Zobayer Hasan's questions

我的本地机器CentOS Linux release 7.7.1908 (Core)使用带有 PSK 的 LT2P IPSec 连接到我的工作场所 VPN。我有两个网关，但由于它们都产生相似的日志，我将在此处发布其中一个。

当我尝试连接到我的 VPN（网关 IP 103.7.249.66）时，连接失败（几天前曾经连接过，很奇怪）这是我得到的/var/log/messages：

May 10 11:42:49 nid2_mig NetworkManager[1100]: <info>  [1589089369.6288] audit: op="connection-activate" uuid="20249836-0604-4082-b028-ec61462c2a8e" name="TigerIT1" pid=2653 uid=1002 result="success"
May 10 11:42:49 nid2_mig NetworkManager[1100]: <info>  [1589089369.6321] vpn-connection[0x563b09ece4f0,20249836-0604-4082-b028-ec61462c2a8e,"TigerIT1",0]: Started the VPN service, PID 6949
May 10 11:42:49 nid2_mig NetworkManager[1100]: <info>  [1589089369.6379] vpn-connection[0x563b09ece4f0,20249836-0604-4082-b028-ec61462c2a8e,"TigerIT1",0]: Saw the service appear; activating connection
May 10 11:42:49 nid2_mig NetworkManager[1100]: <info>  [1589089369.6811] vpn-connection[0x563b09ece4f0,20249836-0604-4082-b028-ec61462c2a8e,"TigerIT1",0]: VPN connection: (ConnectInteractive) reply received
May 10 11:42:49 nid2_mig journal: Check port 1701
May 10 11:42:49 nid2_mig NetworkManager: Redirecting to: systemctl restart ipsec.service
May 10 11:42:49 nid2_mig systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May 10 11:42:49 nid2_mig whack: 002 shutting down
May 10 11:42:49 nid2_mig ipsec: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig libipsecconf[6977]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May 10 11:42:49 nid2_mig systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May 10 11:42:49 nid2_mig addconn: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig libipsecconf[6983]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig _stackmanager: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig libipsecconf[6989]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig _stackmanager: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:49 nid2_mig libipsecconf[6994]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:50 nid2_mig ipsec: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:50 nid2_mig libipsecconf[7254]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:50 nid2_mig ipsec: nflog ipsec capture disabled
May 10 11:42:50 nid2_mig systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May 10 11:42:50 nid2_mig libipsecconf[7299]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
May 10 11:42:50 nid2_mig NetworkManager: 002 listening for IKE messages
May 10 11:42:50 nid2_mig NetworkManager: 002 forgetting secrets
May 10 11:42:50 nid2_mig NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
May 10 11:42:50 nid2_mig NetworkManager: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 10 11:42:50 nid2_mig NetworkManager: debugging mode enabled
May 10 11:42:50 nid2_mig NetworkManager: end of file /var/run/nm-l2tp-20249836-0604-4082-b028-ec61462c2a8e/ipsec.conf
May 10 11:42:50 nid2_mig NetworkManager: Loading conn 20249836-0604-4082-b028-ec61462c2a8e
May 10 11:42:50 nid2_mig NetworkManager: starter: left is KH_DEFAULTROUTE
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" labeled_ipsec=0
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" modecfgdns=(null)
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" modecfgdomains=(null)
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" modecfgbanner=(null)
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" mark=(null)
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" mark-in=(null)
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" mark-out=(null)
May 10 11:42:50 nid2_mig NetworkManager: conn: "20249836-0604-4082-b028-ec61462c2a8e" vti_iface=(null)
May 10 11:42:50 nid2_mig NetworkManager: opening file: /var/run/nm-l2tp-20249836-0604-4082-b028-ec61462c2a8e/ipsec.conf
