search

quericy / one-key-ikev2-vpn

A bash script base on Centos or Ubuntu help you to create IKEV2/L2TP vpn.
GNU General Public License v3.0
2.1k stars 708 forks source link

无法建立计算机与 VPN 服务器之间的网络连接 #96

Open choyri opened 7 years ago

choyri commented 7 years ago

原谅我不知标题写什么好。

在两个不同的运营商环境下测试,一个正常,另一个失败。 错误提示为:无法建立计算机与 VPN 服务器之间的网络连接,balabala…

这是运营商的限制吗,😭。

以下是日志:

Apr 28 11:04:47 localhost charon: 14[NET] received packet: from 客户端IP[5321] to 服务端IP[500] (880 bytes)
Apr 28 11:04:47 localhost charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Apr 28 11:04:47 localhost charon: 14[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Apr 28 11:04:47 localhost charon: 14[IKE] received MS-Negotiation Discovery Capable vendor ID
Apr 28 11:04:47 localhost charon: 14[IKE] received Vid-Initial-Contact vendor ID
Apr 28 11:04:47 localhost charon: 14[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:手动打码:2a:51:00:00:00:02
Apr 28 11:04:47 localhost charon: 14[IKE] 客户端IP is initiating an IKE_SA
Apr 28 11:04:47 localhost charon: 14[IKE] local host is behind NAT, sending keep alives
Apr 28 11:04:47 localhost charon: 14[IKE] remote host is behind NAT
Apr 28 11:04:47 localhost charon: 14[IKE] sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Apr 28 11:04:47 localhost charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Apr 28 11:04:47 localhost charon: 14[NET] sending packet: from 服务端IP[500] to 客户端IP[5321] (333 bytes)
Apr 28 11:05:07 localhost charon: 12[IKE] sending keep alive to 客户端IP[5321]
Apr 28 11:05:17 localhost charon: 06[JOB] deleting half open IKE_SA after timeout

☝ 注:在此环境下,客户端可以正常连接另一台 Windows 的 PPTP 服务器。

Apr 28 11:09:33 localhost charon: 05[NET] received packet: from 另一个客户端IP[3142] to 服务端IP[500] (880 bytes)
Apr 28 11:09:33 localhost charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Apr 28 11:09:33 localhost charon: 05[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Apr 28 11:09:33 localhost charon: 05[IKE] received MS-Negotiation Discovery Capable vendor ID
Apr 28 11:09:33 localhost charon: 05[IKE] received Vid-Initial-Contact vendor ID
Apr 28 11:09:33 localhost charon: 05[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:手动打码:2a:51:00:00:00:02
Apr 28 11:09:33 localhost charon: 05[IKE] 另一个客户端IP is initiating an IKE_SA
Apr 28 11:09:33 localhost charon: 05[IKE] local host is behind NAT, sending keep alives
Apr 28 11:09:33 localhost charon: 05[IKE] remote host is behind NAT
Apr 28 11:09:33 localhost charon: 05[IKE] sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Apr 28 11:09:33 localhost charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Apr 28 11:09:33 localhost charon: 05[NET] sending packet: from 服务端IP[500] to 另一个客户端IP[3142] (333 bytes)
Apr 28 11:09:33 localhost charon: 11[NET] received packet: from 另一个客户端IP[3143] to 服务端IP[4500] (1276 bytes)
balabala...
wanghe826 commented 7 years ago

我也出现了这个问题,还是没有解决

choyri commented 7 years ago

@wanghe826 啊,三个多月过去了…… 我已经放弃研究这个,毕竟失败的情况就一种。作者消失好久,orz。

wanghe826 commented 7 years ago

我之前使用自签名的证书在win下面导入证书进行vpn连接是没有问题的,这两天将服务器的证书给为SSL的了,然后在win下面把之前的证书删掉,点连接就出现了这个错误,不知道为什么啊。。

wanghe826 commented 7 years ago

修改注册表的方式你试过了吗?

choyri commented 7 years ago

@wanghe826 那可能与我这种情况不同呢,你看下日志。 我这个看日志就是说超时了,没收到客户端返回的包,不知是不是服务端的 500 端口在这种网络环境下被咔擦了。

nxtreaming commented 7 years ago

此问题与传输线路有关系。几乎是无解的。

Productive. Reliable. Fast.

On Thu, Aug 24, 2017 at 1:39 PM, wanghe826 notifications@github.com wrote:

我也出现了这个问题,还是没有解决

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/quericy/one-key-ikev2-vpn/issues/96#issuecomment-324538299, or mute the thread https://github.com/notifications/unsubscribe-auth/AC9tC3my7bCNkKJSjYFk7EU6NwdUjhQLks5sbQyagaJpZM4NLBLr .

choyri commented 7 years ago

@nxtreaming 噢哦,多谢啦。

nxtreaming commented 7 years ago

我们之前遇到的情况是同一个出口线路,但内网中有的办公环境中由于中间多了两台路由器和hub,就导致没法vpn的情况。

Productive. Reliable. Fast.

On Thu, Aug 24, 2017 at 3:25 PM, choyri notifications@github.com wrote:

@nxtreaming https://github.com/nxtreaming 噢哦,多谢啦。

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/quericy/one-key-ikev2-vpn/issues/96#issuecomment-324555769, or mute the thread https://github.com/notifications/unsubscribe-auth/AC9tC5XJxDoWmwMyeH57pPIt4dqpi4pqks5sbSWBgaJpZM4NLBLr .