图解 VPN 站点到站点:
我创建了这样的 IP 路由:
sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1
我有这个 iptable 规则
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -m policy --pol ipsec --dir in -j ACCEPT
我究竟做错了什么?
答案1
尝试从规则中豁免 IPsec 流量MASQUERADE:
sudo iptables -t nat -I POSTROUTING -o eth0 -m policy --pol ipsec --dir out -j ACCEPT