May 10 11:42:50 nid2_mig NetworkManager: loading named conns: 20249836-0604-4082-b028-ec61462c2a8e
May 10 11:42:50 nid2_mig NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
May 10 11:42:50 nid2_mig NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
May 10 11:42:50 nid2_mig NetworkManager: dst  via 192.168.68.1 dev wlp2s0 src  table 254
May 10 11:42:50 nid2_mig NetworkManager: set nexthop: 192.168.68.1
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.68.0 via  dev wlp2s0 src 192.168.68.108 table 254
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254
May 10 11:42:50 nid2_mig NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.68.0 via  dev wlp2s0 src 192.168.68.108 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.68.108 via  dev wlp2s0 src 192.168.68.108 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.68.255 via  dev wlp2s0 src 192.168.68.108 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
May 10 11:42:50 nid2_mig NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
May 10 11:42:50 nid2_mig NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
May 10 11:42:50 nid2_mig NetworkManager: dst 192.168.68.1 via  dev wlp2s0 src 192.168.68.108 table 254
May 10 11:42:50 nid2_mig NetworkManager: set addr: 192.168.68.108
May 10 11:42:50 nid2_mig NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
May 10 11:42:50 nid2_mig NetworkManager: 002 "20249836-0604-4082-b028-ec61462c2a8e" #1: initiating Main Mode
May 10 11:42:50 nid2_mig NetworkManager: 104 "20249836-0604-4082-b028-ec61462c2a8e" #1: STATE_MAIN_I1: initiate
May 10 11:42:50 nid2_mig NetworkManager: 106 "20249836-0604-4082-b028-ec61462c2a8e" #1: STATE_MAIN_I2: sent MI2, expecting MR2
May 10 11:42:50 nid2_mig NetworkManager: 108 "20249836-0604-4082-b028-ec61462c2a8e" #1: STATE_MAIN_I3: sent MI3, expecting MR3
May 10 11:42:50 nid2_mig NetworkManager: 002 "20249836-0604-4082-b028-ec61462c2a8e" #1: Peer ID is ID_IPV4_ADDR: '103.7.249.66'
May 10 11:42:50 nid2_mig NetworkManager: 004 "20249836-0604-4082-b028-ec61462c2a8e" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192 integ=sha group=MODP1024}
May 10 11:42:50 nid2_mig NetworkManager: 002 "20249836-0604-4082-b028-ec61462c2a8e" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:a6c5fe68 proposal=AES_CBC_256-HMAC_SHA1_96, AES_CBC_128-HMAC_SHA1_96, 3DES_CBC-HMAC_SHA1_96 pfsgroup=MODP1024}
May 10 11:42:50 nid2_mig NetworkManager: 117 "20249836-0604-4082-b028-ec61462c2a8e" #2: STATE_QUICK_I1: initiate
May 10 11:42:50 nid2_mig NetworkManager: 010 "20249836-0604-4082-b028-ec61462c2a8e" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
May 10 11:42:51 nid2_mig NetworkManager: 010 "20249836-0604-4082-b028-ec61462c2a8e" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
May 10 11:42:52 nid2_mig NetworkManager: 010 "20249836-0604-4082-b028-ec61462c2a8e" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
May 10 11:42:54 nid2_mig NetworkManager: 010 "20249836-0604-4082-b028-ec61462c2a8e" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response
May 10 11:42:58 nid2_mig NetworkManager: 010 "20249836-0604-4082-b028-ec61462c2a8e" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response
May 10 11:43:00 nid2_mig journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
May 10 11:43:00 nid2_mig NetworkManager[1100]: <info>  [1589089380.2142] vpn-connection[0x563b09ece4f0,20249836-0604-4082-b028-ec61462c2a8e,"TigerIT1",0]: VPN plugin: state changed: stopped (6)
May 10 11:43:00 nid2_mig NetworkManager[1100]: <info>  [1589089380.2161] vpn-connection[0x563b09ece4f0,20249836-0604-4082-b028-ec61462c2a8e,"TigerIT1",0]: VPN service disappeared
May 10 11:43:00 nid2_mig NetworkManager[1100]: <warn>  [1589089380.2168] vpn-connection[0x563b09ece4f0,20249836-0604-4082-b028-ec61462c2a8e,"TigerIT1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

