希望有人能帮助我,我正在尝试在 Google CLoud VPN 和 Palo Alto 之间设置 VPN。任何帮助都将不胜感激。这是我的日志:
D remote host is behind NAT
D authentication of '35.xxx.xxx.xxx' (myself) with pre-shared key
I establishing CHILD_SA vpn_103.xxx.xxx.xxx
D generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ]
D sending packet: from 35.xxx.xxx.xxx[4500] to 103.xxx.xxx.xxx[4500] (416 bytes)
D received packet: from 103.xxx.xxx.xxx[4500] to 35.xxx.xxx.xxx[4500] (80 bytes)
D parsed IKE_AUTH response 1 [ N(NO_PROP) ]
D IDr payload missing
D generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
D sending packet: from 35.xxx.xxx.xxx[4500] to 103.xxx.xxx.xxx[4500] (80 bytes)
D creating acquire job for policy with reqid {1}
I initiating IKE_SA vpn_103.xxx.xxx.xxx[159] to 103.xxx.xxx.xxx
D generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
D sending packet: from 35.xxx.xxx.xxx[500] to 103.xxx.xxx.xxx[500] (892 bytes)
D received packet: from 103.xxx.xxx.xxx[500] to 35.xxx.xxx.xxx[500] (38 bytes)
D parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
D peer didn't accept DH group MODP_2048, it requested MODP_1024
I initiating IKE_SA vpn_103.xxx.xxx.xxx[159] to 103.xxx.xxx.xxx
D generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
D sending packet: from 35.xxx.xxx.xxx[500] to 103.xxx.xxx.xxx[500] (764 bytes)
D received packet: from 103.xxx.xxx.xxx[500] to 35.xxx.xxx.xxx[500] (304 bytes)
D parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
D remote host is behind NAT
我注意到错误:“对等方不接受 DH 组 MODP_2048,它请求 MODP_1024”
我的对等设备(Palo Alto)有组 2(MODP_1024)。我的问题是,如何将 GCP 中的 DH 组设置为组 2(MODP_1024)?