Comments (32)
Hi @billychow
Which VPN client did you use? Is it Android 6 Marshmallow? Did you see any error message?
from setup-ipsec-vpn.
@billychow If you are using Mac OS X as the VPN client, please refer to [1] for a workaround.
[1] #14 (comment)
from setup-ipsec-vpn.
我也遇到同样的问题,根本连接不上vpn,用的vultr洛杉矶机房centos6 x64 ,错误信息是这样的,L2TP连接尝试失败,因为安全层在初始化与远程计算机的协商时遇到一个处理错误,之前用amazon的ES2也同样问题。
from setup-ipsec-vpn.
@AlphaBrock May I know which VPN client are you using? And which version (e.g. WIndows XP)?
from setup-ipsec-vpn.
@hwdsl2 Thanks for the reply.
I used system native VPN client, both tested on Windows 7 and Android 5.0.
I will try again on OS X tonight.
from setup-ipsec-vpn.
windows 10 10586, @hwdsl2 ,我尝试了修改注册表,解决了这个问题:,L2TP连接尝试失败,因为安全层在初始化与远程计算机的协商时遇到一个处理错误。但是新的问题也来了,按照你说了再修改注册表以解决 VPN 服务器和客户端与 NAT (比如家用路由器)的兼容问题,这个我试过了,还是无效。使用的是win10自带的vpn连接的
from setup-ipsec-vpn.
@billychow OK. Did the VPN work fine when connecting from Windows 7 and Android 5.0?
@AlphaBrock 请问你的意思是说 Error 789 已解决,但是现在仍然有 Error 809 错误对吗?
from setup-ipsec-vpn.
win10 我用了註冊表後是可以連的
另外記得把微軟驗證的勾取消
from setup-ipsec-vpn.
@hwdsl2 是的 按照你给出的代码 在ms-dos执行了代码 重启电脑,还是809。
from setup-ipsec-vpn.
@hwdsl2 是的,VPN 可以连接上,但是连接上后的问题就是外网不通了。只能 PING 通本地内网和 VPN 内网网关。
from setup-ipsec-vpn.
@monochrome-yeh 请问那个验证在哪取消呢,我在:控制面板-网络和 Internet-网络连接-VPN-属性-选项卡没有找到这个的说。
from setup-ipsec-vpn.
@AlphaBrock 试一下手动添加该注册表键:
- 点击 Windows“开始”菜单中的运行,然后在运行对话框中输入 regedit。
- 找到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
- 选择编辑 > 新建 > DWORD 值,将其命名为 AssumeUDPEncapsulationContextOnSendRule ,在值数据下,输入 2
- 重启计算机。
那个是在VPN属性的安全选项卡,允许以下协议,只勾选 CHAP。不勾选 MS-CHAP v2。
@billychow 感觉是服务器 IPTables 的问题。运行命令 iptables -t nat -nvL
看一下输出。
from setup-ipsec-vpn.
@AlphaBrock 在屬性→安全
勾 CHAP
不勾 Microsoft CHAP
from setup-ipsec-vpn.
@AlphaBrock 註冊碼你開cmd時,有用管理員身份開啟cmd嗎? 不然你下註冊碼是會回應說你沒有權限的
from setup-ipsec-vpn.
from setup-ipsec-vpn.
@hwdsl2 I think this issue isn't relation of this repos.
from setup-ipsec-vpn.
[root@*** ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
空的,我直接把 iptables 给停了
from setup-ipsec-vpn.
@monochrome-yeh CMD我就是用的管理员权限执行的,刚手动修改注册表,然而还是无效,勾选了CHAP
from setup-ipsec-vpn.
@billychow 那问题找到了,有两个 IPTables NAT 规则是 VPN 正常工作所必需的。运行以下命令重新添加。然后应该可以连外网。
PRIVATE_IP=$(ip -4 route get 1 | awk '{print $NF;exit}')
iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
@AlphaBrock 请问你解决 Error 789 时对注册表做了什么更改呢?
@monochrome-yeh 感谢反馈。我先把bug关掉,大家可以继续讨论。
from setup-ipsec-vpn.
@hwdsl2 1. 单击“开始”,单击“运行”,键入“regedit”,然后单击“确定”
2. 找到下面的注册表子项,然后单击它:
HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Services\Rasman\Parameters
3. 在“编辑”菜单上,单击“新建”->“DWORD值”
4. 在“名称”框中,键入“ProhibitIpSec”
5. 在“数值数据”框中,键入“1”,然后单击“确定”
6. 退出注册表编辑器,然后重新启动计算机 按照这个方法做的
from setup-ipsec-vpn.
