Comments (10)
@ookangzheng Can you please remove any special character from your VPN password, then regenerate the XAuth password file with these commands. If needed, also modify "/etc/ppp/chap-secrets" for IPsec/L2TP.
VPN_USER='<YOUR VPN USERNAME>'
VPN_PASSWORD='<YOUR VPN PASSWORD>'
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
echo "$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk" > /etc/ipsec.d/passwd
service ipsec restart
from setup-ipsec-vpn.
@ookangzheng 你好!请再次尝试连接,然后提供 VPN 服务器日志,可通过运行以下命令得到。可隐去 IP 等信息。
sudo grep pluto /var/log/auth.log | tail -n 100
from setup-ipsec-vpn.
我的server centos 6.8 裡面執行了
no such file
from setup-ipsec-vpn.
@ookangzheng 以上是针对 Ubuntu/Debian 系统。对于CentOS 系统请使用以下命令:
sudo grep pluto /var/log/secure | tail -n 100
from setup-ipsec-vpn.
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: 1DES is not encryption
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: no acceptable Oakley Transform
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:33 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #31: deleting state (STATE_MAIN_R0)
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: 1DES is not encryption
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: 1DES is not encryption
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: no acceptable Oakley Transform
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:36 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #32: deleting state (STATE_MAIN_R0)
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: no acceptable Oakley Transform
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: deleting state (STATE_MAIN_R0)
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: switched from "l2tp-psk"[7] X.X.X.X to "l2tp-psk"
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: new NAT mapping for #34, was X.X.X.X:500, now X.X.X.X:4500
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP1024}
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Aug 27 04:17:21 svr1 pluto[5085]: | ISAKMP Notification Payload
Aug 27 04:17:21 svr1 pluto[5085]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: received and ignored informational message
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: the peer proposed: Y.Y.Y.Y/32:17/1701 -> 192.168.1.104/32:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: responding to Quick Mode proposal {msgid:6101fffa}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: us: Y.Y.Y.Y/32===Y.Y.Y.Y<Y.Y.Y.Y>:17/1701
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: them: X.X.X.X[192.168.1.104]:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.106'
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: switched from "l2tp-psk"[9] X.X.X.X to "l2tp-psk"[7] X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP2048}
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: received Delete SA payload: self-deleting ISAKMP State #36
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: deleting state (STATE_MAIN_R3)
Aug 27 04:19:40 svr1 pluto[5085]: packet from X.X.X.X:1030: received and ignored empty informational notification payload
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: DPD: No response from peer - declaring peer dead
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: IKEv1 DPD action: Clearing Connection l2tp-psk[9] CK_INSTANCE
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: deleting state (STATE_QUICK_R2)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: ESP traffic information: in=0B out=0B
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #34: deleting state (STATE_MAIN_R3)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X: deleting connection "l2tp-psk"[9] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: deleting state (STATE_QUICK_R2)
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: ESP traffic information: in=0B out=0B
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X: deleting connection "l2tp-psk"[7] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: responding to Main Mode from unknown peer Z.Z.Z.Z
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP1024] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP2048] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Pluto does not support OAKLEY_ECDSA_P384 authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: policy does not allow OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: ERROR: asynchronous network error report on eth0 (sport=500) for message to Z.Z.Z.Z port 500, complainant Z.Z.Z.Z: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Aug 27 13:08:30 svr1 pluto[5085]: packet from Z.Z.Z.Z:33205: initial Aggressive Mode message from Z.Z.Z.Z but no (wildcard) connection has been configured with policy XAUTH+AGGRESSIVE+IKEV1_ALLOW
[root@svr1 ~]# grep pluto /var/log/secure | tail -n 100
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: 1DES is not encryption
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: no acceptable Oakley Transform
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: sending notification NO_PROPOSAL_CHOSEN to X.X.X.X:500
Aug 27 04:05:39 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #33: deleting state (STATE_MAIN_R0)
