对 Azure 进行站点到站点 VPN,我的客户端私有 IP 可以发送流量吗?

对 Azure 进行站点到站点 VPN,我的客户端私有 IP 可以发送流量吗?

使用 Strongswan IPSEC

eth0 IP 是 xx.xx.129.177(这是我们的公共 IP,也是当前发送请求的 IP),eth0 的网关是 xx.xx.128.1

eth0:1 IP 为 10.16.0.24/16 - 客户端希望此地址传递 TCP 请求并建立 SQL 连接,这是 eth0 的私有 IP 地址吗?我可以路由流量来使用它吗?

我不确定如何通过 eth0:1 路由流量,而且说实话,我也不确定我是否正在考虑使用防火墙规则正确路由,我尝试配置 vti,但到目前为止还没有成功。

我已经创建了 IP 地址,但无论如何,隧道已建立并处于活动状态

Status of IKE charon daemon (strongSwan 5.8.2, Linux 5.4.0-131-generic, x86_64):
  uptime: 4 minutes, since Nov 09 09:23:28 2022
  malloc: sbrk 3084288, mmap 0, used 1178368, free 1905920
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
  loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac h>
Listening IP addresses:
  xx.xx.129.177
  10.16.0.24
  ----------IPv6 addr
 10.106.0.19
Connections:
   ikev2-vpn:  xx.xx.129.177...xx.xx.xx.xx  IKEv2, dpddelay=45s
   ikev2-vpn:   local:  [xx.xx.129.177] uses pre-shared key authentication
   ikev2-vpn:   remote: [xx.xx.xx.xx] uses pre-shared key authentication
   ikev2-vpn:   child:  0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
   ikev2-vpn[3]: ESTABLISHED 103 seconds ago, xx.xx.129.177[xx.xx.129.177]...xx.xx.xx.xx[xx.xx.xx.xx]
   ikev2-vpn[3]: IKEv2 SPIs: e230895c46f01cf6_i* c0858ade8e997bdc_r, rekeying disabled
   ikev2-vpn[3]: IKE proposal: AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048_256
   ikev2-vpn{2}:  INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: c9c519ad_i de8973aa_o
   ikev2-vpn{2}:  AES_CBC_256/HMAC_SHA2_256_128, 132 bytes_i (3 pkts, 2s ago), 10601 bytes_o (37 pkts, 17s ago), rekeying disabled
   ikev2-vpn{2}:   0.0.0.0/0 === 0.0.0.0/0

相关内容