服务器 Gind.cn
  1. 服务器 Gind.cn
  3. strongSwan + xl2tpd VPN服务器:如何configuration几个configuration文件?
Intereting Posts
在Centos6.7上安装sqlite最新版本 将LVM快照同步到备份服务器 大量数据的家庭备份策略 惠普ML150服务器和RAID Nginx在达到最大工作者连接时的行为 VPS的Exim收到了用于MX的电子邮件 将hMailServer设置为将所有出站smtp电子邮件redirect到一个电子邮件帐户 使用gsutil保存path复制文件列表(-I标志) configurationXP的客人和Win7的主机,以便客人获得主机的RAM的最大好处? PerfMon计数器不可用 在Windows 2008上的磁盘问题的大小 NETSH已被PowerShell取代(2012年12月) 不知道MAC地址的DHCP预留 启动后启动SVN服务器 防止Windows Server环境中多宿主网卡的自动DNS更新

strongSwan + xl2tpd VPN服务器:如何configuration几个configuration文件?

我在Ubuntu服务器16.04上用strongSwan和xl2tpd设置了我的VPN服务器。 configuration后,我试图从iPad连接,但得到的错误如下: 

Mar 26 02:22:13 myname-ubuntu-server charon: 01[NET] received packet: from 61.205.5.249[44919] to 192.168.193.3[500] (788 bytes) Mar 26 02:22:13 myname-ubuntu-server charon: 01[ENC] parsed ID_PROT request 0 [ SA VVVVVVVVVVVV ] Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received NAT-T (RFC 3947) vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received FRAGMENTATION vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] received DPD vendor ID Mar 26 02:22:13 myname-ubuntu-server charon: 01[IKE] 61.205.5.249 is initiating a Main Mode IKE_SA Mar 26 02:22:13 myname-ubuntu-server charon: 01[ENC] generating ID_PROT response 0 [ SA VVV ] Mar 26 02:22:13 myname-ubuntu-server charon: 01[NET] sending packet: from 192.168.193.3[500] to 61.205.5.249[44919] (136 bytes) Mar 26 02:22:13 myname-ubuntu-server charon: 10[NET] received packet: from 61.205.5.249[44919] to 192.168.193.3[500] (380 bytes) Mar 26 02:22:13 myname-ubuntu-server charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Mar 26 02:22:13 myname-ubuntu-server charon: 10[IKE] local host is behind NAT, sending keep alives Mar 26 02:22:13 myname-ubuntu-server charon: 10[IKE] remote host is behind NAT Mar 26 02:22:13 myname-ubuntu-server charon: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Mar 26 02:22:13 myname-ubuntu-server charon: 10[NET] sending packet: from 192.168.193.3[500] to 61.205.5.249[44919] (396 bytes) Mar 26 02:22:13 myname-ubuntu-server charon: 06[NET] received packet: from 61.205.5.249[4500] to 192.168.193.3[4500] (108 bytes) Mar 26 02:22:13 myname-ubuntu-server charon: 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Mar 26 02:22:13 myname-ubuntu-server charon: 06[CFG] looking for pre-shared key peer configs matching 192.168.193.3...61.205.5.249[100.75.130.131] Mar 26 02:22:13 myname-ubuntu-server charon: 06[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode Mar 26 02:22:13 myname-ubuntu-server charon: 06[ENC] generating INFORMATIONAL_V1 request 2960834334 [ HASH N(AUTH_FAILED) ] Mar 26 02:22:13 myname-ubuntu-server charon: 06[NET] sending packet: from 192.168.193.3[4500] to 61.205.5.249[4500] (108 bytes)

我认为错误的关键点是“发现1匹配的configuration,但没有任何使用主模式允许预共享密钥authentication”。 有谁知道如何解决这个错误?

我find了这个问题的答案,build议在/etc/ipsec.conf中添加“aggressiveness = yes”,然后尝试,但是没有奏效…(也许我在错误的位置添加了“aggressiveness = yes”这一行..我是Linux的初学者…)

我通过以下网站设置configuration文件: http : //qiita.com/namoshika/items/30c348b56474d422ef64 (对不起,但它是用日语写的…我认为你至less可以阅读代码部分。)

如果有人告诉我用L2TP / IPsec在Ubuntu16.04上设置VPN服务器的可靠说明文件,我将不胜感激。

不要使用积极的模式,连接将不太安全。 无论如何尝试这个configuration。 我在VPN服务器上使用了strongswan-5.3.5和xl2tpd-1.3.6

ipsec.conf文件 

 config setup cachecrls=yes uniqueids=yes charondebug="" conn %default keyingtries=%forever dpddelay=30s dpdtimeout=120s conn L2TP dpdaction=clear #Server IP left=192.168.1.130 #Server default gateway leftnexthop=192.168.1.254 leftprotoport=17/1701 rightprotoport=17/%any right=%any rightsubnet=0.0.0.0/0 leftauth=psk rightauth=psk leftid="<insert-the-public-ip-here>" ikelifetime=1h keylife=8h ike=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024 esp=aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp1536,3des-md5-modp1024 auto=add keyexchange=ike type=transport conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore

ipsec.secrets 

 <insert-the-left-id-here> %any : PSK "<my-password>"

/etc/xl2tpd/xl2tpd.conf 

 [global] ipsec saref = no debug tunnel = no debug avp = no debug network = no debug state = no [lns default] ip range = 10.0.0.20-10.0.0.30 local ip = 10.0.0.1 require authentication = yes name = l2tp pass peer = yes ppp debug = no pppoptfile = /etc/ppp/options.xl2tpd length bit = yes unix authentication = yes

/etc/ppp/options.xl2tpd 

 ipcp-accept-local ipcp-accept-remote ms-dns 10.0.0.1 auth idle 1800 mtu 1200 mru 1200 nodefaultroute lock proxyarp connect-delay 5000 name l2tpd ifname l2tp login

在/ etc / ppp / chap-secrets中 

 username * "l2tppassword" *

重启服务 

 sudo service strongswan restart sudo service xl2tpd restart