• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • [求助]L2TP的vpn连接失败,请开发帮忙分析下
    Experiences and Insight 4516 views · 4 replies ·
    Tofloor
    poster avatar
    master
    deepin
    2019-05-16 20:50
    Author
    一直接触Linux,但是还是属于小白一枚,最近想深度的学习一下Linux的精髓,于是就选中了deepin os,折腾L2TP VPN的时候出了点问题,翻了好多资料,没找到解决办法,劳烦官方的开发帮忙给分析一下原因,谢谢。

    期间参考了
    https://bbs.deepin.org/post/153665#l2tp%2Bvpn 这篇文章,但是没解决

    先贴上系统日志吧:

    1. 5月 16 12:38:09 master-PC NetworkManager[1241]:   [1557981489.9473] audit: op="connection-activate" uuid="3522c1b5-5330-41af-9973-91ae50fa3b1f" name="GW" pid=6974 uid=1000 result="success"
    2. 5月 16 12:38:09 master-PC NetworkManager[1241]:   [1557981489.9500] vpn-connection[0x556b1b9d8660,3522c1b5-5330-41af-9973-91ae50fa3b1f,"GW",0]: Started the VPN service, PID 8600
    3. 5月 16 12:38:09 master-PC NetworkManager[1241]:   [1557981489.9545] vpn-connection[0x556b1b9d8660,3522c1b5-5330-41af-9973-91ae50fa3b1f,"GW",0]: Saw the service appear; activating connection
    4. 5月 16 12:38:09 master-PC nm-l2tp-service[8600]: Check port 1701
    5. 5月 16 12:38:09 master-PC NetworkManager[1241]: Stopping strongSwan IPsec failed: starter is not running
    6. 5月 16 12:38:11 master-PC NetworkManager[1241]: Starting strongSwan 5.6.2 IPsec [starter]...
    7. 5月 16 12:38:11 master-PC NetworkManager[1241]: Loading config setup
    8. 5月 16 12:38:11 master-PC ipsec_starter[8614]: Starting strongSwan 5.6.2 IPsec [starter]...
    9. 5月 16 12:38:11 master-PC NetworkManager[1241]: Loading conn '3522c1b5-5330-41af-9973-91ae50fa3b1f'
    10. 5月 16 12:38:11 master-PC ipsec_starter[8614]: Loading config setup
    11. 5月 16 12:38:11 master-PC ipsec_starter[8614]: Loading conn '3522c1b5-5330-41af-9973-91ae50fa3b1f'
    12. 5月 16 12:38:11 master-PC NetworkManager[1241]: found netkey IPsec stack
    13. 5月 16 12:38:11 master-PC ipsec_starter[8635]: Attempting to start charon...
    14. 5月 16 12:38:11 master-PC charon[8636]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-30deepin-generic, x86_64)
    15. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
    16. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
    17. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
    18. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
    19. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
    20. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
    21. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
    22. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-3522c1b5-5330-41af-9973-91ae50fa3b1f.secrets'
    23. 5月 16 12:38:11 master-PC charon[8636]: 00[CFG]   loaded IKE secret for %any
    24. 5月 16 12:38:11 master-PC charon[8636]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown counters
    25. 5月 16 12:38:11 master-PC charon[8636]: 00[LIB] dropped capabilities, running as uid 0, gid 0
    26. 5月 16 12:38:11 master-PC charon[8636]: 00[JOB] spawning 16 worker threads
    27. 5月 16 12:38:11 master-PC ipsec_starter[8635]: charon (8636) started after 20 ms
    28. 5月 16 12:38:11 master-PC charon[8636]: 16[CFG] received stroke: add connection '3522c1b5-5330-41af-9973-91ae50fa3b1f'
    29. 5月 16 12:38:11 master-PC charon[8636]: 16[CFG] added configuration '3522c1b5-5330-41af-9973-91ae50fa3b1f'
    30. 5月 16 12:38:12 master-PC charon[8636]: 03[CFG] rereading secrets
    31. 5月 16 12:38:12 master-PC charon[8636]: 03[CFG] loading secrets from '/etc/ipsec.secrets'
    32. 5月 16 12:38:12 master-PC charon[8636]: 03[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
    33. 5月 16 12:38:12 master-PC charon[8636]: 03[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-3522c1b5-5330-41af-9973-91ae50fa3b1f.secrets'
    34. 5月 16 12:38:12 master-PC charon[8636]: 03[CFG]   loaded IKE secret for %any
    35. 5月 16 12:38:12 master-PC charon[8636]: 05[CFG] received stroke: initiate '3522c1b5-5330-41af-9973-91ae50fa3b1f'
    36. 5月 16 12:38:12 master-PC charon[8636]: 07[IKE] initiating Main Mode IKE_SA 3522c1b5-5330-41af-9973-91ae50fa3b1f[1] to 222.222.222.222
    37. 5月 16 12:38:12 master-PC charon[8636]: 07[IKE] initiating Main Mode IKE_SA 3522c1b5-5330-41af-9973-91ae50fa3b1f[1] to 222.222.222.222
    38. 5月 16 12:38:12 master-PC charon[8636]: 07[ENC] generating ID_PROT request 0 [ SA V V V V V ]
    39. 5月 16 12:38:12 master-PC charon[8636]: 07[NET] sending packet: from 192.168.31.170[500] to 222.222.222.222[500] (248 bytes)
    40. 5月 16 12:38:13 master-PC charon[8636]: 08[NET] received packet: from 222.222.222.222[500] to 192.168.31.170[500] (68 bytes)
    41. 5月 16 12:38:13 master-PC charon[8636]: 08[ENC] parsed INFORMATIONAL_V1 request 278332014 [ N(NO_PROP) ]
    42. 5月 16 12:38:13 master-PC NetworkManager[1241]: initiating Main Mode IKE_SA 3522c1b5-5330-41af-9973-91ae50fa3b1f[1] to 222.222.222.222
    43. 5月 16 12:38:13 master-PC NetworkManager[1241]: generating ID_PROT request 0 [ SA V V V V V ]
    44. 5月 16 12:38:13 master-PC NetworkManager[1241]: sending packet: from 192.168.31.170[500] to 222.222.222.222[500] (248 bytes)
    45. 5月 16 12:38:13 master-PC NetworkManager[1241]: received packet: from 222.222.222.222[500] to 192.168.31.170[500] (68 bytes)
    46. 5月 16 12:38:13 master-PC NetworkManager[1241]: parsed INFORMATIONAL_V1 request 278332014 [ N(NO_PROP) ]
    47. 5月 16 12:38:13 master-PC NetworkManager[1241]: received NO_PROPOSAL_CHOSEN error notify
    48. 5月 16 12:38:13 master-PC NetworkManager[1241]: establishing connection '3522c1b5-5330-41af-9973-91ae50fa3b1f' failed
    49. 5月 16 12:38:13 master-PC charon[8636]: 08[IKE] received NO_PROPOSAL_CHOSEN error notify
    50. 5月 16 12:38:13 master-PC NetworkManager[1241]: Stopping strongSwan IPsec...
    51. 5月 16 12:38:13 master-PC charon[8636]: 00[DMN] signal of type SIGINT received. Shutting down
    52. 5月 16 12:38:13 master-PC ipsec_starter[8635]: child 8636 (charon) has quit (exit code 0)
    53. 5月 16 12:38:13 master-PC nm-l2tp-service[8600]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
    54. 5月 16 12:38:13 master-PC NetworkManager[1241]:   [1557981493.3383] vpn-connection[0x556b1b9d8660,3522c1b5-5330-41af-9973-91ae50fa3b1f,"GW",0]: VPN plugin: state changed: stopped (6)
    55. 5月 16 12:38:13 master-PC NetworkManager[1241]:   [1557981493.3394] vpn-connection[0x556b1b9d8660,3522c1b5-5330-41af-9973-91ae50fa3b1f,"GW",0]: VPN service disappeared
    56. 5月 16 12:38:13 master-PC NetworkManager[1241]:   [1557981493.3400] vpn-connection[0x556b1b9d8660,3522c1b5-5330-41af-9973-91ae50fa3b1f,"GW",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
    Copy the Code


