LINUX.ORG.RU

Подключение по l2tp ipser в fedora 23 через NM

 , , ,


0

1

Решил тут настроить VPN'ку до работы, там используется l2tp + ipsec. Дано:

  • Дистрибутив: fedora 23
  • DE: XFCE
  • Ноут (находится за модемом, билайн)

Собственно что делаю: В NM настраиваю l2tp подключение, вписываю shared key, жму «соединиться». Вылетает ошибка «невозможно соединиться т.к. не запущена служба).

Думаю „ок“, открываю терминал, пишу systemctl start ipsec. Служба стартует.

Повторяю попытку подключиться из NM - опять ошибка „произошел сбой vpn соединения, поскольку не удалось запустить службу vpn“. В messages тем временем отдается ошибка про отсутствие *.secrets файла в /etc/ipsec.d/. Ок, создаю, внутрь пишу:

%any  server_ip : PSK "pass"

Повторяю попытку запустить соединение, в логах:

Dec 13 22:17:13 dell-nb NetworkManager[1085]: <info>  Starting VPN service 'l2tp'...
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <info>  VPN service 'l2tp' started (org.freedesktop.NetworkManager.l2tp), PID 3533
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <info>  VPN service 'l2tp' appeared; activating connections
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <info>  VPN connection 'work' (ConnectInteractive) reply received.
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <info>  VPN plugin state changed: starting (3)
Dec 13 22:17:13 dell-nb NetworkManager: ** Message: Check port 1701
Dec 13 22:17:13 dell-nb NetworkManager: ** Message: ipsec enable flag: yes
Dec 13 22:17:13 dell-nb NetworkManager: ** Message: starting ipsec
Dec 13 22:17:13 dell-nb NetworkManager: systemd: ipsec service is not running
Dec 13 22:17:13 dell-nb NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Dec 13 22:17:13 dell-nb NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Dec 13 22:17:13 dell-nb NetworkManager: debugging mode enabled
Dec 13 22:17:13 dell-nb NetworkManager: end of file /var/run/nm-ipsec-l2tp.3533/ipsec.conf
Dec 13 22:17:13 dell-nb NetworkManager: Warning: ignored obsolete keyword 'nat_traversal'
Dec 13 22:17:13 dell-nb NetworkManager: Warning: ignored obsolete keyword 'force_keepalive'
Dec 13 22:17:13 dell-nb NetworkManager: Loading conn nm-ipsec-l2tpd-3533
Dec 13 22:17:13 dell-nb NetworkManager: starter: case KH_DEFAULTROUTE: empty
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" loopback=0
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" labeled_ipsec=0
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" policy_label=(null)
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" modecfgdomain=(null)
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" modecfgbanner=(null)
Dec 13 22:17:13 dell-nb NetworkManager: connect(pluto_ctl) failed: No such file or directory
Dec 13 22:17:13 dell-nb NetworkManager: opening file: /var/run/nm-ipsec-l2tp.3533/ipsec.conf
Dec 13 22:17:13 dell-nb NetworkManager: loading named conns: nm-ipsec-l2tpd-3533
Dec 13 22:17:13 dell-nb NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Dec 13 22:17:13 dell-nb NetworkManager: dst  via 192.168.0.1 dev wlp2s0 src  table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: set nexthop: 192.168.0.1
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.0 via  dev wlp2s0 src 192.168.0.3 table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.0 via  dev wlp2s0 src 192.168.0.3 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.3 via  dev wlp2s0 src 192.168.0.3 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.255 via  dev wlp2s0 src 192.168.0.3 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.1 via  dev wlp2s0 src 192.168.0.3 table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: set addr: 192.168.0.3
Dec 13 22:17:13 dell-nb NetworkManager: debugging mode enabled
Dec 13 22:17:13 dell-nb NetworkManager: end of file /var/run/nm-ipsec-l2tp.3533/ipsec.conf
Dec 13 22:17:13 dell-nb NetworkManager: Warning: ignored obsolete keyword 'nat_traversal'
Dec 13 22:17:13 dell-nb NetworkManager: Warning: ignored obsolete keyword 'force_keepalive'
Dec 13 22:17:13 dell-nb NetworkManager: Loading conn nm-ipsec-l2tpd-3533
Dec 13 22:17:13 dell-nb NetworkManager: starter: case KH_DEFAULTROUTE: empty
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" loopback=0
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" labeled_ipsec=0
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" policy_label=(null)
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" modecfgdomain=(null)
Dec 13 22:17:13 dell-nb NetworkManager: conn: "nm-ipsec-l2tpd-3533" modecfgbanner=(null)
Dec 13 22:17:13 dell-nb NetworkManager: connect(pluto_ctl) failed: No such file or directory
Dec 13 22:17:13 dell-nb NetworkManager: opening file: /var/run/nm-ipsec-l2tp.3533/ipsec.conf
Dec 13 22:17:13 dell-nb NetworkManager: loading named conns: nm-ipsec-l2tpd-3533
Dec 13 22:17:13 dell-nb NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Dec 13 22:17:13 dell-nb NetworkManager: dst  via 192.168.0.1 dev wlp2s0 src  table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: set nexthop: 192.168.0.1
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.0 via  dev wlp2s0 src 192.168.0.3 table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.0 via  dev wlp2s0 src 192.168.0.3 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.3 via  dev wlp2s0 src 192.168.0.3 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.255 via  dev wlp2s0 src 192.168.0.3 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255
Dec 13 22:17:13 dell-nb NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Dec 13 22:17:13 dell-nb NetworkManager: dst 192.168.0.1 via  dev wlp2s0 src 192.168.0.3 table 254 (ignored)
Dec 13 22:17:13 dell-nb NetworkManager: set addr: 192.168.0.3
Dec 13 22:17:13 dell-nb NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Dec 13 22:17:13 dell-nb NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <info>  VPN connection 'work' (Connect) reply received.
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <warn>  VPN connection 'work' failed to connect: 'Possible error in IPSec setup.'.
Dec 13 22:17:13 dell-nb NetworkManager[1085]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.

