我在这种拓扑
并且我分别设置了左服务器和右服务器的racoon。
左服务器的/etc/racoon/racoon.conf配置:
remote 1001::2 {
exchange_mode main,aggressive;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
# generate_policy off;
}
#
sainfo address 2001:123::/64[any] any address 2002:123::/64[any] any {
pfs_group 2;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
离开服务器/etc/racoon/psk.txt配置:
1001::2 P@ssworD
左服务器/etc/ipsec-tools.conf配置:
flush;
spdflush;
## Some sample SPDs for use racoon
#
spdadd 2001:123::/64 2002:123::/64 any -P out ipsec
esp/tunnel/1001::1-1001::2/require;
#
spdadd 2002:123::/64 2001:123::/64 any -P in ipsec
esp/tunnel/1001::2-1001::1/require;
正确的服务器也设置了不同的IP地址,并显示以下错误。
Feb 27 10:24:04 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:24:04 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[4500] (Cannot assign requested address).
Feb 27 10:55:52 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:55:52 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[500] (Cannot assign requested address).
Feb 27 10:55:52 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:55:52 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[4500] (Cannot assign requested address).
Feb 27 10:57:49 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:57:49 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[500] (Cannot assign requested address).
Feb 27 10:57:49 security-appliance racoon[13697]: ERROR: privsep_bind (Cannot assign requested address) = -1
Feb 27 10:57:49 security-appliance racoon[13697]: [2001:123::] ERROR: failed to bind to address 2001:123::[4500] (Cannot assign requested address).
如何将 2001:123::/64 计算机的 ICMP6 发送到 2002:123::/64 计算机?
答案1
左侧服务器中的 IPv6 路由:
~# ip -6 route add 2002:123::/64 via 1001::2
右侧服务器中的 IPv6 路由:
~# ip -6 route add 2001:123::/64 via 1001::1