IPSEC / L2TP Ubuntu Studio 14.04(Strongswan)
我的第一个问题:Ubuntu是否支持IPSEC / L2TP / PSK vpn客户端?
我的第二个问题:是否有支持IPSEC / L2TP和PSK的前端“网络管理器”?
背景:
在我的努力中,我遇到了这篇文章: https : //bugs.launchpad.net/ubuntu/+source/network-manager/+bug/264691 – 我试图使用这些建议 – 但我仍然无法获得一个工作的IPSEC / L2TP / PSK隧道,因为它使用openswan引用。
情况:
我使用的是Werner Jaeger ipsec客户端,它运行良好 – 大约3或4个月前它已停止工作。 我试图使用Ubuntu Studio 14.04和Debian 8在我的桌面上重新安装它,我得到了相同的结果。
我现在明白,openswan已从发行版中删除并被strongswan取代。 我非常不想离开Linux,因为我做的一件事就是在家工作,需要vpn来监控/测试/配置网络。 有人能指出我将其配置为客户端的好教程吗?
边注:
我在Ubuntu 14.10上找到了这个主题L2TP IPsec VPN客户端 – 尝试了所有的东西 – 仍然没有 – 也没有回答问题是它是14.10和我使用14.04它在技术上是不同的 – 我做了很多迄今为止的事情是让它发挥作用而没有任何帮助。 任何帮助将非常感激!!!
很抱歉在这里转储 – 严重 – 我非常渴望得到这个工作,并且我已经完成了它 – 现在已经有3个月了,因为我能够在我的桌面上工作。 我所做的所有研究都让我相信开放的天鹅不再适用,我必须使用strongswan。 (我错了吗?)
所以我一直试图做的一些事情 –
使用strongswan我尝试这样做:
apt-get install strongswan network-manager-strongswan 据我所知,我应该在网络管理器中看到L2TP / IPSEC选项。 (我错了吗?)
问题是l2tp / ipsec / psk在安装完并重新启动后不是网络管理器中的一个选项
此外,Werner Jaeger小程序在去到strongswan后消失了,这是预期的吗?
接下来我试图做的事情 –
我把我的机器翻了回到openswan,这是几个月来第一次连接 – 虽然几秒钟之后它就会掉线 – 我想我会运行’ipsec verify’检查状态 – 下面是我的步骤和我的日志减去敏感细节 – 任何想法将不胜感激
我安装的是什么 –
sudo apt-get install openswan sudo apt-get install xl2tpd sudo apt-get install l2tp-ipsec-vpn
然后我配置了gui applet
然后我配置了文件:
/etc/ppp/watevs.options.xl2tpd
-Logs-
jason@casa-wesella:~$ sudo ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.38/K3.16.0-43-lowlatency (netkey) Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing XFRM related proc values [FAILED] Please disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause the sending of bogus ICMP redirects! [FAILED] Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects! [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [WARNING] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] > Logs from applet - Jul 21 15:23:45.505 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.16.0-43-lowlatency... Jul 21 15:23:46.412 ipsec__plutorun: Starting Pluto subsystem... Jul 21 15:23:46.659 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Jul 21 15:23:46.749 recvref[30]: Protocol not available Jul 21 15:23:46.749 xl2tpd[2313]: This binary does not support kernel L2TP. Jul 21 15:23:46.749 xl2tpd[2316]: xl2tpd version xl2tpd-1.3.6 started on casa-wesella PID:2316 Jul 21 15:23:46.750 xl2tpd[2316]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Jul 21 15:23:46.750 xl2tpd[2316]: Forked by Scott Balmos and David Stipp, (C) 2001 Jul 21 15:23:46.750 xl2tpd[2316]: Inherited by Jeff McAdams, (C) 2002 Jul 21 15:23:46.750 xl2tpd[2316]: Forked again by Xelerance (www.xelerance.com) (C) 2006 Jul 21 15:23:46.751 xl2tpd[2316]: Listening on IP address 0.0.0.0, port 1701 Jul 21 15:23:46.752 Starting xl2tpd: xl2tpd. Jul 21 15:23:46.891 ipsec__plutorun: 027 bad right --id: does not look numeric and name lookup failed (ignored) Jul 21 15:23:46.892 ipsec__plutorun: 002 added