И всё такая же ошибка о не запущенной службе VPN.

[root@dell-nb ipsec.d]# ipsec verify
Verifying installed system and configuration files

Version check and ipsec on-path                   	[OK]
Libreswan U3.13/K(no kernel code presently loaded) on 4.2.6-301.fc23.x86_64
Checking for IPsec support in kernel              	[FAILED]

 The ipsec service should be started before running 'ipsec verify'

Pluto ipsec.conf syntax                           	[OK]
Hardware random device                            	[N/A]
Two or more interfaces found, checking IP forwarding	[OK]
Checking rp_filter                                	[ENABLED]
 /proc/sys/net/ipv4/conf/all/rp_filter            	[ENABLED]
 /proc/sys/net/ipv4/conf/default/rp_filter        	[ENABLED]
 /proc/sys/net/ipv4/conf/eno1/rp_filter           	[ENABLED]
 /proc/sys/net/ipv4/conf/virbr0/rp_filter         	[ENABLED]
 /proc/sys/net/ipv4/conf/virbr0-nic/rp_filter     	[ENABLED]
 /proc/sys/net/ipv4/conf/wlp2s0/rp_filter         	[ENABLED]
  rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running                    	[FAILED]
Checking 'ip' command                             	[OK]
Checking 'iptables' command                       	[OK]
Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options          	[OK]
Opportunistic Encryption                          	[DISABLED]

ipsec verify: encountered 16 errors - see 'man ipsec_verify' for help

Есть идеи?

★★

От этого:

Checking for IPsec support in kernel [FAILED]

должно помочь ″modprobe af_key″

В остальном же, ждать обновлений или обходиться без NM, так как здесь советуют править его исходный код: https://bugzilla.redhat.com/show_bug.cgi?id=887674#c107

mky ★★★★★ ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.