NetworkManager говорит & ldquo; Не удалось активировать сетевое подключение & rdquo; при попытке подключения PPTP и l2TP
Вот мои журналы:
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 28 12:30:07 MEHRDADSYS systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS whack: 002 shutting down
Nov 28 12:30:07 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 28 12:30:07 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.177 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set addr: 172.30.12.177
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 28 12:30:08 MEHRDADSYS dbus-daemon: 'list' object has no attribute 'split'
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: Plugin Exception restorecon_source
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/bin/systemctl from read access on the directory journal. For complete SELinux messages. run sealert -l 3bb108a2-b0ed-40c3-928c-035ab49c8432
Nov 28 12:30:08 MEHRDADSYS python: SELinux is preventing /usr/bin/systemctl from read access on the directory journal.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that systemctl should be allowed read access on the journal directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep systemctl /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 28 12:30:09 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 28 12:30:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 28 12:30:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 28 12:30:17 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9235] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9305] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <warn> [1511859617.9327] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 28 12:30:18 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process. For complete SELinux messages. run sealert -l 5e3bc0ea-8c25-4d72-8e96-c9116a34c7de
Nov 28 12:30:18 MEHRDADSYS python: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that nm-l2tp-service should be allowed signull access on processes labeled ipsec_mgmt_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep nm-l2tp-service /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:23 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 28 12:30:39 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 32000ms for response
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 031 "ad863ada-231b-4179-948d-42063a8291ba" #1: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 000 "ad863ada-231b-4179-948d-42063a8291ba" #1: starting keying attempt 2 of an unlimited number, but releasing whack
update:
журналы после отключения SELinux:
Nov 30 02:45:50 MEHRDADSYS systemd: Starting Hostname Service...
Nov 30 02:45:50 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS systemd: Started Hostname Service.
Nov 30 02:46:57 MEHRDADSYS obexd[4675]: OBEX daemon 5.23
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5713] audit: op="connection-activate" uuid="ad863ada-231b-4179-948d-42063a8291ba" name="VPN 1" pid=2638 uid=1000 result="success"
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5866] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Started the VPN service, PID 4813
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.6180] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Saw the service appear; activating connection
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.8160] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Nov 30 02:49:08 MEHRDADSYS journal: Check port 1701
Nov 30 02:49:08 MEHRDADSYS NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Nov 30 02:49:09 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 30 02:49:09 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:09 MEHRDADSYS kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: NET: Registered protocol family 15
Nov 30 02:49:09 MEHRDADSYS kernel: IPv4 over IPsec tunneling driver
Nov 30 02:49:09 MEHRDADSYS NetworkManager[936]: <info> [1511997549.9890] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
Nov 30 02:49:10 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 30 02:49:10 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 30 02:49:11 MEHRDADSYS kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Nov 30 02:49:11 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 30 02:49:11 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.192 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set addr: 172.30.12.192
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 30 02:49:12 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 30 02:49:13 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 30 02:49:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 30 02:49:19 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 30 02:49:21 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1745] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1779] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <warn> [1511997561.1795] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 30 02:49:27 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS systemd: Starting Fingerprint Authentication Daemon...
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS systemd: Started Fingerprint Authentication Daemon.
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS fprintd: Launching FprintObject
Nov 30 02:49:30 MEHRDADSYS journal: D-Bus service launched with name: net.reactivated.Fprint
Nov 30 02:49:30 MEHRDADSYS journal: entering main loop
0
задан mehrdad
30 November 2017 в 03:22
поделиться
2 ответа
Я думаю, что проблема SELinux, я не думаю, что на Ubuntu есть политики SELinux для сильных, xl2tpd, pptpd и т. д.
Ubuntu обычно использует AppArmor вместо SELinux и соответствующие профили AppArmor
Обновление:
Текущая проблема заключается в том, что ваш VPN-сервер использует алгоритмы, которые libreswan (и strongswan) считают старыми и разбитыми, см .:
] https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithmsПравильное исправление заключается в перенастройке VPN-сервера на пользователя более сильные алгоритмы.
Но вы можете найти примеры обхода на этой странице для VPN-серверов, использующих разбитые алгоритмы 3DES, SHA1 и MODP1024.
Вы можете использовать сценарий ike-scan.sh для на следующей странице, чтобы запросить сервер VPN для поддерживаемых алгоритмов:
https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec- ikev1-сломанные алгоритмы0
ответ дан Douglas Kosovic
18 July 2018 в 02:26
поделиться
Я думаю, что проблема SELinux, я не думаю, что на Ubuntu есть политики SELinux для сильных, xl2tpd, pptpd и т. д.
Ubuntu обычно использует AppArmor вместо SELinux и соответствующие профили AppArmor
Обновление:
Текущая проблема заключается в том, что ваш VPN-сервер использует алгоритмы, которые libreswan (и strongswan) считают старыми и разбитыми, см .:
] https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithmsПравильное исправление заключается в перенастройке VPN-сервера на пользователя более сильные алгоритмы.
Но вы можете найти примеры обхода на этой странице для VPN-серверов, использующих разбитые алгоритмы 3DES, SHA1 и MODP1024.
Вы можете использовать сценарий ike-scan.sh для на следующей странице, чтобы запросить сервер VPN для поддерживаемых алгоритмов:
https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec- ikev1-сломанные алгоритмы0
ответ дан Douglas Kosovic
24 July 2018 в 17:34
поделиться
-
1я подозревал, что это SELinux тоже, поэтому я отключил его, но это только фиксированный PPTP, L2TP не работает! Я могу подключить L2TP с моим телефоном, планшетами и окнами, но в linux centos я не могу :( – mehrdad 29 November 2017 в 03:15
-
2
-
3
-
4
-
5Я отредактировал и обновил свой ответ выше. Извините, что раньше не отвечал, не было. – Douglas Kosovic 9 December 2017 в 11:31