VPN L2TP/IPSec客户端在Ubuntu 16.04上无法启动VPN服务。

Question

VPN L2TP/IPSec客户端在Ubuntu 16.04上无法启动VPN服务。

13

在Ubuntu 16.04上，我已经按照几个教程重新构建了network-manager，并通过apt-get install network-manager-l2tp network-manager-l2tp-gnome进行了安装。

直到昨天都一直工作正常，突然出现一个随机消息，显示“VPN连接失败，因为VPN服务无法启动”。配置中没有错误，因为相同的VPN凭据和主机在另一个Ubuntu（也是16.04）和Windows 8.1上使用正常。

查看/var/log/syslog日志文件：

NetworkManager[899]: <info>  [1496143714.1953] audit: op="connection-activate" uuid="cac1651d-9cbd-4989-bc57-b9707ddd012a" name="VPNCS" pid=2295 uid=1000 result="success"
NetworkManager[899]: <info>  [1496143714.1973] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Started the VPN service, PID 5798
NetworkManager[899]: <info>  [1496143714.2013] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: Saw the service appear; activating connection
NetworkManager[899]: <info>  [1496143714.2760] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[899]: nm-l2tp[5798] <info>  ipsec enable flag: yes
NetworkManager[899]: ** Message: Check port 1701
NetworkManager[899]: nm-l2tp[5798] <info>  starting ipsec
NetworkManager[899]: Stopping strongSwan IPsec...
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22167, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22168, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22169, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22170, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22171, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22172, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22173, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22174, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22175, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22176, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22177, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22178, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22179, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22180, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22181, major_opcode = 33, minor_opcode = 0
gnome-session[1843]: X protocol error:
gnome-session[1843]: <class 'Xlib.error.BadWindow'>: code = 3, resource_id = Xlib.xobject.resource.Resource(0x00e003ad), sequence_number = 22182, major_opcode = 33, minor_opcode = 0
NetworkManager[899]: Starting strongSwan 5.5.2 IPsec [starter]...
NetworkManager[899]: Loading config setup
NetworkManager[899]: Loading conn 'cac1651d-9cbd-4989-bc57-b9707ddd012a'
NetworkManager[899]: found netkey IPsec stack
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 4.4.0-78-generic, x86_64)
NetworkManager[899]: nm-l2tp[5798] <warn>  IPsec service is not ready.
NetworkManager[899]: nm-l2tp[5798] <warn>  Could not establish IPsec tunnel.
NetworkManager[899]: (nm-l2tp-service:5798): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
NetworkManager[899]: <info>  [1496143732.4905] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state changed: stopped (6)
NetworkManager[899]: <info>  [1496143732.4929] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN plugin: state change reason: unknown (0)
NetworkManager[899]: <info>  [1496143732.4952] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN service disappeared
NetworkManager[899]: <warn>  [1496143732.4971] vpn-connection[0xa56420,cac1651d-9cbd-4989-bc57-b9707ddd012a,"VPNCS",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

我已经尝试过移除network-manager-l2tp和-gnome软件包并重新安装它们，但是我仍然遇到相同的错误。

有什么解决方法吗？

- Fabiano

2个回答

4

这个答案是关于在L2TP/IP VPN上连接到Cisco Meraki帐户的。这个解决方案适用于我的Ubuntu 16.04系统。所有的指令都是直接从Pigman在Meraki论坛帖子中的回答中复制过来的。向他致敬，他为我节省了几个小时的沮丧。

安装network-manager-l2tp: `sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp` 和 `sudo apt-get update sudo apt-get install network-manager-l2tp` 如果使用gnome桌面环境，请安装gnome插件（如果使用其他桌面环境，请查看是否有适用于其网络管理器的插件）：`sudo apt-get install network-manager-l2tp-gnome` 重新启动计算机导航到设置 > 网络 > 点击+按钮 > 选择"Layer 2 Tunneling Protocol (L2TP)" 给新的VPN连接命名在网关字段中输入主机名或地址在用户名字段中输入用户名点击密码字段中的图标，并选择您提供密码的首选方式点击IPSec设置... 勾选"启用到L2TP主机的IPsec隧道" 将共享密钥输入到预共享密钥字段中将网关ID字段留空展开高级选项区域在第1阶段算法框中输入"3des-sha1-modp1024" 在第2阶段算法框中输入"3des-sha1" 保持"强制UDP封装"复选框选中状态点击确定点击保存打开终端并输入以下命令以永久禁用xl2tpd服务：`sudo service xl2tpd stop` 还要输入以下命令：`sudo systemctl disable xl2tpd` 打开网络设置，尝试打开VPN。

一些额外的步骤，以前的答案中已经提到，只是为了更加保险：

sudo service strongswan stop
sudo systemctl disable strongswan
您可以通过单击密码文本框右侧的图标，在 VPN 配置页面上保存密码。

- twitu

1谢谢，这对我有用。Linux Mint 19.2（U18.04）。我不需要关闭strongswan或xl2tpd，我只是在“网关ID”字段中输入了一个数值，那就是出问题的原因。对于一个工作用的TP-Link Box来说，它是3des-md5-modp1024，哎呀。 - Aaron Chamberlain

- PRIHLOP · Accepted Answer

我在开发者的仓库中找到了一个解决方案。

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

版本1.2.6不再覆盖默认的IPsec密码套件，我怀疑您的VPN服务器正在使用一种被新版本strongSwan认为是有问题的旧密码套件。

请参阅README.md文件中的用户指定IPsec密码套件部分，了解如何使用自己的密码套件来补充strongSwan的默认密码套件。

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

我建议安装ike-scan软件包来检查您的VPN服务器支持哪些密码套件，例如：

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

所以，对于版本1.2.6的IPsec对话框的高级部分，添加以下内容，以展示一个已损坏的3DES密码：

第一阶段算法: 3des-sha1-modp1024
第二阶段算法: 3des-sha1

完成所有步骤后，尝试建立L2TP连接，它必须成功建立。