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #34: switched from "l2tp-psk"[7] X.X.X.X to "l2tp-psk"
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: new NAT mapping for #34, was X.X.X.X:500, now X.X.X.X:4500
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP1024}
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Aug 27 04:17:21 svr1 pluto[5085]: | ISAKMP Notification Payload
Aug 27 04:17:21 svr1 pluto[5085]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Aug 27 04:17:21 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: received and ignored informational message
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: the peer proposed: Y.Y.Y.Y/32:17/1701 -> 192.168.1.104/32:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: responding to Quick Mode proposal {msgid:6101fffa}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: us: Y.Y.Y.Y/32===Y.Y.Y.Y<Y.Y.Y.Y>:17/1701
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: them: X.X.X.X[192.168.1.104]:17/0
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 27 04:17:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #35: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x086d0443 <0xcadd1c2b xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=X.X.X.X:4500 DPD=active}
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: responding to Main Mode from unknown peer X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.106'
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #36: switched from "l2tp-psk"[9] X.X.X.X to "l2tp-psk"[7] X.X.X.X
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 04:18:17 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP2048}
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: received Delete SA payload: self-deleting ISAKMP State #36
Aug 27 04:19:40 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #36: deleting state (STATE_MAIN_R3)
Aug 27 04:19:40 svr1 pluto[5085]: packet from X.X.X.X:1030: received and ignored empty informational notification payload
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: DPD: No response from peer - declaring peer dead
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X #34: IKEv1 DPD action: Clearing Connection l2tp-psk[9] CK_INSTANCE
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: deleting state (STATE_QUICK_R2)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #35: ESP traffic information: in=0B out=0B
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk" #34: deleting state (STATE_MAIN_R3)
Aug 27 04:22:22 svr1 pluto[5085]: "l2tp-psk"[9] X.X.X.X: deleting connection "l2tp-psk"[9] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: deleting state (STATE_QUICK_R2)
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X #23: ESP traffic information: in=0B out=0B
Aug 27 04:30:13 svr1 pluto[5085]: "l2tp-psk"[7] X.X.X.X: deleting connection "l2tp-psk"[7] X.X.X.X instance with peer X.X.X.X {isakmp=#0/ipsec=#0}
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: responding to Main Mode from unknown peer Z.Z.Z.Z
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP1024] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Oakley Transform [OAKLEY_AES_CBC (256), OAKLEY_SHA2_384, OAKLEY_GROUP_MODP2048] refused
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: Pluto does not support OAKLEY_ECDSA_P384 authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: policy does not allow OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 13:08:27 svr1 pluto[5085]: "l2tp-psk"[10] Z.Z.Z.Z #37: ERROR: asynchronous network error report on eth0 (sport=500) for message to Z.Z.Z.Z port 500, complainant Z.Z.Z.Z: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Aug 27 13:08:30 svr1 pluto[5085]: packet from Z.Z.Z.Z:33205: initial Aggressive Mode message from Z.Z.Z.Z but no (wildcard) connection has been configured with policy XAUTH+AGGRESSIVE+IKEV1_ALLOW
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: responding to Main Mode from unknown peer N.N.N.N
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Aug 27 14:36:56 svr1 pluto[5085]: | ISAKMP Notification Payload
Aug 27 14:36:56 svr1 pluto[5085]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.106'
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[13] N.N.N.N #38: switched from "xauth-psk"[13] N.N.N.N to "xauth-psk"
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: deleting connection "xauth-psk"[13] N.N.N.N instance with peer N.N.N.N {isakmp=#0/ipsec=#0}
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: new NAT mapping for #38, was N.N.N.N:500, now N.N.N.N:4500
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=OAKLEY_SHA2_256 group=MODP2048}
Aug 27 14:36:56 svr1 pluto[5085]: | event EVENT_v1_SEND_XAUTH #38 STATE_MAIN_R3
Aug 27 14:36:56 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: XAUTH: Sending Username/Password request (XAUTH_R0)
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: User vpn: Attempting to login
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: passwd file authentication being called to authenticate user vpn
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: password file (/etc/ipsec.d/passwd) open.