    应该是这两行吧,一直报绿,所以我标注一下。另外我的VPN拨号提示的 是 VPN服务启动失败的错误。

    台式机和笔记本都是这样的提示,VPN服务启动失败,难道我忽略了什么吗?求各位指点
    Reply Favorite View the author
    All Replies
    avatar
    vaka
    deepin
    2019-07-03 04:54
    #1
    > received NO_PROPOSAL_CHOSEN error notify

    You need to define phase1 and phase2 proposals

    most common are:
    phase1: 3des-sha1-modep1024
    phase2 3des-sha1


    Reply View the author
    avatar
    Feng Yu
    deepin
    2019-07-03 05:48
    #2
    不要远程连接,先排除运营商的干扰再说,你懂的。一些开放的VPN协议尤其是L2TP和PPTP,几乎秒ban。我曾经开过一个PPTP的VPN,不到10分钟就给我ban了

    你先在VPN服务器本地或局域网环境连一下,确保能通再说
    Reply View the author
    avatar
    186******86
    deepin
    2019-09-10 17:23
    #3
    楼主解决了吗,我也遇到相同的问题?
    Reply View the author
    avatar
    master
    deepin
    2019-10-15 22:19
    #4
    https://bbs.deepin.org/post/178091
    楼主解决了吗,我也遇到相同的问题?

    没有,一直没解决。昨天又鼓捣了半天,没成功,提示的是VPN服务启动失败
    Reply View the author