xl2tpd.service: main process exited, code=exited, status=1/FAILURE

[hui-QY]

大佬可以帮忙看看吗 o(╥﹏╥)o

Describe the issue xl2tpd 启动失败

刚开始安装完是正常的，用华为手机连接测试没用题，用的 IKEv2 VPN 客户端方式连接

下午在win11上也是用IKEv2 VPN 客户端方式连接，第一次连接成功，用IP地址网站查看已经是VPN服务器的IP了，但网速很慢 google 都用不了

提示

无法建立计算机与 VPN 服务器之间的网络连接，因为远程服务器未响应，这可能是因为未将计算机,与远程服务器之间的某种网络设备(如防火墙、NAT、路由器等)配置为允许VPN 连接，请与管理员或服务提供商联系以确定哪种设备可能产生此问题,

然后在手机上也连接不了了 这是手机连接的日志

Jul 10 18:13:31 00[DMN] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Jul 10 18:13:31 00[DMN] Starting IKE service (strongSwan 5.9.13, Android 12 - LIO-AN00 4.2.0.120(SP1C00E100R5P4)/2021-10-05, LIO-AN00 - HUAWEI/LIO-AN00/HUAWEI, Linux 5.10.43, aarch64, org.strongswan.android)
Jul 10 18:13:31 00[LIB] providers loaded by OpenSSL: legacy default
Jul 10 18:13:31 00[LIB] loaded plugins: androidbridge charon android-log socket-default openssl nonce pkcs1 pem x509 xcbc kdf revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls
Jul 10 18:13:31 00[JOB] spawning 16 worker threads
Jul 10 18:13:31 06[CFG] loaded user certificate 'CN=vpnclient, O=IKEv2 VPN' and private key
Jul 10 18:13:31 06[CFG] loaded CA certificate 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jul 10 18:13:31 06[IKE] initiating IKE_SA android[1] to ip
Jul 10 18:13:31 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jul 10 18:13:31 06[NET] sending packet: from 10.1.27.31[53589] to ip[500] (464 bytes)
Jul 10 18:13:33 09[IKE] retransmit 1 of request with message ID 0
Jul 10 18:13:33 09[NET] sending packet: from 10.1.27.31[53589] to ip[500] (464 bytes)
Jul 10 18:13:33 10[NET] received packet: from ip[500] to 10.1.27.31[53589] (487 bytes)
Jul 10 18:13:33 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(FRAG_SUP) N(HASH_ALG) N(NATD_S_IP) N(NATD_D_IP) N(CHDLESS_SUP) CERTREQ ]
Jul 10 18:13:33 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jul 10 18:13:33 10[IKE] local host is behind NAT, sending keep alives
Jul 10 18:13:33 10[IKE] remote host is behind NAT
Jul 10 18:13:33 10[IKE] received cert request for "CN=IKEv2 VPN CA, O=IKEv2 VPN"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info@e-szigno.hu"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT"
Jul 10 18:13:33 10[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2"
Jul 10 18:13:33 10[IKE] sending cert request for "O=Cybertrust, Inc, CN=Cybertrust Global Root"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=Secure Global CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=SecureTrust CA"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3"
Jul 10 18:13:33 10[IKE] sending cert request for "O=TeliaSonera, CN=TeliaSonera Root CA v1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Networking"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Global G2 Root"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)"
Jul 10 18:13:33 10[IKE] sending cert request for "C=FR, O=Dhimyotis, CN=Certigna"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign"
Jul 10 18:13:33 10[IKE] sending cert request for "CN=Atos TrustedRoot 2011, O=Atos, C=DE"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011"
Jul 10 18:13:33 10[IKE] sending cert request for "C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Google Trust Services LLC, CN=GTS Root R4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=FI, O=Sonera, CN=Sonera Class2 CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA"
Jul 10 18:13:33 10[IKE] sending cert request for "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Amazon, CN=Amazon Root CA 4"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=CN, O=UniTrust, CN=UCA Extended Validation Root"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, O=IZENPE S.A., CN=Izenpe.com"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., 55:04:61=VATHU-23584497, CN=e-Szigno Root CA 2017"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HU, L=Budapest, O=NetLock Kft., OU=Tan??s??tv??nykiad??k (Certification Services), CN=NetLock Arany (Class Gold) F??tan??s??tv??ny"
Jul 10 18:13:33 10[IKE] sending cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, O=Trustis Limited, OU=Trustis FPS Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=RO, O=certSIGN, OU=certSIGN ROOT CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA"
Jul 10 18:13:33 10[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Jul 10 18:13:33 10[IKE] sending cert request for "C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Commercial"
Jul 10 18:13:33 10[IKE] sending cert request for "C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11"
Jul 10 18:13:33 10[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015"
Jul 10 18:13:33 10[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2"
Jul 10 18:13:33 10[IKE] sending cert request for "CN=IKEv2 VPN CA, O=IKEv2 VPN"
Jul 10 18:13:33 10[IKE] authentication of 'CN=vpnclient, O=IKEv2 VPN' (myself) with RSA_EMSA_PSS_SHA2_256_SALT_32 successful
Jul 10 18:13:33 10[IKE] sending end entity cert "CN=vpnclient, O=IKEv2 VPN"
Jul 10 18:13:33 10[IKE] establishing CHILD_SA android{1}
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jul 10 18:13:33 10[ENC] splitting IKE message (4384 bytes) into 4 fragments
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(1/4) ]
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(2/4) ]
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(3/4) ]
Jul 10 18:13:33 10[ENC] generating IKE_AUTH request 1 [ EF(4/4) ]
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:33 10[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:35 11[IKE] retransmit 1 of request with message ID 1
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:35 11[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:38 13[IKE] retransmit 2 of request with message ID 1
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:38 13[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:43 14[IKE] retransmit 3 of request with message ID 1
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (1364 bytes)
Jul 10 18:13:43 14[NET] sending packet: from 10.1.27.31[45943] to ip[4500] (516 bytes)
Jul 10 18:13:48 16[IKE] giving up after 3 retransmits
Jul 10 18:13:48 16[IKE] establishing IKE_SA failed, peer not responding
Jul 10 18:13:48 16[IKE] unable to terminate IKE_SA: ID 1 not found