@AlphaBrock 理论上那个 ProhibitIpSec 键值是不需要的。试一下去掉它,然后重启计算机。看是否解决 Error 809。
from setup-ipsec-vpn.
@AlphaBrock 另外试一下Windows 10的正常模式重启 (不用 Fast Startup):
按住 Shift 键然后点开始菜单里的关机。等一会后再按电源按钮开机。然后看一下是否 Error 809 已解决。
from setup-ipsec-vpn.
@hwdsl2 去掉那个注册表就是789错误,我试试
from setup-ipsec-vpn.
@hwdsl2 都不行的说,修复789就有809,看来俺是注定无法使用ipsec-vpn,只用用pptp了,还有那Android 4.4也无法使用,系统是MIUI。
from setup-ipsec-vpn.
@AlphaBrock 试过正常重启(按住Shift键点关机然后开机)了吗?
from setup-ipsec-vpn.
@hwdsl2 全都试过了
from setup-ipsec-vpn.
@AlphaBrock 在服务器上运行一下 grep pluto /var/log/auth.log /var/log/secure
看一下日志。如需要可去掉IP等信息。
另外检查一下你的路由器的 VPN Passthrough 选项是否已打开。
from setup-ipsec-vpn.
@hwdsl2 /var/log/secure:May 31 06:58:45 AlphaBrock pluto[1630]: packet from x.x.x.x:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
/var/log/secure:May 31 06:58:45 AlphaBrock pluto[1630]: packet from x.x.x.x:500: initial Main Mode message received on x.x.x.x:500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
连接非授权PSK+IKEV1_,俺不晓得咋回事了,
x.x.x.x %any : PSK "*****"
"*****" l2tpd "*****" *
信息没错啊,按照这填的。
from setup-ipsec-vpn.
@AlphaBrock 检查一下VPN属性中的类型是否选择 “使用 IPsec 的第 2 层隧道协议 (L2TP/IPSec)”。重新按照这里的说明创建一下 VPN 连接 https://git.io/vpnclients
帮你隐去了IP等信息。不过最好改个密码。
from setup-ipsec-vpn.
@hwdsl2 好吧,全都试过了,均无效,win10修复789 809就无解,win7无789但按照你说的方法修复809也行不通照样有809错误,安卓4.4更是没法使用,看来注定与IPsec无缘。
from setup-ipsec-vpn.
這也是為什麼win10我後來只拿來當遊戲機打了 hahahaha
from setup-ipsec-vpn.
@AlphaBrock 我试了一下,不可以添加那个 ProhibitIpSec 注册表键值。否则确实会出现 Error 809。请先删掉该键并重启,在 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters
关于 Error 789 的问题: 先按 Windows Key + R 打开运行窗口,输入 services.msc 回车。找到这个服务 "IKE and AuthIP IPsec Keying Modules (IKEEXT)" ,右键单击选择启动。如已禁用,可右键单击选择属性,然后在下拉框改为自动启动。如果该服务被禁用,会导致 Error 789。
另外试一下重启服务器,或运行 service ipsec restart
。因为来自相同IP的重复连接可能出现 Error 789。
from setup-ipsec-vpn.
Related Issues (20)
- VPN not working on Iphone while using Cellular Data HOT 14
- Support for Unifi Routers in Site-to-Site mode? HOT 3
- tunnel between HOT 2
- Same configuration file for different servers HOT 1
- 【教程】Windows下的IKEv2连接后,实现仅内网请求走VPN,公网请求走客户端自身网络 HOT 2
- 我只想通过VPN访问服务器的内网,不想通过VPN访问服务器的外网,应该怎么弄呢? HOT 1
- how to configure ipsec vpn over tcp port HOT 8
- 希望能在wiki中加入IPsec-VPN迁移的相关内容 HOT 1
- Question - how to config client for not "tunnel-all" with ikev2? HOT 1
- 关于buildroot 下 4g 链接问题 HOT 2
- ios17系统版本下 使用ikev2协议进行连接有误 HOT 1
- No Internet while connected to vpn HOT 5
- Problem to Connect with l2tp windows and android HOT 1
- No internet after a while when connected to VPN HOT 4
- 客户端互ping不通 HOT 1
- Unable to Connect to Ikev2 protocol HOT 1
- Increase maximum no of simultansous connections using same ikev2 file HOT 5
- Can I generate files while adding a new user for ikev2 with encryption algorithm ed448 or ed25519? HOT 1
- Can I use nftables instead of iptables HOT 1
- 目前手机是华为鸿蒙4.0系统,可以使用华为手机自带vpn连接不,不使用第三方vpn HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-ipsec-vpn.