建立IKE_SA失败，对等点没有响应

Question

我是新来的VPN的。我使用Strongswan 5.8.2和swan配置来建立我的SA并使用PSK。我与一家公司进行了整合，为我提供了一些服务，他们给了我一个网关服务器IP，当我打开它时，这个IP是可以访问的。在我这边，swanctl可以加载连接和systemctl，但是日志显示在我启动连接后，“建立IKE_SA失败，对等没有响应”和“错误写入套接字:网络不可达”。为此，我使用了CentOS 8。

这是我的swanctl配置：

connections {
    site-2-site {
        version = 1
        local_addrs = public-IP-site1
        remote_addrs = public-ip-site2
        local_port = 500
        remote_port = 500
        proposals = aes256-sha1-modp1536
        keyingtries = 1
        rekey_time = 86400s
        local {
                    auth = psk
                    id = public-IP-site1
        }
        remote {
            auth = psk
                    id = public-ip-site2
        }
        children {
                    site-2-site {
                            esp_proposals = aes128-sha1
                            local_ts = private-ip-site1
                            remote_ts = private-ip-site2
                            life_time = 3600s
                mode = tunnel
                }
        }
    }
}

secrets {
        secret = ThisIsPSKkey
        id-1a = public-ip-site1
        id-1b = public-ip-site2
}

启动连接时记录：

12[CFG] vici initiate CHILD_SA 'stickearn-to-cimb'
13[IKE] initiating Main Mode IKE_SA stickearn-to-cimb[3] to public-ip-site2
13[ENC] generating ID_PROT request 0 [ SA V V V V V ]
13[NET] sending packet: from public-ip-site1[500] to public-ip-site2[500] (184 bytes)
04[NET] error writing to socket: Network is unreachable
13[IKE] sending retransmit 1 of request message ID 0, seq 1
13[NET] sending packet: from public-ip-site1[500] to public-ip-site2[500] (184 bytes)
04[NET] error writing to socket: Network is unreachable
11[IKE] sending retransmit 2 of request message ID 0, seq 1
11[NET] sending packet: from public-ip-site1[500] to public-ip-site2[500] (184 bytes)
04[NET] error writing to socket: Network is unreachable
08[IKE] sending retransmit 3 of request message ID 0, seq 1
08[NET] sending packet: from public-ip-site1[500] to public-ip-site2[500] (184 bytes)
04[NET] error writing to socket: Network is unreachable
13[IKE] sending retransmit 4 of request message ID 0, seq 1
13[NET] sending packet: from public-ip-site1[500] to public-ip-site2[500] (184 bytes)
04[NET] error writing to socket: Network is unreachable
10[IKE] sending retransmit 5 of request message ID 0, seq 1
10[NET] sending packet: from public-ip-site1[500] to public-ip-site2[500] (184 bytes)
04[NET] error writing to socket: Network is unreachable
07[IKE] giving up after 5 retransmits
07[IKE] establishing IKE_SA failed, peer not responding

是防火墙的问题还是别的什么？我需要你的帮助。

Answer 1

我通过了障碍物。你可以看到这里。

接下来，你要做的就是制定防火墙规则，允许特定的IP/端口。