치명적인 신호 15로 인해 IPSec VPN을 통한 L2TP 연결이 실패함

tag-icon tag-icon debian kde networkmanager l2tp
치명적인 신호 15로 인해 IPSec VPN을 통한 L2TP 연결이 실패함

KDE Plasma 5.14.5 및 커널 5.6.0-0.bpo.2-amd64가 포함된 Debian 10 Buster가 있습니다. IPSec을 통해 VPN L2TP에 연결하려고 합니다. 그런데 연결하려고 하면 뚜렷한 이유 없이 오류가 발생합니다. 치명적인 신호 15가 발생했다고 명시되어 있지만 다른 정보는 제공되지 않습니다.

Aug  3 15:22:53 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: death_handler: Fatal signal 15 received

이에 대해 도움을 주시면 정말 감사하겠습니다.

/var/log/syslog:

Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6103] audit: op="connection-activate" uuid="8313482f-d2cd-4e39-a18c-86b540d6a8e3" name="Work" pid=990 uid=1000 result="success"
Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6209] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: Started the VPN service, PID 1922
Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6283] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: Saw the service appear; activating connectio
n
Aug  3 15:22:35 ComputerOfLiza NetworkManager[627]: <info>  [1596457355.6332] audit: op="statistics" arg="refresh-rate-ms" pid=990 uid=1000 result="success"
Aug  3 15:22:35 ComputerOfLiza nm-l2tp-service[1922]: Check port 1701
Aug  3 15:22:35 ComputerOfLiza nm-l2tp-service[1922]: Can't bind to port 1701
Aug  3 15:22:35 ComputerOfLiza NetworkManager[1941]: Stopping strongSwan IPsec...
Aug  3 15:22:35 ComputerOfLiza charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.6.0-0.bpo.2-amd64, x86_64)
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[CFG] expanding file expression '/etc/ipsec.d/*.secrets' failed
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pe
m openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[JOB] spawning 16 worker threads
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 08[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 12[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 08[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 12[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 13[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 06[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 07[KNL] fe80::42e7:d46c:adef:f62f appeared on wlp0s20f3
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 13[KNL] 192.168.1.38 appeared on wlp0s20f3
Aug  3 15:22:35 ComputerOfLiza ipsec[822]: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:35 ComputerOfLiza ipsec[796]: charon stopped after 200 ms
Aug  3 15:22:35 ComputerOfLiza ipsec[796]: ipsec starter stopped
Aug  3 15:22:35 ComputerOfLiza systemd[1]: strongswan.service: Succeeded.
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: Starting strongSwan 5.7.2 IPsec [starter]...
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: Loading config setup
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: Loading conn '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:37 ComputerOfLiza NetworkManager[1938]: found netkey IPsec stack
Aug  3 15:22:37 ComputerOfLiza charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.6.0-0.bpo.2-amd64, x86_64)
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8313482f-d2cd-4e39-a18c-86b540d6a8e3.secrets'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG]   loaded IKE secret for %any
Aug  3 15:22:37 ComputerOfLiza charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug  3 15:22:37 ComputerOfLiza charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug  3 15:22:37 ComputerOfLiza charon: 00[JOB] spawning 16 worker threads
Aug  3 15:22:37 ComputerOfLiza charon: 05[CFG] received stroke: add connection '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:37 ComputerOfLiza charon: 05[CFG] added configuration '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] rereading secrets
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8313482f-d2cd-4e39-a18c-86b540d6a8e3.secrets'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG]   loaded IKE secret for %any
Aug  3 15:22:38 ComputerOfLiza charon: 08[CFG] received stroke: initiate '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:38 ComputerOfLiza charon: 11[IKE] initiating Main Mode IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] to 77.234.209.75
Aug  3 15:22:38 ComputerOfLiza charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Aug  3 15:22:38 ComputerOfLiza charon: 11[NET] sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (176 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 12[NET] received packet: from 77.234.209.75[500] to 192.168.1.38[500] (156 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received XAuth vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received DPD vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received FRAGMENTATION vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  3 15:22:38 ComputerOfLiza charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza charon: 12[NET] sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (244 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 13[NET] received packet: from 77.234.209.75[500] to 192.168.1.38[500] (236 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza charon: 13[IKE] local host is behind NAT, sending keep alives
Aug  3 15:22:38 ComputerOfLiza charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza charon: 13[NET] sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 14[NET] received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] established between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] scheduling reauthentication in 9724s
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] maximum IKE_SA lifetime 10264s
Aug  3 15:22:38 ComputerOfLiza charon: 14[ENC] generating QUICK_MODE request 2184681364 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 15:22:38 ComputerOfLiza charon: 14[NET] sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (188 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 15[NET] received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 15[ENC] parsed INFORMATIONAL_V1 request 2541531291 [ HASH N(NO_PROP) ]
Aug  3 15:22:38 ComputerOfLiza charon: 15[IKE] received NO_PROPOSAL_CHOSEN error notify
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: initiating Main Mode IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] to 77.234.209.75
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating ID_PROT request 0 [ SA V V V V V ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (176 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[500] to 192.168.1.38[500] (156 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed ID_PROT response 0 [ SA V V V V ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received NAT-T (RFC 3947) vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received XAuth vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received DPD vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received FRAGMENTATION vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[500] to 77.234.209.75[500] (244 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[500] to 192.168.1.38[500] (236 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: local host is behind NAT, sending keep alives
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating ID_PROT request 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed ID_PROT response 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] established between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: scheduling reauthentication in 9724s
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: maximum IKE_SA lifetime 10264s
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: generating QUICK_MODE request 2184681364 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (188 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received packet: from 77.234.209.75[4500] to 192.168.1.38[4500] (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: parsed INFORMATIONAL_V1 request 2541531291 [ HASH N(NO_PROP) ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: received NO_PROPOSAL_CHOSEN error notify
Aug  3 15:22:38 ComputerOfLiza NetworkManager[1991]: establishing connection '8313482f-d2cd-4e39-a18c-86b540d6a8e3' failed
Aug  3 15:22:39 ComputerOfLiza nm-l2tp-service[1922]: xl2tpd started with pid 1997
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Not looking for kernel SAref support.
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Using l2tp kernel support.
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: xl2tpd version xl2tpd-1.3.12 started on ComputerOfLiza PID:1997
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Inherited by Jeff McAdams, (C) 2002
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Listening on IP address 0.0.0.0, port 47189
Aug  3 15:22:39 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Connecting to host 77.234.209.75, port 1701
Aug  3 15:22:39 ComputerOfLiza NetworkManager[627]: <info>  [1596457359.0670] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: starting (3)
Aug  3 15:22:46 ComputerOfLiza PackageKit: get-updates transaction /205_aeabdccb from uid 1000 finished with success after 736ms
Aug  3 15:22:53 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: death_handler: Fatal signal 15 received
Aug  3 15:22:53 ComputerOfLiza NetworkManager[1997]: xl2tpd[1997]: Connection 0 closed to 77.234.209.75, port 1701 (Server closing)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <warn>  [1596457373.0812] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: failed: connect-failed (1)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <warn>  [1596457373.0813] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: failed: connect-failed (1)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <info>  [1596457373.0813] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: stopping (5)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[2003]: Stopping strongSwan IPsec...
Aug  3 15:22:53 ComputerOfLiza charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:53 ComputerOfLiza charon: 00[IKE] deleting IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1] between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:53 ComputerOfLiza charon: 00[IKE] sending DELETE for IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3[1]
Aug  3 15:22:53 ComputerOfLiza charon: 00[ENC] generating INFORMATIONAL_V1 request 2766966862 [ HASH D ]
Aug  3 15:22:53 ComputerOfLiza charon: 00[NET] sending packet: from 192.168.1.38[4500] to 77.234.209.75[4500] (84 bytes)
Aug  3 15:22:53 ComputerOfLiza nm-l2tp-service[1922]: ipsec shut down
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <info>  [1596457373.1879] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: stopped (6)
Aug  3 15:22:53 ComputerOfLiza NetworkManager[627]: <info>  [1596457373.1906] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN service disappeared
Aug  3 15:23:02 ComputerOfLiza NetworkManager[627]: <info>  [1596457382.2593] audit: op="statistics" arg="refresh-rate-ms" pid=990 uid=1000 result="success"

