Vultr:帮我看下这 L2TP iPSec 连不上问题出在哪里?

2015-01-19 17:44:08 +08:00
 DearTanker
貌似都没有错误。。手机连接提示:服务器未响应。

[root@vultr ~]# ipsec verify

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.38/K2.6.32-504.3.3.el6.x86_64 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Hardware RNG detected, testing if used properly [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]


我能想到的几个出问题的地方,大家帮我看看,分析分析。。

[root@vultr ~]# vi /etc/ipsec.secrets

108.61.201.*** %any: PSK "vpnsos"

[root@vultr ~]# vi /etc/ipsec.secrets

# Generated by iptables-save v1.4.7 on Mon Jan 5 09:54:49 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:140]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8989 -j ACCEPT
-A FORWARD -s 172.16.36.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
COMMIT
# Completed on Mon Jan 5 09:54:49 2015
# Generated by iptables-save v1.4.7 on Mon Jan 5 09:54:49 2015
*nat
:PREROUTING ACCEPT [103:7248]
:POSTROUTING ACCEPT [18:1188]
:OUTPUT ACCEPT [18:1188]
-A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source 108.61.201.***
COMMIT
# Completed on Mon Jan 5 09:54:49 2015
10989 次点击
所在节点    问与答
17 条回复
wzxjohn
2015-01-19 18:10:42 +08:00
不贴 Log 光贴配置怎么帮你。。。。。。
kxmp
2015-01-19 18:15:05 +08:00
l2tp被封了啊....
我都测过了.
你只要syslog在你连的时候一动不动那就是100%被封了.
luo362722353
2015-01-19 18:21:06 +08:00
先这样试试看,不确保你可以连
server ipsec restart
xl2tpd
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

希望可以帮到您

@DearTanker
DearTanker
2015-01-19 20:09:01 +08:00
@wzxjohn
@kxmp

怎么看log,真心小白,别笑我。。


@luo362722353

好的,我试试。。
evilyau
2015-01-19 22:04:23 +08:00
Github 有个 InstaVPN ,用过最好用的L2TP
Phant0m
2015-01-19 22:18:02 +08:00
@evilyau 求链接
RHFS
2015-01-19 22:29:15 +08:00
@evilyau 不会被干扰吗

@Phant0m https://github.com/sockeye44/instavpn 随便搜一下都搜的到。。。
DearTanker
2015-01-20 08:53:46 +08:00
@RHFS 这个。。centos能装么?(´・_・`)
DearTanker
2015-01-20 08:55:50 +08:00
@luo362722353 惊,可以连上了,可是不能上网。。。
RHFS
2015-01-20 09:44:01 +08:00
@DearTanker 貌似不能 昨晚折腾了一下 网络太卡就没搞了 系统要求是Ubuntu14 看了一下简介,感觉不错
luo362722353
2015-01-20 09:53:53 +08:00
@DearTanker
怎么会呢…

如果是eth0不出意外就是正常的啊
执行
xl2tpd
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
如果连不上…请ifconfig后贴数据给我看看…

其次是

配置文件/etc/sysctl.conf(修改内核转发参数)
确定正确?
kxmp
2015-01-25 20:32:35 +08:00
@DearTanker
> tail -f /var/log/syslog
然后开始连接.看看日志动了没.没动你就没必要去干别的事情了.
DearTanker
2015-07-10 22:03:28 +08:00
@kxmp 这几天继续折腾,还是不行。。

tail: cannot open `/var/log/syslog' for reading: No such file or directory
DearTanker
2015-07-10 22:46:26 +08:00
@wzxjohn
@kxmp
@luo362722353

Jul 10 22:44:47 vultr sshd[1396]: Server listening on 0.0.0.0 port 22.
Jul 10 22:44:47 vultr sshd[1396]: Server listening on :: port 22.
Jul 10 22:44:50 vultr sshd[1856]: reverse mapping checking getaddrinfo for 46.236.25.117.broad.xm.fj.dynamic.163data.com.cn [117.25.236.46] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 10 22:44:50 vultr sshd[1856]: Accepted password for root from 117.25.236.46 port 58434 ssh2
Jul 10 22:44:50 vultr sshd[1856]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: received Vendor ID payload [RFC 3947] method set to=109
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Jul 10 22:45:30 vultr pluto[1232]: packet from 120.32.228.110:500: received Vendor ID payload [Dead Peer Detection]
Jul 10 22:45:30 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: responding to Main Mode from unknown peer 120.32.228.110
Jul 10 22:45:30 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 10 22:45:30 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jul 10 22:45:30 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Jul 10 22:45:30 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: sending notification INVALID_PAYLOAD_TYPE to 120.32.228.110:500
Jul 10 22:45:34 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Jul 10 22:45:34 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: sending notification INVALID_PAYLOAD_TYPE to 120.32.228.110:500
Jul 10 22:45:37 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Jul 10 22:45:37 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: sending notification INVALID_PAYLOAD_TYPE to 120.32.228.110:500
Jul 10 22:45:40 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Jul 10 22:45:40 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: sending notification INVALID_PAYLOAD_TYPE to 120.32.228.110:500
Jul 10 22:45:40 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Jul 10 22:45:40 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: sending notification INVALID_PAYLOAD_TYPE to 120.32.228.110:500
Jul 10 22:45:53 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
Jul 10 22:45:53 vultr pluto[1232]: "L2TP-PSK-NAT"[1] 120.32.228.110 #1: sending notification INVALID_PAYLOAD_TYPE to 120.32.228.110:500
kxmp
2015-09-27 20:58:12 +08:00
你这个是收到不明信息... 验证信息的数据包被弄坏了 所以你连不上
litp
2019-05-07 11:12:01 +08:00
@DearTanker 哥们你的这个当年配置成功了么!我现在也遇到连接不上的问题
litp
2019-05-07 11:35:34 +08:00
@DearTanker 找到问题了,居然是运营商有关系
https://github.com/hwdsl2/setup-ipsec-vpn/issues/244

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/163536

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX