我正在尝试在两个 Linux 系统之间设置 IPsec 连接。我已经启用了内核选项IPsec Howto 中提到。
我已经设置了setkey这样的脚本:
#! /usr/sbin/setkey -vf
add 192.168.210.1 192.168.210.2 esp 24501 -E 3des-cbc "123456789012123456789012";
add 192.168.210.1 192.168.210.2 ah 24500 -A hmac-md5 "1234567890123456";
结果返回“不支持协议”(详细信息如下)。我已经使用以下方法仔细检查了内核设置/proc/config.gz:howto 中提到的每个选项都有一个“y”。我还可能缺少什么?
# /flash/ipsec
sadb_msg{ version=2 type=3 errno=0 satype=3
len=16 reserved=0 seq=0 pid=23105
sadb_ext{ len=4 type=9 }
sadb_key{ bits=192 reserved=0
key= 03000500 ff200000 02000000 44f2adbf 00000000 00000000 }
sadb_ext{ len=2 type=1 }
sadb_sa{ spi=24501 replay=0 state=0
auth=0 encrypt=3 flags=0x00000040 }
sadb_ext{ len=2 type=19 }
sadb_x_sa2{ mode=0 reqid=0
reserved1=52 reserved2=2 sequence=1076530488 }
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
44f2adbf }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
b86ae316 }
sadb_msg{ version=2 type=3 errno=93 satype=3
len=2 reserved=0 seq=0 pid=23105
The result of line 2: Protocol not supported.
sadb_msg{ version=2 type=3 errno=0 satype=2
len=15 reserved=0 seq=0 pid=23105
sadb_ext{ len=3 type=8 }
sadb_key{ bits=128 reserved=0
key= 02000000 44f2adbf 00000000 00000000 }
sadb_ext{ len=2 type=1 }
sadb_sa{ spi=24500 replay=0 state=0
auth=2 encrypt=0 flags=0x00000040 }
sadb_ext{ len=2 type=19 }
sadb_x_sa2{ mode=0 reqid=0
reserved1=52 reserved2=2 sequence=1076530488 }
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
44f2adbf }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
b86ae316 }
sadb_msg{ version=2 type=3 errno=93 satype=2
len=2 reserved=0 seq=0 pid=23105
The result of line 3: Protocol not supported.
#
答案1
这些内核配置设置可以解决问题:
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y