Não é possível conectar a VPN IPSec L2TP do Ubuntu 16.04 [duplicado]

2

Estou tentando conectar a conexão VPN L2TP IPSec do meu laptop Ubuntu 16.04. Toda vez que estou enfrentando o mesmo erro desde as mesmas credenciais funcionando corretamente para conectar o servidor VPNs de qualquer sistema Windows.

Alguém pode me orientar para resolver esse problema?

Syslog:

Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2586] audit: op="connection-activate" uuid="83adbec9-817f-4faf-9839-42eb41897c10" name="VPN connection 1" pid=2254 uid=1000 result="success"
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2664] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Started the VPN service, PID 5561
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2808] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Saw the service appear; activating connection
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.4059] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: (ConnectInteractive) reply received
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  ipsec enable flag: yes
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  starting ipsec
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: Stopping strongSwan IPsec...
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[DMN] signal of type SIGINT received. Shutting down
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (2/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (3/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (4/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Starting strongSwan 5.3.5 IPsec [starter]...
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading config setup
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading conn 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: found netkey IPsec stack
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-72-generic, x86_64)
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG]   loaded IKE secret for %any
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[JOB] spawning 16 worker threads
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] received stroke: add connection 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] added configuration 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] rereading secrets
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG]   loaded IKE secret for %any
Apr 13 12:55:21 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Spawned ipsec up script with PID 5634.
Apr 13 12:55:21 pratip-vostro-2520 charon: 11[CFG] received stroke: initiate 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-5561[1] to 76.194.82.189
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[IKE] sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Timeout trying to establish IPsec connection
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Terminating ipsec script with PID 5634.
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Could not establish IPsec tunnel.
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] rereading secrets
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: (nm-l2tp-service:5561): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6006] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state changed: stopped (6)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6023] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state change reason: unknown (0)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6067] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN service disappeared
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <warn>  [1492068331.6102] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[IKE] sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
    
por Pratip Ghosh 13.04.2017 / 09:34

1 resposta

9

Eu encontrei a solução no repositório do desenvolvedor.

link

A versão 1.2.6 não substitui mais as cifras IPsec padrão e eu suspeito que seu servidor VPN esteja usando uma cifra herdada. As versões mais recentes do strongSwan são consideradas quebradas.

Consulte a seção de conjuntos de cifras IPsec especificada pelo usuário no arquivo README.md sobre como complementar as cifras padrão strongSwan com as suas próprias:

link

Eu recomendaria a instalação do pacote ike-scan para verificar quais códigos o seu servidor VPN está anunciando que ele suporta, por exemplo, :

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

Portanto, com este exemplo em que uma cifra 3DES quebrada é anunciada, na seção avançada da caixa de diálogo IPsec da versão 1.2.6, adicione o seguinte:

  • Algoritmos da fase 1: 3des-sha1-modp1024

  • Algoritmos da fase 2: 3des-sha1

Depois de todos os passos tentar você conexão L2TP, deve ser estabelecido.

    
por PRIHLOP 30.05.2017 / 22:46