Как настроить клиент L2TP на Ubuntu 18.04?
Я настроил свою систему согласно учебному руководству, которое я нашел в Интернете.
Я в основном установил необходимые зависимости:
sudo apt install network-manager
sudo apt install network-manager-l2tp
sudo apt install network-manager-strongswan
И настроенный их путем применения изменений на следующие файлы (VPN_SERVER_IP, VPN_IPSEC_PSK, VPN_USERNAME, VPN_PASSWORD заменяются действительными значениями; XXX.XXX.XXX.XXX в журналах вниз ниже является IP-адресом сервера VPN),
/etc/ipsec.conf:
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=$VPN_SERVER_IP
/etc/ipsec.secrets:
: PSK "$VPN_IPSEC_PSK"
/etc/xl2tpd/xl2tpd.conf:
[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name $VPN_USERNAME
password $VPN_PASSWORD
/etc/NetworkManager/NetworkManager.conf (значение по умолчанию, ничто измененное):
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no
Когда я хочу соединиться с VPN, я делаю /etc/init.d/network-manager start, ничто внеочередные шоу в журналах:
ifupdown configuration found.
<info> [1559053123.4216] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
<info> [1559053123.4216] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found.
<info> [1559053123.4216] end _init.
<info> [1559053123.4216] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-settings-plugin-ifupdown.so)
<info> [1559053123.4217] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': new request (1 scripts)
<info> [1559053123.4217] (735157440) ... get_connections.
May 28 16:18:43 phenom nm-dispatcher: req:1 'hostname': start running ordered scripts...
<info> [1559053123.4217] (735157440) ... get_connections (managed=false): return empty list.
<info> [1559053123.4218] get unmanaged devices count: 0
<info> [1559053123.4218] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
<info> [1559053123.4218] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
<info> [1559053123.4218] manager: Networking is enabled by state file
<info> [1559053123.4219] dhcp-init: Using DHCP client 'dhclient'
<info> [1559053123.4220] Loaded device plugin: NMBondDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMBridgeDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMDummyDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMEthernetDeviceFactory (internal)
<info> [1559053123.4220] Loaded device plugin: NMInfinibandDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMMacsecDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMMacvlanDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMPppDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMTunDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMVethDeviceFactory (internal)
<info> [1559053123.4221] Loaded device plugin: NMVlanDeviceFactory (internal)
<info> [1559053123.4222] Loaded device plugin: NMVxlanDeviceFactory (internal)
<info> [1559053123.4229] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wwan.so)
<info> [1559053123.4234] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-bluetooth.so)
<info> [1559053123.4236] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wifi.so)
<info> [1559053123.4242] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-team.so)
<info> [1559053123.4244] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adsl.so)
<info> [1559053123.4252] device (lo): carrier: link connected
<info> [1559053123.4258] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
<info> [1559053123.4262] device (enp5s0): carrier: link connected
<info> [1559053123.4285] manager: (enp5s0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
<info> [1559053123.4335] modem-manager: ModemManager available
<info> [1559053123.4336] manager: startup complete
ipsec up myvpn также кажется успешным:
initiating Main Mode IKE_SA myvpn[1] to 82.161.237.247
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (212 bytes)
received packet: from 82.161.237.247[500] to 192.168.10.56[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.10.56[500] to 82.161.237.247[500] (244 bytes)
received packet: from 82.161.237.247[500] to 192.168.10.56[500] (244 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (108 bytes)
received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.10.56[192.168.10.56]...82.161.237.247[82.161.237.247]
scheduling reauthentication in 3420s
maximum IKE_SA lifetime 3600s
generating QUICK_MODE request 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (364 bytes)
received packet: from 82.161.237.247[4500] to 192.168.10.56[4500] (332 bytes)
parsed QUICK_MODE response 1511457566 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
CHILD_SA myvpn{1} established with SPIs c970ab39_i cf32f312_o and TS 192.168.10.56/32[udp/l2f] === 82.161.237.247/32[udp/l2f]
generating QUICK_MODE request 1511457566 [ HASH ]
sending packet: from 192.168.10.56[4500] to 82.161.237.247[4500] (60 bytes)
connection 'myvpn' established successfully
Так в целом похоже, что нет никаких ошибок, но я не могу проверить, установил ли я на самом деле связь или нет. Самая большая проблема - то, что устройство № ppp0 обнаруживается, когда я выполняюсь ip link:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 6c:f0:49:70:55:16 brd ff:ff:ff:ff:ff:ff
Из-за этого я неспособен, действительно определяют, какой трафик должен пройти сервер VPN. Как я могу удостовериться, что ppp0 устройство обнаруживается, и IP-адрес присвоен ему сервером DHCP/VPN?
