hwdsl2
commented
2 years ago @yyysuo 你好!xl2tpd 日志中一般不应该出现未知 IP 的连接请求,从日志来看,有可能是你的服务器受到了攻击。
脚本默认添加的 IPTables 规则不允许未经 IPsec 加密的 L2TP 连接,所以正常情况下,L2TP 日志不应该出现未知 IP。如果你在安装后没有修改 IPTables 规则,可能是你的 IPsec PSK 设置过于简单。一个安全的 PSK 必须至少包含 20 个随机字符。建议你删除并重新创建 VPN 容器,设置一个安全的 PSK 和密码。
要启用 Docker 容器中的 Libreswan 日志,你可以参见这里 [1]。请注意,只有新的连接会被日志记录。
重现步骤 重现该 bug 的步骤: 有一定的机率重现,并非能每次重现。
问题解决方法:重启容器后问题解决。
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)
日志(隐私信息已替换): xl2tpd[1]: Using l2tp kernel support. xl2tpd[1]: xl2tpd version xl2tpd-1.3.16 started on f629711e053a PID:1 xl2tpd[1]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[1]: Listening on IP address 0.0.0.0, port 1701 xl2tpd[1]: Connection established to 我的IP, 1701. Local: 56814, Remote: 3 (ref=0/0). LNS session is 'default' xl2tpd[1]: start_pppd: I'm running: xl2tpd[1]: "/usr/sbin/pppd" xl2tpd[1]: "plugin" xl2tpd[1]: "pppol2tp.so" xl2tpd[1]: "pppol2tp" xl2tpd[1]: "7" xl2tpd[1]: "pppol2tp_lns_mode" xl2tpd[1]: "pppol2tp_tunnel_id" xl2tpd[1]: "56814" xl2tpd[1]: "pppol2tp_session_id" xl2tpd[1]: "20621" xl2tpd[1]: "passive" xl2tpd[1]: "nodetach" xl2tpd[1]: "192.168.42.1:192.168.42.10" xl2tpd[1]: "refuse-pap" xl2tpd[1]: "auth" xl2tpd[1]: "require-chap" xl2tpd[1]: "name" xl2tpd[1]: "l2tpd" xl2tpd[1]: "file" xl2tpd[1]: "/etc/ppp/options.xl2tpd" xl2tpd[1]: Call established with 我的IP, PID: 143, Local: 20621, Remote: 1, Serial: 0 xl2tpd[1]: Maximum retries exceeded for tunnel 9637. Closing. xl2tpd[1]: Connection 35 closed to 146.88.240.4, port 1701 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 9637. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 51037. Closing. xl2tpd[1]: Connection 2 closed to 8.142.144.60, port 36298 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 51037. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 32035. Closing. xl2tpd[1]: Connection 2 closed to 8.142.147.157, port 56334 (Timeout) xl2tpd[1]: control_finish: Peer requested tunnel 2 twice, ignoring second one. xl2tpd[1]: Unable to deliver closing message for tunnel 32035. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 24198. Closing. xl2tpd[1]: Connection 2 closed to 8.142.147.211, port 57500 (Timeout) xl2tpd[1]: Maximum retries exceeded for tunnel 10613. Closing. xl2tpd[1]: Connection 2 closed to 8.142.147.157, port 41132 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 24198. Destroying anyway. xl2tpd[1]: Unable to deliver closing message for tunnel 10613. Destroying anyway. xl2tpd[1]: control_finish: Peer requested tunnel 2 twice, ignoring second one. xl2tpd[1]: Maximum retries exceeded for tunnel 16439. Closing. xl2tpd[1]: Connection 2 closed to 8.142.143.140, port 53529 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 16439. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 19360. Closing. xl2tpd[1]: Connection 2 closed to 8.142.132.217, port 34805 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 19360. Destroying anyway. xl2tpd[1]: control_finish: Connection closed to 我的IP, serial 0 () xl2tpd[1]: Terminating pppd: sending TERM signal to pid 143 xl2tpd[1]: control_finish: Connection closed to 我的IP, port 1701 (), Local: 56814, Remote: 3 xl2tpd[1]: Connection established to 我的IP, 1701. Local: 37664, Remote: 4 (ref=0/0). LNS session is 'default' xl2tpd[1]: start_pppd: I'm running: xl2tpd[1]: "/usr/sbin/pppd" xl2tpd[1]: "plugin" xl2tpd[1]: "pppol2tp.so" xl2tpd[1]: "pppol2tp" xl2tpd[1]: "7" xl2tpd[1]: "pppol2tp_lns_mode" xl2tpd[1]: "pppol2tp_tunnel_id" xl2tpd[1]: "37664" xl2tpd[1]: "pppol2tp_session_id" xl2tpd[1]: "10305" xl2tpd[1]: "passive" xl2tpd[1]: "nodetach" xl2tpd[1]: "192.168.42.1:192.168.42.10" xl2tpd[1]: "refuse-pap" xl2tpd[1]: "auth" xl2tpd[1]: "require-chap" xl2tpd[1]: "name" xl2tpd[1]: "l2tpd" xl2tpd[1]: "file" xl2tpd[1]: "/etc/ppp/options.xl2tpd" xl2tpd[1]: Call established with 我的IP, PID: 177, Local: 10305, Remote: 1, Serial: 0 xl2tpd[1]: control_finish: Connection closed to 我的IP, serial 0 () xl2tpd[1]: Terminating pppd: sending TERM signal to pid 177 xl2tpd[1]: control_finish: Connection closed to 我的IP, port 1701 (), Local: 37664, Remote: 4 xl2tpd[1]: handle_avps: AVP received with length > remaining packet length! xl2tpd[1]: Connection -1 closed to 39.103.203.48, port 34376 (Invalid AVP length) xl2tpd[1]: Unable to deliver closing message for tunnel 50625. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 7160. Closing. xl2tpd[1]: Connection 2 closed to 39.103.234.86, port 43750 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 7160. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 32840. Closing. xl2tpd[1]: Connection 2 closed to 8.142.143.140, port 58142 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 32840. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 33075. Closing. xl2tpd[1]: Connection 2 closed to 8.142.149.230, port 52815 (Timeout) xl2tpd[1]: Unable to deliver closing message for tunnel 33075. Destroying anyway. xl2tpd[1]: control_finish: Peer did not specify assigned tunnel ID. Closing. xl2tpd[1]: Connection 0 closed to 154.88.26.229, port 43384 (Specify your assigned tunnel ID) xl2tpd[1]: Unable to deliver closing message for tunnel 50868. Destroying anyway. xl2tpd[1]: Maximum retries exceeded for tunnel 12014. Closing. xl2tpd[1]: Connection 1 closed to 154.88.26.229, port 38476 (Timeout)