求指教 EdgeMax Router L2TP 配置问题, PSK 认证失败

2016-12-22 11:32:28 +08:00
 hambut

在本版推荐买了 EdgeMax 路由一个比较满意。

最近折腾 L2TP 出现了一点问题求指教。

现在是接口的信息

下面是 l2tp 的相关操作

ubnt@ubnt:~$ configure
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication local-users username ubnt password letmein
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access client-ip-pool start 10.0.1.241
set vpn l2tp remote-access client-ip-pool stop 10.0.1.245
set vpn l2tp remote-access dns-servers server-1 10.0.1.1
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret sharedpass
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access outside-address 0.0.0.0

防火墙操作如下

最后连接 L2TP 时,错误提示为

Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: received Vendor ID payload [RFC 3947]
Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: received Vendor ID payload [Dead Peer Detection]
Dec 22 11:04:38 ubnt pluto[3091]: packet from {client ip}:1011: initial Main Mode message received on {router ip}:500 but no connection has been authorized with policy=PSK

求明白人,解答一下,是什么情况- -

3751 次点击
所在节点    宽带症候群
5 条回复
julyclyde
2016-12-22 15:45:11 +08:00
你这个不是 L2TP 啊,是 L2TP/IPsec
hambut
2016-12-22 16:01:06 +08:00
@julyclyde 是的,同学了解我的设置出什么问题么。
julyclyde
2016-12-22 22:34:10 +08:00
@hambut 我猜是 outside-address 需要明确
ericFork
2016-12-24 01:23:51 +08:00
server 端的日志呢?
hambut
2016-12-26 09:57:23 +08:00
@ericFork 最后一部分就是日志啊。 but no connection has been authorized 。根据关键词搜了很多资料,也没解决问题。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/329360

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX