在具有以下配置的 ubuntu-14.04 LTS 系统上创建 vti 隧道/接口时,我看到错误Keys are not allowed with ipip and sit tunnels。
我已经做了apt-get install iproute2*并更新了..但是
root@server:/usr/local/etc#
root@server:/usr/local/etc# uname -a
Linux server 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
root@server:/usr/local/etc# ip tunnel add vti1 mode vti local 10.80.90.65 remote 2.2.2.34 okey 32 ikey 32
Keys are not allowed with ipip and sit tunnels
root@server:/usr/local/etc# ^C
root@server:/usr/local/etc# uname -a
Linux server 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
root@server:/usr/local/etc# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
root@server:/usr/local/etc# ip tunnel add vti1 mode vti local 10.80.90.65 remote 2.2.2.34 okey 32 ikey 32
Keys are not allowed with ipip and sit tunnels
root@server:/usr/local/etc#
==============================================================
the following is the man-help of the ip tunnel command on this system:
root@server:/usr/local/etc# ip tunnel help
Usage: ip tunnel { add | change | del | show | prl | 6rd } [ NAME ]
[ mode { ipip | gre | sit | isatap | vti } ] [ remote ADDR ] [ local ADDR ]
[ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
[ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]
[ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]
[ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]
Where: NAME := STRING
ADDR := { IP_ADDRESS | any }
TOS := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff }
TTL := { 1..255 | inherit }
KEY := { DOTTED_QUAD | NUMBER }
root@server:/usr/local/etc#
我遗漏了什么?我还需要做什么?
答案1
ikey 和 okey 是指特定 GRE(通用路由封装)隧道功能的选项,用于标记两个端点之间的流量。这不是加密,只是在 GRE 封装数据包内沿隧道传输的标签。
相反,VTI 不是一种封装,它是特定 Linux 系统上的本地功能,主要用于将特定的 IPsec 策略应用于通过它的流量。
因此,总而言之,没有必要将 (i|o)key 和 (i|o)seq 与 VTI 一起使用,因为它根本不会执行任何操作。