这是一个创建于 4219 天前的主题,其中的信息可能已经有所发展或是发生改变。
服務器是參考這篇文章配置的:
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html
以下日誌中, "xxx.xxx.xxx.xxx"代指客戶端ip地址, "yyy.yyy.yyy.yyy"代指服務器ip地址.
首先, 連接時總會出現這個錯誤:
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: Applying workaround for Mac OS X NAT-OA bug, ignoring proposed subnet
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: the peer proposed: yyy.yyy.yyy.yyy/32:17/1701 -> xxx.xxx.xxx.xxx/32:17/0
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: peer proposal was reject in a virtual connection policy because:
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: a private network virtual IP was required, but the proposed IP did not match our list (virtual_private=)
在/etc/ipsec.conf中:
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
在/etc/xl2tpd/xl2tpd.conf中:
ip range = 192.168.30.30-192.168.30.255
這樣配置應該是正確的, 為什麼日誌中說"but the proposed IP did not match our list (virtual_private=)"?
然後:
Apr 21 05:14:00 localhost pluto[3693]: "L2TP-PSK-noNAT"[1] yyy.yyy.yyy.yyy #3: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x005d7674 <0xb5728253 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=yyy.yyy.yyy.yyy:26739 DPD=none}
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received Delete SA(0x005d7674) payload: deleting IPSEC State #3
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: deleting connection "L2TP-PSK-noNAT" instance with peer yyy.yyy.yyy.yyy {isakmp=#0/ipsec=#0}
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received and ignored informational message
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received Delete SA payload: deleting ISAKMP State #1
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy: deleting connection "L2TP-PSK-NAT" instance with peer yyy.yyy.yyy.yyy {isakmp=#0/ipsec=#0}
Apr 21 05:14:03 localhost pluto[3693]: packet from yyy.yyy.yyy.yyy:26739: received and ignored informational message
每次"IPsec SA established transport mode"之後, 就會"received Delete SA(0x005d7674) payload", 然後就沒有然後了. 這又是為什麼呢?
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html
以下日誌中, "xxx.xxx.xxx.xxx"代指客戶端ip地址, "yyy.yyy.yyy.yyy"代指服務器ip地址.
首先, 連接時總會出現這個錯誤:
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: Applying workaround for Mac OS X NAT-OA bug, ignoring proposed subnet
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: the peer proposed: yyy.yyy.yyy.yyy/32:17/1701 -> xxx.xxx.xxx.xxx/32:17/0
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: peer proposal was reject in a virtual connection policy because:
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: a private network virtual IP was required, but the proposed IP did not match our list (virtual_private=)
在/etc/ipsec.conf中:
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
在/etc/xl2tpd/xl2tpd.conf中:
ip range = 192.168.30.30-192.168.30.255
這樣配置應該是正確的, 為什麼日誌中說"but the proposed IP did not match our list (virtual_private=)"?
然後:
Apr 21 05:14:00 localhost pluto[3693]: "L2TP-PSK-noNAT"[1] yyy.yyy.yyy.yyy #3: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x005d7674 <0xb5728253 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=yyy.yyy.yyy.yyy:26739 DPD=none}
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received Delete SA(0x005d7674) payload: deleting IPSEC State #3
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: deleting connection "L2TP-PSK-noNAT" instance with peer yyy.yyy.yyy.yyy {isakmp=#0/ipsec=#0}
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received and ignored informational message
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received Delete SA payload: deleting ISAKMP State #1
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy: deleting connection "L2TP-PSK-NAT" instance with peer yyy.yyy.yyy.yyy {isakmp=#0/ipsec=#0}
Apr 21 05:14:03 localhost pluto[3693]: packet from yyy.yyy.yyy.yyy:26739: received and ignored informational message
每次"IPsec SA established transport mode"之後, 就會"received Delete SA(0x005d7674) payload", 然後就沒有然後了. 這又是為什麼呢?
 |
1
lichao 2013-04-21 14:27:28 +08:00  1
https://gist.github.com/libuchao/9bb91a88b74d2e4a14d2/raw/d6de0057b0c5859d2724822b728db861033037f5/l2tp.sh
试试这个,我前两天在 EC2 的 Ubuntu 12.10 上部署成功,Window,Mac ,Android 可以连上 |
 |
2
fuxkcsdn 2013-04-21 14:37:37 +08:00
我用的strongswan
连是连上了,但是每隔1小时左右会断线 过了几天后,干脆不定时断线了...最长的半个小时,快的5分钟就断线... |
 |
3
lch21 2013-04-21 16:51:44 +08:00
是比较难搞,有时候重启一下就好了
|
 |
4
hlcfan 2014-11-24 23:07:48 +08:00
hi,不知道这个怎么样了?
|
Select Language