xl2tpd 日志

[root@10-8-12-176 log]# grep xl2tpd /var/log/messages
Jul 10 10:44:04 10-8-12-176 yum[27104]: Installed: xl2tpd-1.3.15-1.el7.x86_64
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Not looking for kernel SAref support.
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Using l2tp kernel support.
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: xl2tpd version xl2tpd-1.3.15 started on 10-8-12-176 PID:31026
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Inherited by Jeff McAdams, (C) 2002
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jul 10 10:44:27 10-8-12-176 xl2tpd: xl2tpd[31026]: Listening on IP address 0.0.0.0, port 1701
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[31026]: death_handler: Fatal signal 15 received
Jul 10 18:41:12 10-8-12-176 systemd: xl2tpd.service: main process exited, code=exited, status=1/FAILURE
Jul 10 18:41:12 10-8-12-176 systemd: Unit xl2tpd.service entered failed state.
Jul 10 18:41:12 10-8-12-176 systemd: xl2tpd.service failed.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Not looking for kernel SAref support.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Using l2tp kernel support.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: xl2tpd version xl2tpd-1.3.15 started on 10-8-12-176 PID:26936
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Inherited by Jeff McAdams, (C) 2002
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jul 10 18:41:12 10-8-12-176 xl2tpd: xl2tpd[26936]: Listening on IP address 0.0.0.0, port 1701
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[26936]: death_handler: Fatal signal 15 received
Jul 10 19:01:35 10-8-12-176 systemd: xl2tpd.service: main process exited, code=exited, status=1/FAILURE
Jul 10 19:01:35 10-8-12-176 systemd: Unit xl2tpd.service entered failed state.
Jul 10 19:01:35 10-8-12-176 systemd: xl2tpd.service failed.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Not looking for kernel SAref support.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Using l2tp kernel support.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: xl2tpd version xl2tpd-1.3.15 started on 10-8-12-176 PID:30038
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Forked by Scott Balmos and David Stipp, (C) 2001
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Inherited by Jeff McAdams, (C) 2002
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jul 10 19:01:35 10-8-12-176 xl2tpd: xl2tpd[30038]: Listening on IP address 0.0.0.0, port 1701

