OpenWRT StrongSwan IPsec客户端连接(“用户”(本人)的XAuth身份验证失败)
OpenWRT StrongSwan IPsec客户端连接(“用户”(本人)的XAuth身份验证失败)
提问于 2017-08-02 15:08:03
我正在尝试将我的OpenWRT路由器配置为连接到远程VPN服务器。我拥有的凭据是正确的,但由于某种原因,连接在路由器上无法进行身份验证。这是我的秘密
/etc/ipsec.conf
conn l2tpconn
keyexchange=ikev1
authby=xauthpsk
xauth=client
left=%defaultroute
leftsourceip=%config
leftfirewall=yes
leftauth=psk
leftauth2=xauth
leftid=user
right=<server_ip>
rightsubnet=0.0.0.0/0
rightauth=psk
rightauth2=xauth
auto=add/etc/ipsec.secrets .秘密
%any <server_ip> : PSK 'secret'
'user' : XAUTH 'password'日志
initiating Main Mode IKE_SA l2tpconn[39] to <server_ip>
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.1.18[500] to <server_ip>[500] (224 bytes)
received packet: from <server_ip>[500] to 192.168.1.18[500] (156 bytes)
parsed ID_PROT response 0 [ SA V V V V ]
received DPD vendor ID
received FRAGMENTATION vendor ID
received XAuth vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.18[500] to <server_ip>[500] (372 bytes)
received packet: from <server_ip>[500] to 192.168.1.18[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
remote host is behind NAT
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (92 bytes)
received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes)
parsed TRANSACTION request 2614881849 [ HASH CPRQ(X_USER X_PWD) ]
generating TRANSACTION response 2614881849 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (108 bytes)
received packet: from <server_ip>[4500] to 192.168.1.18[4500] (76 bytes)
parsed TRANSACTION request 645236074 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'user' (myself) failed
generating TRANSACTION response 645236074 [ HASH CPA(X_STATUS) ]
sending packet: from 192.168.1.18[4500] to <server_ip>[4500] (76 bytes)
establishing connection 'l2tpconn' failed也许这很简单,我很怀念,但是如果你们都有什么建议的话,那会很有帮助的。谢谢。
回答 1
Server Fault用户
回答已采纳
发布于 2017-08-02 17:40:23
所以,我弄明白了我的问题是什么,它是一个不同的东西的组合。
- 我没有意识到服务器正在将XAUTH请求记录到/var/log/auth.log,我认为它在/var/log/syslog中
- 在阅读了日志之后,我注意到它正在检查/etc/ipsec.d/passwd中的凭据,而不是/etc/ppp/chap--就像我想的那样,不管出于什么原因。
然后,我将用户名和散列密码(OpenSSLpasswd-1 " password ")添加到/etc/ipconf.d.d/ passwd中,它起了作用。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/866503
复制相关文章
相似问题
腾讯云开发者
