SIP 客户端和 PCSCF 之间的 IPSEC 连接。ESP 报头未出现。IPsec 不适用于报头

tag-icon tag-icon networking vpn ipsec
SIP 客户端和 PCSCF 之间的 IPSEC 连接。ESP 报头未出现。IPsec 不适用于报头

我想创建 SIPP 脚本来创建场景,使用以下内容在 UE 和 PCSCF 之间建立 IPSEC 连接;

例如:-

setkey -c << EOF
spdadd $pcscf/32[$port_pc] $ue/32[$port_us] tcp -P in ipsec esp/transport//require ;
spdadd $pcscf/32[$port_pc] $ue/32[$port_us] udp -P in ipsec esp/transport//require ;
add $pcscf $ue esp $spi_us -m transport -E $ealg $ck -A $alg $ik
EOF

已创建 4 SA,我使用 setkey -D 进行了检查。

192.168.137.98 192.168.137.39 
    esp mode=transport spi=1024(0x00000400) reqid=16625(0x000040f1)
    E: 3des-cbc  d0c1e6cd d58c07f7 fe4a6715 83d60210 d0c1e6cd d58c07f7
    A: hmac-md5  320fe4a8 ab88a62d f406ccb9 76346602
    seq=0x00000000 replay=4 flags=0x00000000 state=mature 
    created: Jun 24 17:01:11 2019   current: Jun 24 17:01:22 2019
    diff: 11(s) hard: 0(s)  soft: 0(s)
    last:                       hard: 0(s)  soft: 0(s)
    current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
    allocated: 0    hard: 0 soft: 0
    sadb_seq=1 pid=9623 refcnt=0
192.168.137.98 192.168.137.39 
    esp mode=transport spi=2048(0x00000800) reqid=16624(0x000040f0)
    E: 3des-cbc  d0c1e6cd d58c07f7 fe4a6715 83d60210 d0c1e6cd d58c07f7
    A: hmac-md5  320fe4a8 ab88a62d f406ccb9 76346602
    seq=0x00000000 replay=4 flags=0x00000000 state=mature 
    created: Jun 24 17:01:11 2019   current: Jun 24 17:01:22 2019
    diff: 11(s) hard: 0(s)  soft: 0(s)
    last:                       hard: 0(s)  soft: 0(s)
    current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
    allocated: 0    hard: 0 soft: 0
    sadb_seq=2 pid=9623 refcnt=0
192.168.137.39 192.168.137.98 
    esp mode=transport spi=147047421(0x08c3c3fd) reqid=16623(0x000040ef)
    E: 3des-cbc  d0c1e6cd d58c07f7 fe4a6715 83d60210 d0c1e6cd d58c07f7
    A: hmac-md5  320fe4a8 ab88a62d f406ccb9 76346602
    seq=0x00000000 replay=4 flags=0x00000000 state=mature 
    created: Jun 24 17:01:11 2019   current: Jun 24 17:01:22 2019
    diff: 11(s) hard: 0(s)  soft: 0(s)
    last:                       hard: 0(s)  soft: 0(s)
    current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
    allocated: 0    hard: 0 soft: 0
    sadb_seq=3 pid=9623 refcnt=0
192.168.137.39 192.168.137.98 
    esp mode=transport spi=70783604(0x04381274) reqid=16622(0x000040ee)
    E: 3des-cbc  d0c1e6cd d58c07f7 fe4a6715 83d60210 d0c1e6cd d58c07f7
    A: hmac-md5  320fe4a8 ab88a62d f406ccb9 76346602
    seq=0x00000000 replay=4 flags=0x00000000 state=mature 
    created: Jun 24 17:01:11 2019   current: Jun 24 17:01:22 2019
    diff: 11(s) hard: 0(s)  soft: 0(s)
    last:                       hard: 0(s)  soft: 0(s)
    current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
    allocated: 0    hard: 0 soft: 0
    sadb_seq=0 pid=9623 refcnt=0

但是当我从安全 UE 客户端端口向 PCSCF 安全服务器端口发送第二个注册时。它没有发送 ESP 数据包。请帮忙。如果您需要更多信息。我可以提供。

相关内容