![ipsec 重启后,StrongSwan IPsec PING 仅工作一次](https://linux22.com/image/722941/ipsec%20%E9%87%8D%E5%90%AF%E5%90%8E%EF%BC%8CStrongSwan%20IPsec%20PING%20%E4%BB%85%E5%B7%A5%E4%BD%9C%E4%B8%80%E6%AC%A1.png)
图解 VPN 站点到站点:
我创建了这样的 IP 路由:
sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1
我有这个 iptable 规则
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT
我究竟做错了什么?
答案1
尝试从规则中豁免 IPsec 流量MASQUERADE
:
sudo iptables -t nat -I POSTROUTING -o eth0 -m policy --pol ipsec --dir out -j ACCEPT