编辑

编辑

我正在使用带有 dnsmasq 的 DHCP 插件。

$ cat /etc/dnsmasq.d/01-dhcp-loopback.conf
interface=lo
dhcp-range=10.0.2.10,10.0.2.254,255.255.255.0
port=0
$ cat /etc/ipsec.conf
config setup
  charondebug="ike -1, knl -1, cfg -1"
  uniqueids=never

conn ikev2
  auto=add
  compress=no
  type=tunnel
  keyexchange=ikev2
  fragmentation=yes
  forceencaps=yes
  ike=aes256gcm16-prfsha512-ecp384!
  esp=aes256gcm16-ecp384!
  dpdaction=clear
  dpddelay=300s
  rekey=no
  left=%any
  leftid=my-vpn.com
  leftcert=vpn-server.crt
  leftsendcert=always
  leftsubnet=0.0.0.0/0
  right=%any
  rightid=%any
  rightauth=eap-tls
  rightdns=1.1.1.1,1.0.0.1
  rightsourceip=%dhcp
  rightsendcert=never
  eap_identity=%identity

编辑

我能够通过将以下内容添加到 来修复该问题/etc/network/interfaces

auto eth0:1
iface eth0:1 inet static
  address 10.0.2.1/24

话虽如此,我很想知道这是否是解决问题的正确方法。

答案1

使用虚拟接口与...解决了这个问题lo

/etc/network/interfaces通过将以下内容附加到并使用 启用接口来创建虚拟接口ifup strongswan0

auto strongswan0
iface strongswan0 inet static
  address 10.0.2.1/24
  pre-up ip link add strongswan0 type dummy

/etc/dnsmasq.d/01-dhcp-loopback.conf然后,我不再创建 ,而是创建/etc/dnsmasq.d/01-dhcp-strongswan.conf

$ cat /etc/dnsmasq.d/01-dhcp-loopback.conf
interface=strongswan0
dhcp-range=10.0.2.10,10.0.2.254,255.255.255.0
port=0

最后我在中配置了strongswan0vs。lo/etc/strongswan.d/charon-logging.conf

$ cat /etc/strongswan.d/charon/dhcp.conf
dhcp {
    force_server_address = yes
    identity_lease = yes
    interface = strongswan0
    load = yes
    server = 10.0.2.1
}

相关内容