Starting weakSwan 5.3.3 IPsec [starter]...
00[DMN] Starting IKE charon daemon (strongSwan 5.3.3, Linux 2.6.32-042stab108.8, x86_64)
00[LIB] created TUN device: ipsec0
00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr kernel-libipsec kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp certexpire radattr addrblock unity
00[JOB] spawning 16 worker threads
charon (697) started after 40 ms
10[CFG] received stroke: add connection 'IOS_Cisco'
10[CFG] adding virtual IP address pool 10.31.0.0/24
10[CFG] added configuration 'IOS_Cisco'
12[CFG] received stroke: add connection 'L2TP_XAUTH_PSK'
12[CFG] reusing virtual IP address pool 10.31.0.0/24
12[CFG] added configuration 'L2TP_XAUTH_PSK'
13[CFG] received stroke: add connection 'NetworkManager'
13[CFG] reusing virtual IP address pool 10.31.0.0/24
13[CFG] added configuration 'NetworkManager'
14[CFG] received stroke: add connection 'Windows'
14[CFG] reusing virtual IP address pool 10.31.0.0/24
14[CFG] added configuration 'Windows'
11[CFG] received stroke: add connection 'l2tp'
11[CFG] added configuration 'l2tp'
13[NET] received packet: from 本地 IP [8077] to 服务器 IP [500] (408 bytes)
13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
13[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
13[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
13[IKE] received NAT-T (RFC 3947) vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
13[IKE] received FRAGMENTATION vendor ID
13[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
13[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
13[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
13[IKE] 本地 IP is initiating a Main Mode IKE_SA
13[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
13[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_1024
13[IKE] no proposal found
13[ENC] generating INFORMATIONAL_V1 request 934373264 [ N(NO_PROP) ]
13[NET] sending packet: from 服务器 IP [500] to 本地 IP [8077] (56 bytes)
配置如下
Debian 8 x64
[global]
port = 1701
access control = no
[lns default]
ip range = 10.31.1.100-10.31.1.200
local ip = 10.31.1.1
assign ip = yes
require authentication = yes
name = L2TP
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 8.8.4.4
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
silent
connect-delay 5000
login
conn l2tp
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
esp=aes256-sha1!
left=%defaultroute
leftsubnet=0.0.0.0/0
leftprotoport=17/1701
authby=psk
leftfirewall=no
right=%any
rightprotoport=17/%any
type=transport
auto=add
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.