IPSec/L2TP多ip VPN服务器:与不同ip失败连接
IPSec/L2TP多ip VPN服务器:与不同ip失败连接
提问于 2015-06-30 03:22:19
我已经在运行UbuntuServer12.04的EC2上设置了一个IPSec/L2TPVPN服务器,使用openswan 2.6.37/xl2tpd 1.3.1。当我连接默认IP (私有IP : 172.31.14.4,公共IP: 54.69.159.5)时,它是成功的,但如果连接宽度第二个IP (私有IP :172.31.1.40,公共IP: 54.68.144.45),则会失败。
我想设置这个vpn服务器可以连接不同的IP,并使客户端IP显示为连接VPN的公共IP.
。
以下是错误连接时的日志:
/var/log/syslog
Jun 30 11:03:16 hostname xl2tpd[9964]: get_call: allocating new tunnel for host x.x.x.x, port 1701.
Jun 30 11:03:18 hostname xl2tpd[9964]: get_call: allocating new tunnel for host x.x.x.x, port 1701.
Jun 30 11:03:18 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one.
Jun 30 11:03:18 hostname xl2tpd[9964]: build_fdset: closing down tunnel 51911
Jun 30 11:03:19 hostname xl2tpd[9964]: get_call: allocating new tunnel for host x.x.x.x, port 1701.
Jun 30 11:03:19 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one.
Jun 30 11:03:19 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:19 hostname xl2tpd[9964]: build_fdset: closing down tunnel 32530
Jun 30 11:03:19 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:23 xl2tpd[9964]: last message repeated 3 times
Jun 30 11:03:23 hostname xl2tpd[9964]: get_call: allocating new tunnel for host x.x.x.x, port 1701.
Jun 30 11:03:23 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one.
Jun 30 11:03:23 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:23 hostname xl2tpd[9964]: build_fdset: closing down tunnel 44586
Jun 30 11:03:23 hostname xl2tpd[9964]: Maximum retries exceeded for tunnel 32176. Closing.
Jun 30 11:03:23 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:23 hostname xl2tpd[9964]: Connection 2 closed to x.x.x.x, port 1701 (Timeout)
Jun 30 11:03:24 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:28 xl2tpd[9964]: last message repeated 3 times
Jun 30 11:03:28 hostname xl2tpd[9964]: Unable to deliver closing message for tunnel 32176. Destroying anyway.
Jun 30 11:03:31 hostname xl2tpd[9964]: get_call: allocating new tunnel for host x.x.x.x, port 1701.
Jun 30 11:03:33 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:38 xl2tpd[9964]: last message repeated 4 times
Jun 30 11:03:38 hostname xl2tpd[9964]: Maximum retries exceeded for tunnel 55170. Closing.
Jun 30 11:03:38 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:38 hostname xl2tpd[9964]: Connection 2 closed to x.x.x.x, port 1701 (Timeout)
Jun 30 11:03:39 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:40 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:41 hostname xl2tpd[9964]: get_call: allocating new tunnel for host x.x.x.x, port 1701.
Jun 30 11:03:41 hostname xl2tpd[9964]: control_finish: Peer requested tunnel 2 twice, ignoring second one.
Jun 30 11:03:41 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:41 hostname xl2tpd[9964]: build_fdset: closing down tunnel 16380
Jun 30 11:03:41 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:42 hostname xl2tpd[9964]: udp_xmit failed to x.x.x.x:1701 with err=-1:Operation not permitted
Jun 30 11:03:43 hostname xl2tpd[9964]: Unable to deliver closing message for tunnel 55170. Destroying anyway.这是我的配置:
/etc/ipsec.conf
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=netkey
conn %default
forceencaps=yes
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=172.31.14.4
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
conn L2TP-PSK-noNAT-2
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=172.31.1.40
leftprotoport=17/1701
right=%any
rightprotoport=17/%any/etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = yes
debug tunnel = yes
[lns default]
ip range = 10.1.2.2-10.1.2.20
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes/etc/ppp/options.xl2tpd
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4回答 1
Server Fault用户
回答已采纳
发布于 2016-11-10 19:00:41
不确定你还需要答案,但我从未在谷歌看到过类似问题的答案。我的EC2实例上只有一对in,但日志中的错误是:udp_xmit failed... Operation not permitted。配置中的这个编辑帮助了我:nat_traversal=no。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/702495
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号