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: checking user(vpn:xauth-psk)
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: nope
Aug 27 14:36:56 svr1 pluto[5085]: XAUTH: User vpn: Authentication Failed: Incorrect Username or Password
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: Unsupported XAUTH basic attribute XAUTH-STATUS received.
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: Expected MODE_CFG_REPLY is missing username and password attribute
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: XAUTH: Sending Username/Password request (XAUTH_R0)
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: XAUTH: User <unknown>: Authentication Failed (retry 1)
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: received Delete SA payload: self-deleting ISAKMP State #38
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N #38: deleting state (STATE_XAUTH_R0)
Aug 27 14:36:57 svr1 pluto[5085]: "xauth-psk"[14] N.N.N.N: deleting connection "xauth-psk"[14] N.N.N.N instance with peer N.N.N.N {isakmp=#0/ipsec=#0}
Aug 27 14:36:57 svr1 pluto[5085]: packet from N.N.N.N:4500: received and ignored empty informational notification payload
from setup-ipsec-vpn.
@ookangzheng Logs received, thanks. Please check the following:
-
Run these commands on the server to clear existing connections.
service ipsec restart service xl2tpd restart
-
In your Mac OS VPN settings, double check and re-enter your VPN username and password. According to the logs, your credentials were entered incorrectly. Do you have special characters in your password?
-
Due to a limitation of the IPsec protocol, multiple devices behind the same NAT (e.g. a home router) cannot simultaneously connect to the same IPsec VPN server. In addition, do not use IPsec/L2TP and IPsec/XAuth modes simultaneously from behind the same NAT. If unable to connect, first try the commands above to clear existing connections.
-
For Android 6, please try the workarounds here [1].
[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#android
from setup-ipsec-vpn.
I have tried restart the IPSec services, and I double checked my Username & Password & PSK. It was the same with L2tpd .
I tried to use Mobile Data to connect with Cisco-IPSec, failed again. (iOS9)
Server Centos 6.8
Script Version: Latest , I tried to reinstall the latest version
Still face same problem.
from setup-ipsec-vpn.
@ookangzheng Do you have special characters in your password? The following characters can cause problems: \ " '
from setup-ipsec-vpn.
Thanks, It works ~~
My PSK contain " \ " and few symbols
May I know why the Cisco IPSec and L2Tp encryption is it the same level ?
from setup-ipsec-vpn.
@ookangzheng Happy to hear it is now working.
There is no fundamental difference between the encryption of Cisco IPsec and IPsec/L2TP. But Cisco IPsec is more efficient in transferring data, because it does not have the additional overhead of L2TP/PPP.
from setup-ipsec-vpn.
Related Issues (20)
- ios17系统版本下 使用ikev2协议进行连接有误 HOT 1
- No Internet while connected to vpn HOT 5
- Problem to Connect with l2tp windows and android HOT 1
- No internet after a while when connected to VPN HOT 4
- 客户端互ping不通 HOT 1
- Unable to Connect to Ikev2 protocol HOT 1
- Increase maximum no of simultansous connections using same ikev2 file HOT 5
- Can I generate files while adding a new user for ikev2 with encryption algorithm ed448 or ed25519? HOT 1
- Can I use nftables instead of iptables HOT 1
- 目前手机是华为鸿蒙4.0系统,可以使用华为手机自带vpn连接不,不使用第三方vpn HOT 1
- OpenVPN overs IKEv2 slow HOT 1
- Error: Connection activation failed: The 'strongswan' plugin only supports a single active connection. HOT 2
- Windows客户端使用IKEv2连接成功一两个小时出现无法ping通,断开重连后恢复 HOT 1
- 【解决方案】Windows客户端IKEv2连接一段时间后丢失连接 HOT 2
- in ikev2setup.sh shouldn't this use openssl sha2 HOT 2
- 没事了
- Renew revoked or expired certificate HOT 1
- apt-get Install Failed HOT 2
- 路由器端口回流功能失效 HOT 1
- Telegram notification HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-ipsec-vpn.