关于IPsec isakmp_natt问题的racoon.conf
关于IPsec isakmp_natt问题的racoon.conf
提问于 2011-03-24 10:57:58
我遇到了一个奇怪的问题,浣熊抱怨了以下错误:
WARNING: NAT-T is enabled in at least one remote{} section, but no 'isakmp_natt' address was specified!不过,我已经指定了isakmp_natt。这是我的racoon.conf:
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
listen
{
isakmp 172.17.69.69 [500];
isakmp_natt 172.17.69.69 [4500];
}
mode_cfg
{
auth_source system;
group_source system;
pool_size 125;
network4 172.19.3.1;
netmask4 255.255.255.128;
}
remote 172.17.43.43
{
ph1id 1;
exchange_mode aggressive;
my_identifier address 172.17.69.69;
peers_identifier address 172.17.43.43;
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal on;
dpd_delay = 10;
dpd_maxfail = 5;
support_proxy on;
proposal_check claim;
proposal
{
authentication_method pre_shared_key;
encryption_algorithm 3des;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}
sainfo subnet 192.168.168.0/24 any subnet 10.234.34.0/24 any
{
remoteid 1;
encryption_algorithm aes 256, aes 192, aes 128, blowfish 256, blowfish 248, blowfish 240, blowfish 232, blowfish 224, blowfish 216, blowfish 208, blowfish 200, blowfish 192, blowfish 184, blowfish 176, blowfish 168, blowfish 160, blowfish 152, blowfish 144, blowfish 136, blowfish 128, 3des, cast128;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
lifetime time 3600 secs;
}谢谢!
simon.cpu
回答 1
Server Fault用户
回答已采纳
发布于 2011-05-27 18:27:26
您可能需要重新编译内核,在内核配置中设置options IPSEC_NAT_T。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/251256
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号