使用 Strongswan IPSEC
eth0 IP 是 xx.xx.129.177(这是我们的公共 IP,也是当前发送请求的 IP),eth0 的网关是 xx.xx.128.1
eth0:1 IP 为 10.16.0.24/16 - 客户端希望此地址传递 TCP 请求并建立 SQL 连接,这是 eth0 的私有 IP 地址吗?我可以路由流量来使用它吗?
我不确定如何通过 eth0:1 路由流量,而且说实话,我也不确定我是否正在考虑使用防火墙规则正确路由,我尝试配置 vti,但到目前为止还没有成功。
我已经创建了 IP 地址,但无论如何,隧道已建立并处于活动状态
Status of IKE charon daemon (strongSwan 5.8.2, Linux 5.4.0-131-generic, x86_64):
uptime: 4 minutes, since Nov 09 09:23:28 2022
malloc: sbrk 3084288, mmap 0, used 1178368, free 1905920
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac h>
Listening IP addresses:
xx.xx.129.177
10.16.0.24
----------IPv6 addr
10.106.0.19
Connections:
ikev2-vpn: xx.xx.129.177...xx.xx.xx.xx IKEv2, dpddelay=45s
ikev2-vpn: local: [xx.xx.129.177] uses pre-shared key authentication
ikev2-vpn: remote: [xx.xx.xx.xx] uses pre-shared key authentication
ikev2-vpn: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
ikev2-vpn[3]: ESTABLISHED 103 seconds ago, xx.xx.129.177[xx.xx.129.177]...xx.xx.xx.xx[xx.xx.xx.xx]
ikev2-vpn[3]: IKEv2 SPIs: e230895c46f01cf6_i* c0858ade8e997bdc_r, rekeying disabled
ikev2-vpn[3]: IKE proposal: AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048_256
ikev2-vpn{2}: INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: c9c519ad_i de8973aa_o
ikev2-vpn{2}: AES_CBC_256/HMAC_SHA2_256_128, 132 bytes_i (3 pkts, 2s ago), 10601 bytes_o (37 pkts, 17s ago), rekeying disabled
ikev2-vpn{2}: 0.0.0.0/0 === 0.0.0.0/0