我的 Racoon 配置有什么问题？

2024-5-31 • tag-icon

我在这种拓扑

并且我分别设置了左服务器和右服务器的racoon。

左服务器的/etc/racoon/racoon.conf配置：

remote 1001::2 {
    exchange_mode main,aggressive;
    proposal {
            encryption_algorithm 3des;
            hash_algorithm sha1;
            authentication_method pre_shared_key;
            dh_group 2;
    }
#        generate_policy off;
}
#
sainfo address 2001:123::/64[any] any address 2002:123::/64[any] any {
    pfs_group 2;
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
}

离开服务器/etc/racoon/psk.txt配置：

1001::2         P@ssworD

左服务器/etc/ipsec-tools.conf配置：

 flush;
 spdflush;

## Some sample SPDs for use racoon
#
 spdadd 2001:123::/64 2002:123::/64 any -P out ipsec
    esp/tunnel/1001::1-1001::2/require;
#
 spdadd 2002:123::/64 2001:123::/64 any -P in ipsec
    esp/tunnel/1001::2-1001::1/require;

正确的服务器也设置了不同的IP地址，并显示以下错误。

Feb 27 10:24:04 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:24:04 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[4500] (Cannot assign requested address).
Feb 27 10:55:52 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:55:52 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[500] (Cannot assign requested address).
Feb 27 10:55:52 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:55:52 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[4500] (Cannot assign requested address).
Feb 27 10:57:49 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:57:49 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[500] (Cannot assign requested address).
Feb 27 10:57:49 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:57:49 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[4500] (Cannot assign requested address).

如何将 2001:123::/64 计算机的 ICMP6 发送到 2002:123::/64 计算机？

答案1

左侧服务器中的 IPv6 路由：

~# ip -6 route add 2002:123::/64 via 1001::2

右侧服务器中的 IPv6 路由：

~# ip  -6 route add 2001:123::/64 via 1001::1

答案1

相关内容