我想在两个路由器之间设置站点到站点 VPN。一个站点上有一个标记为“A”的 Ubuntu 路由器,另一个站点上有一个标记为“C”的 Cisco 小型企业路由器。您可以在此处查看草稿:
http://s17.postimg.org/bkdy2jnan/network.png
两个站点都配置了带 PSK 的站点到站点 VPN。在“A”上我们使用 openswan 并建立了隧道。
问题是我们无法访问远程子网。(192.168.70.x 和 192.168.10.y 之间没有连接、没有 ping 等等)
以下是“A”上的设置参数:
root@A:~# ip route
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
192.168.70.0/24 dev eth1 proto kernel scope link src 192.168.70.1
/etc/ipsec.conf
config setup
dumpdir=/var/run/pluto/
protostack=netkey
nat_traversal=yes
plutodebug=all
conn cham
authby=secret
auto=add
type=tunnel
forceencaps=yes
left=192.168.1.2
leftid=78.x.y.z
leftsubnet=192.168.70.0/24
leftnexthop=%defaultroute
right=62.a.b.c
rightid=62.a.b.c
rightsubnet=192.168.10.0/24
rightnexthop=%defaultroute
ike=aes-sha1;modp1024
ikelifetime=28800s
phase2=esp
phase2alg=aes-sha1;modp1024
salifetime=3600s
root@A:~# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 3748 packets, 293K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 959 packets, 128K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1039 packets, 79647 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 245 packets, 17799 bytes)
pkts bytes target prot opt in out source destination
3343 215K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
root@A:~# iptables -vnL
Chain INPUT (policy ACCEPT 15635 packets, 1906K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 10 packets, 1040 bytes)
pkts bytes target prot opt in out source destination
120K 45M ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
113K 11M ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
10 1040 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 6928 packets, 1179K bytes)
pkts bytes target prot opt in out source destination
/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth1.accept_redirects = 0
net.ipv4.conf.eth1.send_redirects = 0
root@A:/etc# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.70.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
任何帮助,将不胜感激。
谢谢!