一部分pluto日志

Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2> #1: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2> #2: ESP traffic information: in=0B out=0B
Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2> #1: deleting IKE SA (established IKE SA)
Jul 10 19:11:12 10-8-12-176 pluto[30007]: "ikev2-cp"[1] <ip2>: deleting connection instance with peer <ip2>
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: processed IKE_SA_INIT request from <ip>:UDP/29988 {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Jul 10 19:16:20 10-8-12-176 pluto[30007]: adding the CA+root cert O=IKEv2 VPN,CN=IKEv2 VPN CA
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: responder established IKE SA; authenticated peer certificate 'CN=vpnclient, O=IKEv2 VPN' and 3072-bit PKCS#1 1.5 RSA with SHA1 signature issued by 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #4: proposal 1:ESP=AES_GCM_C_128-ESN:NO SPI=f504488e chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=NO[first-match]
Jul 10 19:16:20 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0/0===192.168.43.10/32] {ESPinUDP=>0xf504488e <0xe35681f9 xfrm=AES_GCM_16_128-NONE NATD=<ip>:29990 DPD=active}
Jul 10 19:16:21 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:22 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: processed IKE_SA_INIT request from <ip>:UDP/29988 {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: responder established IKE SA; authenticated peer certificate 'CN=vpnclient, O=IKEv2 VPN' and 3072-bit PKCS#1 1.5 RSA with SHA1 signature issued by 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #6: proposal 1:ESP=AES_GCM_C_128-ESN:NO SPI=cc1631ba chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=NO[first-match]
Jul 10 19:16:27 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0/0===192.168.43.10/32] {ESPinUDP=>0xcc1631ba <0x4c5ec9a7 xfrm=AES_GCM_16_128-NONE NATD=<ip>:29990 DPD=active}
Jul 10 19:16:28 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:29 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Jul 10 19:16:57 10-8-12-176 pluto[30007]: | adding INFORMATIONAL request to IKE SA #5's message queue
Jul 10 19:16:58 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jul 10 19:16:58 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jul 10 19:16:59 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jul 10 19:17:01 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jul 10 19:17:05 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jul 10 19:17:13 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jul 10 19:17:29 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jul 10 19:18:01 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jul 10 19:19:05 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jul 10 19:21:13 10-8-12-176 pluto[30007]: "ikev2-cp"[2] <ip> #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jul 10 19:21:27 10-8-12-176 pluto[30007]: freeing root certificate cache
[root@10-8-12-176 log]# grep pluto /var/log/secure |grep err
Jul 10 17:47:23 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:47:51 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:48:24 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:49:03 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:49:04 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:49:05 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Get SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 17:50:27 10-8-12-176 pluto[31183]: ERROR: "ikev2-cp"[3] <ip> #12: netlink response for Del SA esp.2efe02a@<ip>: No such process (errno 3)
Jul 10 18:53:16 10-8-12-176 pluto[26858]: "ikev2-cp"[2] <ip3> #5: encountered fatal error in state STATE_V2_PARENT_R0
Jul 10 18:53:20 10-8-12-176 pluto[26858]: "ikev2-cp"[3] <ip4> #7: encountered fatal error in state STATE_V2_PARENT_R0

[hui-QY]

这是Linux 系统版本 [root@10-8-12-176 log]# uname -a Linux 10-8-12-176 4.19.188-10.el7.ucloud.x86_64 #1 SMP Wed Apr 28 09:54:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux [root@10-8-12-176 log]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)

[hwdsl2]

@hui-QY 你好！根据你的描述，xl2tpd 的这个错误信息可以忽略，因为它是服务退出时的正常的日志。另外在通过 IKEv2 模式连接时，不使用 xl2tpd 服务。对于你遇到的问题，根据日志中的 retransmission 等错误来看，可能是 VPN 连接被防火墙比如 GFW 屏蔽或干扰了。对于此用例，你可以另外尝试其他解决方案，比如 Shadowsocks。

[hui-QY]

@hwdsl2 好的，谢谢^_^