Ipsec配置与openswan
Ipsec配置与openswan
提问于 2011-08-05 20:55:50
我尝试用openswan作为客户端在服务器上配置Ipsec。
但是接收错误是可能的,这是唯一的错误。
我在配置上写错了什么?
谢谢你的回答。
#1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "f-net" #1: received Vendor ID payload [Cisco-Unity]
003 "f-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "f-net" #1: ignoring unknown Vendor ID payload [ca917959574c7d5aed4222a9df367018]
003 "f-net" #1: received Vendor ID payload [XAUTH]
108 "f-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "f-net" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3
003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3
003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "f-net" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
031 "f-net" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "f-net" #1: starting keying attempt 2 of at most 3, but releasing whack 另一边-思科ASA.
parameters for my connection on our Linux server :
VPN Gateway 8.*.*.* (Cisco )
Phase 1
Exchange Type
Main Mode
Identification Type
IP Address
Local ID 4.*.*.* (our Linux server IP)
Remote ID 8.*.*.* (VPN server IP)
Authentication PSK
Pre Shared Key
Diffie-Hellman Key Group DH 5 (1536 bit) or DH 2 (1024 bit)
Encryption Algorithm AES 256
HMAC Function SHA-1
Lifetime 86.400 seconds / no volume limit
Phase 2
Security Protocol ESP
Connection Mode Tunnel
Encryption Algorithm AES 256
HMAC Function SHA-1
Lifetime 3600 seconds / 4.608.000 kilobytes
DPD / IKE Keepalive 15 seconds
PFS off
Remote Network 192.168.100.0/24
Local Network 1 10.0.0.0/16
...............
Local Network 5current openswan config :
#
config setup
klipsdebug=all
plutodebug="control parsing"
protostack=netkey
nat_traversal=no
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
nhelpers=0
conn f-net
type=tunnel
keyexchange=ike
authby=secret
auth=esp
esp=aes256-sha1
keyingtries=3
pfs=no
aggrmode=no
keylife=3600s
ike=aes256-sha1-modp1024
#
left=4.*.*.*
leftsubnet=10.0.0.0/16
leftid=4.*.*.*
leftnexthop=%defaultroute
right=8.*.*.*
rightsubnet=192.168.100.0/24
rightid=8.*.*.*
rightnexthop=%defaultroute
auto=add 回答 1
Server Fault用户
发布于 2011-08-09 13:53:00
问题是在ESXi桥。(我们这边的Virt服务器位于带有外部IP的ESXI主机上),但是在nake硬件(相同的SL6-RHEL 6)上工作,ipsec工作得很好。
config on our side :
conn f-net
type=tunnel
keyexchange=ike
authby=secret
auth=esp
esp=aes-sha1
keyingtries=3
pfs=no
ike=aes256-sha1-modp1536 ## also works without it
left=4***
leftsubnet=****
leftid=4***
leftnexthop=%defaultroute # correct in many situations
right=8*** # Remote vitals
rightsubnet=****
rightid=8***
rightnexthop=%defaultroute # correct in many situations
auto=add 页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/298244
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号