有益的。 谢谢。

所以,我想清楚了我的问题是什么,这是不同的事情的结合。

  1. 我没有意识到服务器正在将XAUTH请求logging到/var/log/auth.log我以为它在/ var / log / syslog

  2. 在读完日志之后,我注意到它正在检查/etc/ipsec.d/passwd中的凭据,而不是/ etc / ppp / chap-secrets,不pipe出于何种原因,我曾经想过。

然后我添加了我的用户名和散列密码(openssl密码-1“密码”)到/etc/ipconf.d/passwd,它的工作。