我的系统下没有.conf文件/etc/ipsec.d/。

IP上的跟踪路由：

traceroute to 103.7.249.66 (103.7.249.66), 30 hops max, 60 byte packets
 1  gateway (192.168.68.1)  6.709 ms  6.734 ms  6.703 ms
 2  192.168.0.1 (192.168.0.1)  7.331 ms  7.401 ms  7.390 ms
 3  10.0.0.1 (10.0.0.1)  10.848 ms  10.834 ms  10.811 ms
 4  228.51.103-1-baninetworks.com (103.51.228.1)  10.786 ms  10.765 ms  10.739 ms
 5  220.152.112.213 (220.152.112.213)  8.062 ms  8.091 ms  10.269 ms
 6  103.7.248.109 (103.7.248.109)  15.651 ms  14.175 ms  14.188 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
.........

本地 IP 路由表：

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.68.1    0.0.0.0         UG    600    0        0 wlp2s0
192.168.68.0    0.0.0.0         255.255.255.0   U     600    0        0 wlp2s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

我nm-connection-editor用来创建/更新 VPN 连接。我没有在 IPSec 或 PPP 设置下摆弄任何东西。当前配置如下所示：

我已尝试多次删除和创建连接。有时重新配置连接可以在 Windows 上工作，但在 CentOS 的情况下没有帮助。

我的机器通过 WiFi 网状路由器连接到互联网，但是，我的另一台机器 (Windows) 和我的手机 (Android) 也连接在同一个网络中，我可以从这些设备连接到 VPN。我没有更改任何与 IP 转发或 MTU 相关的内容。尝试联系我的网络管理员，但由于无法建立连接，他们无法透露太多信息。但是，如果我知道要问什么，我可以问他们任何具体问题。

我认为这与我的 ISP 无关，因为我可以从其他操作系统连接。

我想调查发生了什么问题。我对网络通信接口知之甚少，但在尝试从互联网上进行随机修复之前，我想了解更多。让我知道我是否可以提供更多信息。

我曾经从我的 F29 笔记本电脑连接到工作场所的 VPN 网络。自过去 3 天以来，它一直无法建立连接，到目前为止，我无法自行确定出了什么问题。F29 没有详细报告任何问题。简单地告诉我Activation of network connection failed。

连接类型：使用 PSK 到 L2TP 主机的具有 IPSec 隧道的 VPN。没有指定算法。

我尝试过的事情：

• 重新创建连接，但它没有工作。
• 能够从我的家庭网络连接到我的 Android 手机中的 VPN，并从其他网络连接到我朋友的 mac。
• 能够从我的 F29（家庭网络）ping 网关 IP。
• 联系了我的 VPN 管理员，当我尝试从 F29 连接到 VPN 时，他通知我他根本没有收到任何请求。
• 不确定这是否与问题有关，但像 PureVPN 这样的 VPN 服务仍然可以从 F29 运行。

可能相关的日志：

系统版本：5.0.5-200.fc29.x86_64

用于nmcli列出连接并获取它们的 UUID：

# nmcli con show
NAME              UUID                                  TYPE      DEVICE    
........................................................................
...............................redacted.................................
........................................................................
TigerIT           f67aaed5-a0c3-454d-8c06-f7efcf03efe8  vpn       --   

最后一行是我的 VPN 连接的名称。当我尝试使用 连接到我的 VPNnmcli时，我得到以下输出：

# nmcli con up uuid f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Error: Connection activation failed: Unknown reason

