ipsec verify 指示错误“没有隧道启动”

tag-icon tag-icon ubuntu-14.04 ipsec openswan
ipsec verify 指示错误“没有隧道启动”

我刚刚在 Ubuntu14 上安装了 openswan。我正尝试连接到我工作的 VPN(顺便说一下,我可以访问防火墙/VPN)。当我执行

/usr/sbin/ipsec verify

我得到以下信息:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.38/K4.4.0-53-generic (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
  NETKEY:  Testing XFRM related proc values                     [OK]
[OK]
 [OK]
Hardware RNG detected, testing if used properly                 [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                              [FAILED]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                                 [WARNING]
Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support 
                       [DISABLED]

当我做

/etc/init.d# /etc/init.d/ipsec status

我得到以下

IPsec running  - pluto pid: 7702
pluto pid 7702
No tunnels up

但是,我没有连接到 VPN

这是我的 ipsec.conf

config setup

    dumpdir=/var/run/pluto/
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    #        nat_traversal=yes
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    # It seems that T-Mobile in the US and Rogers/Fido in Canada are
    # using 25/8 as "private" address space on their 3G network.
    # This range has not been announced via BGP (at least upto 2010-12-21)
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
    # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. auto will try netkey, then klips then mast
    #protostack=netkey
    # Use this to log to a file, or disable logging on embedded systems (like openwrt)
    plutostderrlog=/var/log/pluto
    plutodebug="all"
    protostack=netkey

这是 ipsec.secrets

@admin : XAUTH  "xxxxxxxx"
%any   example.net   : PSK "xxxxxxxx"ny

我还在 pluto.log 中收到以下错误

ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type   already exists
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
| ESP registered with kernel.

任何帮助将不胜感激。

答案1

我通过删除来解决这个问题

esp=aes256-sha256,modp1536

并添加

ike=aes256-sha1,aes128-sha1,3des-sha1

相关内容