Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xl2tpd.service: main process exited, code=exited, status=1/FAILURE #1574

Closed
hui-QY opened this issue Jul 10, 2024 · 3 comments
Closed

xl2tpd.service: main process exited, code=exited, status=1/FAILURE #1574

hui-QY opened this issue Jul 10, 2024 · 3 comments

Comments

@hui-QY
Copy link

hui-QY commented Jul 10, 2024
edited by hwdsl2
Loading

大佬可以帮忙看看吗 o(╥﹏╥)o

Describe the issue
xl2tpd 启动失败

刚开始安装完是正常的,用华为手机连接测试没用题,用的 IKEv2 VPN 客户端方式连接

下午在win11上也是用IKEv2 VPN 客户端方式连接,第一次连接成功,用IP地址网站查看已经是VPN服务器的IP了,但网速很慢
google 都用不了

提示

无法建立计算机与 VPN 服务器之间的网络连接,因为远程服务器未响应,这可能是因为未将计算机,与远程服务器之间的某种网络设备(如防火墙、NAT、路由器等)配置为允许VPN 连接,请与管理员或服务提供商联系以确定哪种设备可能产生此问题,

然后在手机上也连接不了了
这是手机连接的日志

Jul 10 18:13:31 00[DMN] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Jul 10 18:13:31 00[DMN] Starting IKE service (strongSwan 5.9.13, Android 12 - LIO-AN00 4.2.0.120(SP1C00E100R5P4)/2021-10-05, LIO-AN00 - HUAWEI/LIO-AN00/HUAWEI, Linux 5.10.43, aarch64, org.strongswan.android)
Jul 10 18:13:31 00[LIB] providers loaded by OpenSSL: legacy default
Jul 10 18:13:31 00[LIB] loaded plugins: androidbridge charon android-log socket-default openssl nonce pkcs1 pem x509 xcbc kdf revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls
Jul 10 18:13:31 00[JOB] spawning 16 worker threads
Jul 10 18:13:31 06[CFG] loaded user certificate 'CN=vpnclient, O=IKEv2 VPN' and private key
Jul 10 18:13:31 06[CFG] loaded CA certificate 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jul 10 18:13:31 06[IKE] initiating IKE_SA android[1] to ip
Jul 10 18:13:31 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jul 10 18:13:31 06[NET] sending packet: from 10.1.27.31[53589] to ip[500] (464 bytes)
Jul 10 18:13:33 09[IKE] retransmit 1 of request with message ID 0
Jul 10 18:13:33 09[NET] sending packet: from 10.1.27.31[53589] to ip[500] (464 bytes)
Jul 10 18:13:33 10[NET] received packet: from ip[500] to 10.1.27.31[53589] (487 bytes)
Jul 10 18:13:33 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(FRAG_SUP) N(HASH_ALG) N(NATD_S_IP) N(NATD_D_IP) N(CHDLESS_SUP) CERTREQ ]
Jul 10 18:13:33 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jul 10 18:13:33 10[IKE] local host is behind NAT, sending keep alives
Jul 10 18:13:33 10[IKE] remote host is behind NAT
Jul 10 18:13:33 10[IKE] received cert request for "CN=IKEv2 VPN CA, O=IKEv2 VPN"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info@e-szigno.hu"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT"
Jul 10 18:13:33 10[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2"
Jul 10 18:13:33 10[IKE] sending cert request for "O=Cybertrust, Inc, CN=Cybertrust Global Root"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=Secure Global CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=SecureTrust CA"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3"
Jul 10 18:13:33 10[IKE] sending cert request for "O=TeliaSonera, CN=TeliaSonera Root CA v1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Networking"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Global G2 Root"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)"
Jul 10 18:13:33 10[IKE] sending cert request for "C=FR, O=Dhimyotis, CN=Certigna"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "CN=Atos TrustedRoot 2011, O=Atos, C=DE"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=FI, O=Sonera, CN=Sonera Class2 CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA"
Jul 10 18:13:33 10[IKE] sending cert request for "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Extended Validation Root"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, O=IZENPE S.A., CN=Izenpe.com"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., 55:04:61=VATHU-23584497, CN=e-Szigno Root CA 2017"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HU, L=Budapest, O=NetLock Kft., OU=Tan??s??tv??nykiad??k (Certification Services), CN=NetLock Arany (Class Gold) F??tan??s??tv??ny"
Jul 10 18:13:33 10[IKE] sending cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, O=Trustis Limited, OU=Trustis FPS Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=RO, O=certSIGN, OU=certSIGN ROOT CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Commercial"
Jul 10 18:13:33 10[IKE] sending cert request for "C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "CN=IKEv2 VPN CA, O=IKEv2 VPN"
Jul 10 18:13:33 10[IKE] authentication of 'CN=vpnclient, O=IKEv2 VPN' (myself) with RSA_EMSA_PSS_SHA2_256_SALT_32 successful
Jul 10 18:13:33 10[IKE] sending end entity cert "CN=vpnclient, O=IKEv2 VPN"
Jul 10 18:13:33 10[IKE] establishing CHILD_SA android{1}
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jul 10 18:13:33 10[ENC] splitting IKE message (4384 bytes) into 4 fragments
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(1/4) ]
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(2/4) ]
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(3/4) ]
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(4/4) ]
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:35 11[IKE] retransmit 1 of request with message ID 1
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:38 13[IKE] retransmit 2 of request with message ID 1
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:43 14[IKE] retransmit 3 of request with message ID 1
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:48 16[IKE] giving up after 3 retransmits
Jul 10 18:13:48 16[IKE] establishing IKE_SA failed, peer not responding
Jul 10 18:13:48 16[IKE] unable to terminate IKE_SA: ID 1 not found

xl2tpd 日志

[root@10-8-12-176 log]# grep xl2tpd /var/log/messages
Jul 10 10:44:04 10-8-12-176 yum[27104]: Installed: xl2tpd-1.3.15-1.el7.x86_64
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Not looking for kernel SAref support.
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Using l2tp kernel support.
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: xl2tpd version xl2tpd-1.3.15 started on 10-8-12-176 PID:31026
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Inherited by Jeff McAdams, (C) 2002
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Listening on IP address 0.0.0.0, port 1701
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[31026]: death_handler: Fatal signal 15 received
Jul 10 18:41:12 10-8-12-176 systemd: xl2tpd.service: main process exited, code=exited, status=1/FAILURE
Jul 10 18:41:12 10-8-12-176 systemd: Unit xl2tpd.service entered failed state.
Jul 10 18:41:12 10-8-12-176 systemd: xl2tpd.service failed.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Not looking for kernel SAref support.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Using l2tp kernel support.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: xl2tpd version xl2tpd-1.3.15 started on 10-8-12-176 PID:26936
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Inherited by Jeff McAdams, (C) 2002
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Listening on IP address 0.0.0.0, port 1701
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[26936]: death_handler: Fatal signal 15 received
Jul 10 19:01:35 10-8-12-176 systemd: xl2tpd.service: main process exited, code=exited, status=1/FAILURE
Jul 10 19:01:35 10-8-12-176 systemd: Unit xl2tpd.service entered failed state.
Jul 10 19:01:35 10-8-12-176 systemd: xl2tpd.service failed.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Not looking for kernel SAref support.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Using l2tp kernel support.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: xl2tpd version xl2tpd-1.3.15 started on 10-8-12-176 PID:30038
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Inherited by Jeff McAdams, (C) 2002
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Listening on IP address 0.0.0.0, port 1701

一部分pluto日志

Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2> #1: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2> #2: ESP traffic information: in=0B out=0B
Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2> #1: deleting IKE SA (established IKE SA)
Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2>: deleting connection instance with peer <ip2>
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: processed IKE_SA_INIT request from <ip>:UDP/29988 {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Jul 10 19:16:20 10-8-12-176 pluto[30007]: adding the CA+root cert O=IKEv2 VPN,CN=IKEv2 VPN CA
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: responder established IKE SA; authenticated peer certificate 'CN=vpnclient, O=IKEv2 VPN' and 3072-bit PKCS#1 1.5 RSA with SHA1 signature issued by 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #4: proposal 1:ESP=AES_GCM_C_128-ESN:NO SPI=f504488e chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=NO[first-match]
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0/0===192.168.43.10/32] {ESPinUDP=>0xf504488e <0xe35681f9 xfrm=AES_GCM_16_128-NONE NATD=<ip>:29990 DPD=active}
Jul 10 19:16:21 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:22 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: processed IKE_SA_INIT request from <ip>:UDP/29988 {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: responder established IKE SA; authenticated peer certificate 'CN=vpnclient, O=IKEv2 VPN' and 3072-bit PKCS#1 1.5 RSA with SHA1 signature issued by 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #6: proposal 1:ESP=AES_GCM_C_128-ESN:NO SPI=cc1631ba chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=NO[first-match]
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0/0===192.168.43.10/32] {ESPinUDP=>0xcc1631ba <0x4c5ec9a7 xfrm=AES_GCM_16_128-NONE NATD=<ip>:29990 DPD=active}
Jul 10 19:16:28 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:29 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:57 10-8-12-176 pluto[30007]: | adding INFORMATIONAL request to IKE SA #5's message queue
Jul 10 19:16:58 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jul 10 19:16:58 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jul 10 19:16:59 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jul 10 19:17:01 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jul 10 19:17:05 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jul 10 19:17:13 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jul 10 19:17:29 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jul 10 19:18:01 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jul 10 19:19:05 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jul 10 19:21:13 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jul 10 19:21:27 10-8-12-176 pluto[30007]: freeing root certificate cache
[root@10-8-12-176 log]# grep pluto /var/log/secure |grep err
Jul 10 17:47:23 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:47:51 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:48:24 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:49:03 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:49:04 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:49:05 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Del SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 18:53:16 10-8-12-176 pluto[26858]: "ikev2-cp"[2] <ip3> #5: encountered fatal error in state STATE_V2_PARENT_R0
Jul 10 18:53:20 10-8-12-176 pluto[26858]: "ikev2-cp"[3] <ip4> #7: encountered fatal error in state STATE_V2_PARENT_R0
@hui-QY
Copy link
Author

hui-QY commented Jul 10, 2024

这是Linux 系统版本
[root@10-8-12-176 log]# uname -a
Linux 10-8-12-176 4.19.188-10.el7.ucloud.x86_64 #1 SMP Wed Apr 28 09:54:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@10-8-12-176 log]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

@hwdsl2
Copy link
Owner

hwdsl2 commented Jul 10, 2024

@hui-QY 你好!根据你的描述,xl2tpd 的这个错误信息可以忽略,因为它是服务退出时的正常的日志。另外在通过 IKEv2 模式连接时,不使用 xl2tpd 服务。对于你遇到的问题,根据日志中的 retransmission 等错误来看,可能是 VPN 连接被防火墙比如 GFW 屏蔽或干扰了。对于此用例,你可以另外尝试其他解决方案,比如 Shadowsocks。

@hwdsl2 hwdsl2 closed this as completed Jul 10, 2024
@hui-QY
Copy link
Author

hui-QY commented Jul 11, 2024

@hwdsl2 好的,谢谢^_^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hwdsl2 @hui-QY