我查找了此类错误，但到目前为止找不到任何对我有用的东西。

journalctl -f尝试连接时的输出：

（我编辑了一些 pluto 和网络管理员的 dst 日志以使其更短一些）

Apr 10 21:52:18 hyperion NetworkManager[1094]: <info>  [1554911538.3635] audit: op="connection-activate" uuid="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" name="TigerIT" pid=1893 uid=1000 result="success"
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info>  [1554911538.3673] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Started the VPN service, PID 10846
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info>  [1554911538.3748] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Saw the service appear; activating connection
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info>  [1554911538.3791] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: (ConnectInteractive) reply received
Apr 10 21:52:18 hyperion nm-l2tp-service[10846]: Check port 1701
Apr 10 21:52:18 hyperion NetworkManager[1094]: Redirecting to: systemctl restart ipsec.service
Apr 10 21:52:18 hyperion systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion pluto[10438]: shutting down
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IPSEC_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=8, satype=ipsec-policy samode=transport cipher=none ksize=0 integ=none in-spi=0(0x00000000) out-spi=1365708687(0x1365708687) in-ipcomp=0(0x00000000) out-ipcomp=0(0x00000000) laddr=192.1 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IKE_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=6 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048  laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion pluto[10438]: forgetting secrets
Apr 10 21:52:18 hyperion whack[10860]: 002 shutting down
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8": deleting non-instance connection
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #8: deleting state (STATE_QUICK_I1) and NOT sending notification
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #6: deleting state (STATE_MAIN_I4) and sending notification
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo ::1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:500
Apr 10 21:52:18 hyperion pluto[10438]: leak detective found no leaks
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=1365708687(0x51670f8f) res=1
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=3823187978(0xe3e1380a) res=1
Apr 10 21:52:18 hyperion ipsec[10863]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10865]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Apr 10 21:52:18 hyperion audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 21:52:18 hyperion systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion addconn[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10872]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10877]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[11158]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: nflog ipsec capture disabled
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 listening for IKE messages
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 24
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 24
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 forgetting secrets
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:4500 23
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:4500 fd 23
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 22
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 22
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:4500 21
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:4500 fd 21
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:500 20
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:500 fd 20
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:4500 19
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:4500 fd 19
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:500 18
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:500 fd 18
Apr 10 21:52:18 hyperion pluto[11167]: forgetting secrets
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: debugging mode enabled
Apr 10 21:52:18 hyperion NetworkManager[1094]: end of file /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: Loading conn f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Apr 10 21:52:18 hyperion NetworkManager[1094]: starter: left is KH_DEFAULTROUTE
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdns=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdomains=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgbanner=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-in=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-out=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" vti_iface=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: opening file: /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: loading named conns: f67aaed5-a0c3-454d-8c06-f7efcf03efe8
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 10 21:52:18 hyperion pluto[11167]: added connection description "f67aaed5-a0c3-454d-8c06-f7efcf03efe8"
Apr 10 21:52:18 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 104 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: initiate
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:20 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:20 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:22 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:22 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:26 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:26 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion NetworkManager[1094]: 106 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion NetworkManager[1094]: 108 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion audit[11167]: CRYPTO_IKE_SA pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=start direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=1 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048  laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 004 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048}
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048}
Apr 10 21:52:27 hyperion NetworkManager[1094]: 117 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: initiate
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
Apr 10 21:52:27 hyperion pluto[11167]: | ISAKMP Notification Payload
Apr 10 21:52:27 hyperion pluto[11167]: |   00 00 00 10  00 00 00 01  03 04 00 0e
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:27 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:28 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion nm-l2tp-service[10846]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info>  [1554911548.9644] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN plugin: state changed: stopped (6)
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info>  [1554911548.9674] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN service disappeared
Apr 10 21:52:28 hyperion NetworkManager[1094]: <warn>  [1554911548.9687] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 10 21:52:29 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:29 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
...

我检查了警告，这些似乎是无害的。我不明白为什么网络管理器无法保持连接。

我怎样才能弄清楚出了什么问题以及如何解决它？