connection description "Work" Jul 21 15:23:47.123 104 "Work" #1: STATE_MAIN_I1: initiate Jul 21 15:23:47.124 003 "Work" #1: received Vendor ID payload [RFC 3947] method set to=115 Jul 21 15:23:47.124 003 "Work" #1: received Vendor ID payload [Dead Peer Detection] Jul 21 15:23:47.124 003 "Work" #1: ignoring unknown Vendor ID payload [8299031757a36082c6a621de00050282] Jul 21 15:23:47.124 106 "Work" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Jul 21 15:23:47.124 003 "Work" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed Jul 21 15:23:47.124 108 "Work" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Jul 21 15:23:47.124 004 "Work" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024} Jul 21 15:23:47.125 117 "Work" #2: STATE_QUICK_I1: initiate Jul 21 15:23:47.125 003 "Work" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=8e08921c Jul 21 15:23:47.125 003 "Work" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed Jul 21 15:23:47.125 004 "Work" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x37742a26 <0x478d0d00 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none} Jul 21 15:23:48.129 xl2tpd[2316]: Connecting to host Public IP, port 1701 Jul 21 15:23:48.168 xl2tpd[2316]: Connection established to Public IP, 1701. Local: 57627, Remote: 14608 (ref=0/0). Jul 21 15:23:48.194 xl2tpd[2316]: Calling on tunnel 57627 Jul 21 15:23:48.212 xl2tpd[2316]: Call established with Public IP, Local: 14783, Remote: 14609, Serial: 1 (ref=0/0) Jul 21 15:23:48.212 xl2tpd[2316]: start_pppd: I'm running: Jul 21 15:23:48.213 xl2tpd[2316]: "/usr/sbin/pppd" Jul 21 15:23:48.213 xl2tpd[2316]: "passive" Jul 21 15:23:48.213 xl2tpd[2316]: "nodetach" Jul 21 15:23:48.214 xl2tpd[2316]: ":" Jul 21 15:23:48.214 xl2tpd[2316]: "file" Jul 21 15:23:48.214 xl2tpd[2316]: "/etc/ppp/Work.options.xl2tpd" Jul 21 15:23:48.215 xl2tpd[2316]: "/dev/pts/6" Jul 21 15:23:48.331 pppd[2427]: Plugin passprompt.so loaded. Jul 21 15:23:48.332 pppd[2427]: pppd 2.4.5 started by root, uid 0 Jul 21 15:23:48.333 pppd[2427]: Using interface ppp0 Jul 21 15:23:48.333 pppd[2427]: Connect: ppp0 /dev/pts/6 Jul 21 15:23:52.345 pppd[2427]: Remote message: Login ok Jul 21 15:23:52.346 pppd[2427]: PAP authentication succeeded Jul 21 15:23:52.390 pppd[2427]: Deflate (15) compression enabled Jul 21 15:23:52.429 pppd[2427]: local IP address Private IP Jul 21 15:23:52.429 pppd[2427]: remote IP address Private IP Jul 21 15:24:31.977 Stopping xl2tpd: xl2tpd. Jul 21 15:24:31.977 xl2tpd[2316]: death_handler: Fatal signal 15 received Jul 21 15:24:31.979 pppd[2427]: Modem hangup Jul 21 15:24:31.979 pppd[2427]: Connect time 0.7 minutes. Jul 21 15:24:31.980 pppd[2427]: Sent 10334 bytes, received 13370 bytes. Jul 21 15:24:31.980 pppd[2427]: Connection terminated. Jul 21 15:24:31.993 ipsec_setup: Stopping Openswan IPsec... Jul 21 15:24:32.089 pppd[2427]: Exit.