Я пытался настроить сервер L2TP/IPSec на моей установке Ubuntu, используя это руководство.

При попытке подключения я запустил sudo tail -f /var/log/auth.log , вывод которого приведен ниже:

Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: responding to Main Mode from unknown peer [my ip]
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: Can't authenticate: no preshared key found for `[server ip]' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Feb  8 10:35:41  pluto[6167]: last message repeated 5 times
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: no acceptable Oakley Transform
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip] #20: sending notification NO_PROPOSAL_CHOSEN to [my ip]:500
Feb  8 10:35:41 prometheus pluto[6167]: "L2TP-PSK-noNAT"[20] [my ip]: deleting connection "L2TP-PSK-noNAT" instance with peer [my ip] {isakmp=#0/ipsec=#0}

/etc/ipsec.conf

version 2.0

config setup
  dumpdir=/var/run/pluto/
  nat_traversal=yes
  virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  oe=off
  protostack=netkey
  keep_alive=10

include /etc/ipsec.d/*.conf

/etc/ipsec.d/road-warrior.conf

conn L2TP-PSK-noNAT
authby=secret
  pfs=no
  auto=add
  keyingtries=3
  rekey=no
  ikelifetime=8h
  keylife=1h
  type=transport
  left=[server ip]
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/%any

conn L2TP-PSK-NAT
  rightsubnet=vhost:%priv
  also=L2TP-PSK-noNAT

/etc/ipsec.d/road-warrior.secrets

[server ip] %any: PSK "psk"

Вывод ipsec verify

Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.37/K3.12.9-x86_64-linode37 (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [OK]
    [OK]
    [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

/etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = yes

[lns default]
ip range = 10.10.10.2-10.10.10.200  
local ip = 10.10.10.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 4.2.2.1
ms-dns 4.2.2.2
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

/ и т.д. / ррр / CHAP-секреты

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user1           l2tpd   user1password           *
user2           l2tpd   user2password           *

Кто-нибудь может помочь?

1 ответ1

1

Потому что в строке ошибки написано:

Can't authenticate: no preshared key found for [server ip]' and %any' .

Это заставляет меня поверить, что, возможно, ваш файл /etc/ipsec.d/road-warrior.secrets имеет [serverip], который не совпадает с ipsec.conf left=[serverip]

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .