我需要使用一台服务器(不是“strong swan”)创建站点到站点 VPN。我按照这篇文章做了所有事情https://blog.ruanbekker.com/blog/2018/02/11/setup-a-site-to-site-ipsec-vpn-with-strongswan-and-preshared-key-authentication/
config setup
uniqueids=no
charondebug="cfg 2, dmn 2, ike 2, net 0"
conn %default
ikelifetime=86400s
keylife=3600s
#rekeymargin=3m
reauth=yes
rekey=yes
rekeyfuzz=0%
keyingtries=0
dpdaction=none
authby=psk
conn ToACB
authby=secret
keyexchange=ikev1
left=188.77.64.128
leftsubnet=10.133.78.0/24
leftid=188.77.64.128
leftfirewall=yes
right=82.11.134.146
rightsubnet=10.3.1.0/24
rightid=82.11.134.146
#type=tunnel
ike=aes256-sha-modp1536!
esp=aes256-sha-modp1536!
aggressive=no
auto=start
sudo cat /etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
188.77.64.128 82.11.134.146 : PSK "test77"
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 188.166.64.128 netmask 255.255.192.0 broadcast 188.166.127.255
inet6 fe80::e8ec:8bff:fe55:79db prefixlen 64 scopeid 0x20<link>
ether ea:ec:8b:55:79:db txqueuelen 1000 (Ethernet)
RX packets 18737 bytes 82207417 (82.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16074 bytes 1375834 (1.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 144 bytes 11958 (11.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 144 bytes 11958 (11.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我没有配置任何 NAT 规则,例如 MASQUERADE
答案1
IKE SA 是否会首先出现? 可能不会。
如果没有,则在终止接口上执行 tcpdump 以查看数据包是否到达。
如果是这种情况,并且存在某种协商失败,那么您可以检查 /var/log/ 或 /var/log/pluto 并发布您在那里发现的内容