SonicOS增强5.8.1.2 L2TP VPN身份验证失败

Question

我有一个SonicWall TZ 215运行SonicOS增强型5.8.1.2-6o。我已经使用默认的密码套件ESP: 3 3DES/ L2TP SHA1 (IKE)配置了HMAC VPN。建议如下：

IKE (第一期)建议

1. 卫生署小组:第二组
2. 加密:3 3DES
3. 身份验证: SHA1
4. 寿命(秒)：28800

Ipsec (第二阶段)提案

1. 议定书: ESP
2. 加密:3 3DES
3. 身份验证: SHA1
4. 禁用完全前向保密功能
5. 寿命(秒)：28800

当试图通过我的Mac客户端进行连接时，我会得到一个身份验证错误。它似乎通过了预认证，但未能完成。我完全不知所措。我从零开始重新配置多个times...used简单用户名和密码，以验证这不是一个错误的密码问题。我在这里有日志(为隐私起见，已删除了IP )：

7/1/13 8:19:05.174 PM pppd[1268]: setup_security_context server port: 0x1503
7/1/13 8:19:05.190 PM pppd[1268]: publish_entry SCDSet() failed: Success!
7/1/13 8:19:05.191 PM pppd[1268]: publish_entry SCDSet() failed: Success!
7/1/13 8:19:05.191 PM pppd[1268]: pppd 2.4.2 (Apple version 727.1.1) started by dean, uid 501
7/1/13 8:19:05.192 PM pppd[1268]: L2TP connecting to server ‘0.0.0.0’ (0.0.0.0)...
7/1/13 8:19:05.193 PM pppd[1268]: IPSec connection started
7/1/13 8:19:05.208 PM racoon[1269]: accepted connection on vpn control socket.
7/1/13 8:19:05.209 PM racoon[1269]: Connecting.
7/1/13 8:19:05.209 PM racoon[1269]: IPSec Phase 1 started (Initiated by me).
7/1/13 8:19:05.209 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
7/1/13 8:19:05.209 PM racoon[1269]: >>>>> phase change status = Phase 1 started by us
7/1/13 8:19:05.231 PM racoon[1269]: >>>>> phase change status = Phase 1 started by peer
7/1/13 8:19:05.231 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
7/1/13 8:19:05.234 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
7/1/13 8:19:05.293 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
7/1/13 8:19:05.295 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6).
7/1/13 8:19:05.315 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode).
7/1/13 8:19:05.315 PM racoon[1269]: IPSec Phase 1 established (Initiated by me).
7/1/13 8:19:06.307 PM racoon[1269]: IPSec Phase 2 started (Initiated by me).
7/1/13 8:19:06.307 PM racoon[1269]: >>>>> phase change status = Phase 2 started
7/1/13 8:19:06.308 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
7/1/13 8:19:06.332 PM racoon[1269]: attribute has been modified.
7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
7/1/13 8:19:06.333 PM racoon[1269]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode).
7/1/13 8:19:06.333 PM racoon[1269]: IPSec Phase 2 established (Initiated by me).
7/1/13 8:19:06.333 PM racoon[1269]: >>>>> phase change status = Phase 2 established
7/1/13 8:19:06.333 PM pppd[1268]: IPSec connection established
7/1/13 8:19:07.145 PM pppd[1268]: L2TP connection established.
7/1/13 8:19:07.000 PM kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 3)
7/1/13 8:19:07.146 PM pppd[1268]: Connect: ppp0 <--> socket[34:18]
7/1/13 8:19:08.709 PM pppd[1268]: MS-CHAPv2 mutual authentication failed.
7/1/13 8:19:08.710 PM pppd[1268]: Connection terminated.
7/1/13 8:19:08.710 PM pppd[1268]: L2TP disconnecting...
7/1/13 8:19:08.711 PM pppd[1268]: L2TP disconnected
7/1/13 8:19:08.711 PM racoon[1269]: IPSec disconnecting from server 0.0.0.0
7/1/13 8:19:08.711 PM racoon[1269]: IKE Packet: transmit success. (Information message).
7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
7/1/13 8:19:08.712 PM racoon[1269]: IKE Packet: transmit success. (Information message).
7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
7/1/13 8:19:08.713 PM racoon[1269]: glob found no matches for path "/var/run/racoon/*.conf"
7/1/13 8:19:08.714 PM racoon[1269]: pfkey DELETE failed: No such file or directory

Answer 1

我自己解决。万一有人在L2TP 5.8上遇到这种配置SonicOS :SonicOS的首选身份验证方法是MSCHAPv2。我查看了我的日志，发现我的预身份验证在这两个阶段都是成功的，但是在MSCHAPv2相互身份验证期间，我得到了一个身份验证错误。我将首选的方法改为CHAP，而不是Microsoft实现，它可以工作。我猜这是OS的事。