尝试使用 Strongswan 在同一台服务器上设置 L2TP 和 IKEv2

tag-icon tag-icon vpn ipsec strongswan l2tp
尝试使用 Strongswan 在同一台服务器上设置 L2TP 和 IKEv2

我尝试使用 Strongswan 在同一台服务器上设置 L2TP(用于我的 Android 手机)和 IKEv2(用于我的 Mac)

连接 L2TP 时出现以下错误,但 IKEv2 运行正常

Apr  4 06:41:41 server charon: 16[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
Apr  4 06:41:41 server charon: 16[IKE] no IKE config found for IP...IPb, sending NO_PROPOSAL_CHOSEN
Apr  4 06:41:41 server charon: 16[ENC] generating INFORMATIONAL_V1 request 3379933903 [ N(NO_PROP) ]
Apr  4 06:41:41 server charon: 16[NET] sending packet: from IP[500] to IPb[60789] (40 bytes)
Apr  4 06:41:44 server charon: 08[NET] received packet: from IPb[60789] to IP[500] (788 bytes)
Apr  4 06:41:44 server charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
Apr  4 06:41:44 server charon: 08[IKE] no IKE config found for IP...IPb, sending NO_PROPOSAL_CHOSEN
Apr  4 06:41:44 server charon: 08[ENC] generating INFORMATIONAL_V1 request 586602282 [ N(NO_PROP) ]
Apr  4 06:41:44 server charon: 08[NET] sending packet: from IP[500] to IPb[60789] (40 bytes)

这是我的配置文件:

#global configuration IPsec
#chron logger
config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

#define new ipsec connection

conn L2TP-PSK-noNAT
    dpdaction=clear
    authby=secret
    auto=add
    keyingtries=3
    ikelifetime=8h
    keylife=1h
    ike=aes256-sha1,aes128-sha1,3des-sha1
    type=transport
    left=IP
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any


conn ike-server
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=@hostname
    leftcert=fullchain.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-radius
    rightsourceip=10.15.1.0/24
    rightdns=1.1.1.1,1.0.0.1
    rightsendcert=never
    eap_identity=%identity

相关内容