0
задан Michal B.
28 May 2019 в 17:28
поделиться
2 ответа
echo "c myvpn" > /var/run/xl2tpd/l2tp-control выполняемый, поскольку корень должен создать интерфейс ppp0. Я сделал некоторые изменения в файлах конфигурации и когда я дал эту команду, я узнал журналы, жалующиеся на lock опция в /etc/ppp/options.l2tpd.client будучи неизвестным (в /var/log/syslog). Я удалил lock из файла конфигурации и теперь это работает.
Моя текущая конфигурация вставляется ниже.
/etc/ipsec.conf:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
conn myvpn
keyexchange=ikev1
left=%defaultroute
auto=add
authby=secret
rekey=no
type=transport
left=%any
leftprotoport=17/1701
rightprotoport=17/1701
right=VPN_SERVER
rightid=%any
dpdaction=clear
/etc/xl2tpd/xl2tpd.conf:
[lac myvpn]
lns = VPN_SERVER
require chap = yes
refuse pap = yes
require authentication = yes
name = VPN_USER
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client:
ipcp-accept-local
ipcp-accept-remote
require-chap
#refuse-chap
refuse-eap
refuse-pap
require-mschap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
nodefaultroute
usepeerdns
debug
connect-delay 5000
name VPN_USER
password VPN_USER_PASSWORD
remotename myvpn
ipparam myvpn
/etc/network/interfaces:
iface tunnel inet ppp
provider myvpn
Результат:
~# ifconfig
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.56 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::6ef0:49ff:fe70:5516 prefixlen 64 scopeid 0x20<link>
ether 6c:f0:49:70:55:16 txqueuelen 1000 (Ethernet)
RX packets 822593 bytes 135972174 (135.9 MB)
RX errors 0 dropped 31185 overruns 0 frame 0
TX packets 854688 bytes 150862324 (150.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 70050 bytes 5703649 (5.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 70050 bytes 5703649 (5.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1410
inet 192.168.60.1 netmask 255.255.255.255 destination 10.255.255.0
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 3 bytes 54 (54.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 54 (54.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
0
ответ дан Michal B.
28 May 2019 в 17:28
поделиться
Для Ubuntu 18.04 LTS для маршрутизатора Meraki я в основном следовал https://help.vpntunnel .com/support/solutions/articles/5000782608-vpntunnel-l2tp-installation-guide-for-ubuntu-18-04-
Сначала обновите и очистите машину
sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot
# Wait for reboot, log back in
sudo apt autoremove
Установите программное обеспечение VPN
sudo apt-get install strongswan xl2tpd net-tools
sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome
sudo apt-get install network-manager-strongswan
sudo reboot
После перезагрузки включите на сервере L2TP нам нужен только клиент
sudo service xl2tpd stop
sudo systemctl disable xl2tpd
Настройте инструкции VPN:
Settings -> Network -> VPN - > "+"
Details:
Make available to other users, check (if desired)
Identity:
Name: Make a description
Gateway: the IP address (or dyn dns name from the meraki page)
User Name: full@name.com
Password: Leave blank, will prompt
NT Domain: <blank>
IPSec Settings:
Enable IpSec tunnel to L2TP host: check
Pre-Shared Key: Get from the meraki setup page
Phase1 Algorithms: 3des-sha1-modp1024
Phase2 Algorithms: aes128-sha1
Enforce UDP encap: <un checked>
PPP Settings: Default
А затем подключитесь в графическом интерфейсе.
0
ответ дан maxslug
1 May 2020 в 21:01
поделиться