Ubuntu 16.04ラップトップからL2TP IPSec VPN接続に接続しようとしています。 WindowsシステムからVPNサーバーに接続するために同じ資格情報が適切に機能するため、同じエラーが発生するたびに。
誰でもこの問題を解決するために私を導くことができますか?
Syslog:
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info> [1492068318.2586] audit: op="connection-activate" uuid="83adbec9-817f-4faf-9839-42eb41897c10" name="VPN connection 1" pid=2254 uid=1000 result="success"
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info> [1492068318.2664] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Started the VPN service, PID 5561
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info> [1492068318.2808] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Saw the service appear; activating connection
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info> [1492068318.4059] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: (ConnectInteractive) reply received
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info> ipsec enable flag: yes
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info> starting ipsec
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: Stopping strongSwan IPsec...
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[DMN] signal of type SIGINT received. Shutting down
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (2/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (3/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (4/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Starting strongSwan 5.3.5 IPsec [starter]...
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading config setup
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading conn 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: found netkey IPsec stack
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-72-generic, x86_64)
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loaded IKE secret for %any
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[JOB] spawning 16 worker threads
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] received stroke: add connection 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] added configuration 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] rereading secrets
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] loaded IKE secret for %any
Apr 13 12:55:21 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info> Spawned ipsec up script with PID 5634.
Apr 13 12:55:21 pratip-vostro-2520 charon: 11[CFG] received stroke: initiate 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-5561[1] to 76.194.82.189
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[IKE] sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn> Timeout trying to establish IPsec connection
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info> Terminating ipsec script with PID 5634.
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn> Could not establish IPsec tunnel.
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] rereading secrets
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: (nm-l2tp-service:5561): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info> [1492068331.6006] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state changed: stopped (6)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info> [1492068331.6023] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state change reason: unknown (0)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info> [1492068331.6067] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN service disappeared
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <warn> [1492068331.6102] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[IKE] sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
開発者のリポジトリで解決策を見つけました。
https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751
バージョン1.2.6はデフォルトのIPsec暗号を上書きしなくなり、VPNサーバーは新しいバージョンのstrongSwanが壊れていると見なすレガシー暗号を使用していると思われます。
StrongSwanデフォルト暗号に独自の暗号を追加する方法については、README.mdファイルのユーザー指定のIPsec暗号スイートのセクションを参照してください。
https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites
Ike-scanパッケージをインストールして、VPNサーバーがサポートしている暗号を確認することをお勧めします。 :
$ Sudo systemctl stop strongswan
$ Sudo ike-scan 123.54.76.9
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9 Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec). 1 returned handshake; 0 returned notify
したがって、破損した3DES暗号がアドバタイズされるこの例では、バージョン1.2.6のIPsecダイアログボックスの詳細セクションで、次を追加します。
Phase1アルゴリズム:3des-sha1-modp1024
Phase2アルゴリズム:3des-sha1
すべてのステップでL2TP接続を試してから、それを確立する必要があります。