web-dev-qa-db-ja.com

ubuntu 16.04からL2TP IPSec VPNに接続できません

Ubuntu 16.04ラップトップからL2TP IPSec VPN接続に接続しようとしています。 WindowsシステムからVPNサーバーに接続するために同じ資格情報が適切に機能するため、同じエラーが発生するたびに。

誰でもこの問題を解決するために私を導くことができますか?

Syslog:

Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2586] audit: op="connection-activate" uuid="83adbec9-817f-4faf-9839-42eb41897c10" name="VPN connection 1" pid=2254 uid=1000 result="success"
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2664] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Started the VPN service, PID 5561
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2808] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Saw the service appear; activating connection
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.4059] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: (ConnectInteractive) reply received
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  ipsec enable flag: yes
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  starting ipsec
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: Stopping strongSwan IPsec...
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[DMN] signal of type SIGINT received. Shutting down
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (2/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (3/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (4/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Starting strongSwan 5.3.5 IPsec [starter]...
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading config setup
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading conn 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: found netkey IPsec stack
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-72-generic, x86_64)
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG]   loaded IKE secret for %any
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[JOB] spawning 16 worker threads
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] received stroke: add connection 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] added configuration 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] rereading secrets
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG]   loaded IKE secret for %any
Apr 13 12:55:21 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Spawned ipsec up script with PID 5634.
Apr 13 12:55:21 pratip-vostro-2520 charon: 11[CFG] received stroke: initiate 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-5561[1] to 76.194.82.189
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[IKE] sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Timeout trying to establish IPsec connection
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Terminating ipsec script with PID 5634.
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Could not establish IPsec tunnel.
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] rereading secrets
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: (nm-l2tp-service:5561): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6006] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state changed: stopped (6)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6023] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state change reason: unknown (0)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6067] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN service disappeared
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <warn>  [1492068331.6102] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[IKE] sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
5
Pratip Ghosh

開発者のリポジトリで解決策を見つけました。

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

バージョン1.2.6はデフォルトのIPsec暗号を上書きしなくなり、VPNサーバーは新しいバージョンのstrongSwanが壊れていると見なすレガシー暗号を使用していると思われます。

StrongSwanデフォルト暗号に独自の暗号を追加する方法については、README.mdファイルのユーザー指定のIPsec暗号スイートのセクションを参照してください。

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

Ike-scanパッケージをインストールして、VPNサーバーがサポートしている暗号を確認することをお勧めします。 :

$ Sudo systemctl stop strongswan  
$ Sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

したがって、破損した3DES暗号がアドバタイズされるこの例では、バージョン1.2.6のIPsecダイアログボックスの詳細セクションで、次を追加します。

  • Phase1アルゴリズム:3des-sha1-modp1024

  • Phase2アルゴリズム:3des-sha1

すべてのステップでL2TP接続を試してから、それを確立する必要があります。

13
PRIHLOP