답변1

방금 비슷한 문제가 발생했는데, 이 게시물을 게시할 당시 Meraki는 "클라이언트 VPN OS 구성" 기사에 잘못된 2단계 값을 게시했습니다. Meraki 지원팀의 Gene Y.의 도움과 노력으로 우리는 올바른 2단계 알고리즘 값을 얻을 수 있었습니다.

aes128-sha1, 3des-sha1!

구성 항목의 잘못된 줄은 1단계에서 2단계로 값을 복사/붙여넣는 것입니다. Meraki는 아마도 올바른 값을 반영하기 위해 문서를 곧 업데이트할 것입니다. 하지만 저와 같은 치명적인 신호 15 오류가 발생하는 다른 사람이 이 게시물을 보고 문제가 해결된 경우를 대비해 말이죠.

답변2

KDE가 Gnome 패키지를 필요 network-manager-l2tp-gnome로 하는지는 분명하지 않았습니다.

답변3

아직 답변에 투표하거나 댓글을 달 수 없으므로 다음 답변으로 업데이트하세요.

이 글을 쓰는 날짜(2022년 1월 14일) 현재 Meraki는 구성 매뉴얼을 업데이트하지 않았습니다. 사용 중에 다음과 같은 상황이 발생합니다.

sudo tail -f /var/log/syslog

parsed INFORMATIONAL_V1 request 345001813 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection [redacted] failed
death_handler: Fatal signal 15 received

이 페이지를 찾았습니다. 다음 설정을 사용하면 나에게 효과적이었습니다.

Phase 1: aes128-sha1-modp1024,3des-sha1-modp1024!
Phase 2: aes128-sha1,3des-sha1!

관련 정보