连接到Ubuntu wrackswan和xl2tpd的Meraki客户端VPN

我有一台运行Ubuntu 14的虚拟设备，我想通过Meraki客户端VPN连接到远程networking。

我已经find了在Ubuntu 16上安装和configurationstrongswan和xl2tpd的说明，这使得我在那里获得了大部分的方式，但是在build立VPN之后，我似乎无法build立路由。

目标是通过VPN允许从单个Ubuntu VM到远程LAN上的子网的stream量。

（Ubuntu 192.168.5.99/32）= VPN>（Meraki appliance 20.20.20.20）=>（Subnet 192.168.1.0/24）

https://gist.github.com/psanford/42c550a1a6ad3cb70b13e4aaa94ddb1c http://www.jasonernst.com/2016/06/21/l2tp-ipsec-vpn-on-ubuntu-16-04/

/etc/ipsec.conf：

# ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. # Sample VPN connections conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret ike=aes128-sha1-modp1024,3des-sha1-modp1024! esp=aes128-sha1-modp1024,3des-sha1-modp1024! conn meraki-vpn keyexchange=ikev1 left=%defaultroute auto=add authby=secret type=transport leftprotoport=17/1701 rightprotoport=17/1701 # set this to the ip address of your meraki vpn right=20.20.20.20

/etc/xl2tpd/xl2tpd.conf：

 [lac meraki] lns = 20.20.20.20 ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes

我可以调出VPN：

 root@zzz:~# ipsec up meraki-vpn ... connection 'meraki-vpn' established successfully

 echo "c meraki [email protected] mypassword" > /var/run/xl2tpd/l2tp-control

但我无法获得路线设置。试图遵循魔术食谱导致错误。我不能确定这是否是一些xl2tpdconfiguration问题，或者如果我只是无法find正确的语法来添加路由。任何有识之士将不胜感激。

 root@zzz:~# ip route add 192.168.1.0/24 dev ppp0 Cannot find device "ppp0"

ipsec状态：

 Status of IKE charon daemon (strongSwan 5.1.2, Linux 4.2.0-42-generic, x86_64): uptime: 20 hours, since Oct 19 19:30:38 2016 malloc: sbrk 2433024, mmap 0, used 352240, free 2080784 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4 loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock Listening IP addresses: 192.168.5.99 Connections: meraki-vpn: %any...20.20.20.20 IKEv1 meraki-vpn: local: [192.168.5.99] uses pre-shared key authentication meraki-vpn: remote: [20.20.20.20] uses pre-shared key authentication meraki-vpn: child: dynamic[udp/l2f] === dynamic[udp/l2f] TRANSPORT Security Associations (1 up, 0 connecting): meraki-vpn[4]: ESTABLISHED 8 minutes ago, 192.168.5.99[192.168.5.99]...20.20.20.20[20.20.20.20] meraki-vpn[4]: IKEv1 SPIs: 2121ded4dc4dc94e_i* 3d5d1cc8bf935f19_r, pre-shared key reauthentication in 48 minutes meraki-vpn[4]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 meraki-vpn{5}: INSTALLED, TRANSPORT, ESP in UDP SPIs: c330d0b3_i 06749ffa_o meraki-vpn{5}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 8 minutes meraki-vpn{5}: 192.168.5.99/32[udp/l2f] === 20.20.20.20/32[udp/l2f]

ifconfig：

 eth0 Link encap:Ethernet HWaddr 00:0c:29:5f:9c:73 inet addr:192.168.5.99 Bcast:192.168.5.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe5f:9c73/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:459939 errors:0 dropped:0 overruns:0 frame:0 TX packets:362145 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:78969068 (78.9 MB) TX bytes:52179997 (52.1 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:427152 errors:0 dropped:0 overruns:0 frame:0 TX packets:427152 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:25278435 (25.2 MB) TX bytes:25278435 (25.2 MB)

谢谢！

您需要禁用xl2tpd，因为它运行时会占用端口1701，而VPN客户端通常只会根据需要在1701上启动服务。

当我按照下面引用的这个答案发现这个时，我提到的博客post提到了从Ubuntu 16.04到Meraki的连接。

对于network-manager-l2tp存在PPA：

您可以使用

 sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp sudo apt-get update sudo apt-get install network-manager-l2tp

为Ubuntu 16.04安装支持L2TP的networkingpipe理器l2tp

从源代码构build的演练： http : //blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/