服務器是參考這篇文章配置的:
https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html以下日誌中, "xxx.xxx.xxx.xxx"代指客戶端ip地址, "yyy.yyy.yyy.yyy"代指服務器ip地址.
首先, 連接時總會出現這個錯誤:
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: Applying workaround for Mac OS X NAT-OA bug, ignoring proposed subnet
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: the peer proposed: yyy.yyy.yyy.yyy/32:17/1701 -> xxx.xxx.xxx.xxx/32:17/0
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: peer proposal was reject in a virtual connection policy because:
Apr 21 04:24:07 localhost pluto[1769]: "L2TP-PSK-NAT"[4] xxx.xxx.xxx.xxx #3: a private network virtual IP was required, but the proposed IP did not match our list (virtual_private=)
在/etc/ipsec.conf中:
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
在/etc/xl2tpd/xl2tpd.conf中:
ip range = 192.168.30.30-192.168.30.255
這樣配置應該是正確的, 為什麼日誌中說"but the proposed IP did not match our list (virtual_private=)"?
然後:
Apr 21 05:14:00 localhost pluto[3693]: "L2TP-PSK-noNAT"[1] yyy.yyy.yyy.yyy #3: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x005d7674 <0xb5728253 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=yyy.yyy.yyy.yyy:26739 DPD=none}
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received Delete SA(0x005d7674) payload: deleting IPSEC State #3
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: deleting connection "L2TP-PSK-noNAT" instance with peer yyy.yyy.yyy.yyy {isakmp=#0/ipsec=#0}
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received and ignored informational message
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy #1: received Delete SA payload: deleting ISAKMP State #1
Apr 21 05:14:03 localhost pluto[3693]: "L2TP-PSK-NAT"[2] yyy.yyy.yyy.yyy: deleting connection "L2TP-PSK-NAT" instance with peer yyy.yyy.yyy.yyy {isakmp=#0/ipsec=#0}
Apr 21 05:14:03 localhost pluto[3693]: packet from yyy.yyy.yyy.yyy:26739: received and ignored informational message
每次"IPsec SA established transport mode"之後, 就會"received Delete SA(0x005d7674) payload", 然後就沒有然後了. 這又是為什麼呢?