linux ipsec ike问题
本帖最后由 chentanyu 于 2015-01-03 08:05 编辑不知道怎么回事,我的Linux版本是:Linux vmware 2.6.18-194.el5
openswan:Linux Openswan U2.6.32
在协商ike时只发ike 1版本,按配置道理应该发ike 2来协商sa啊
配置文件如下/etc/ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls:"none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf
在etc/ipsec.d/aa.conf
连接文件:
conn aa
type=tunnel
#Define your IKE policy
authby=secret
keyingtries=0
ike=3des-md5;modp1024
ikelifetime="28800"
#Define IPsec Policy
auth=esp
esp=3des-md5
keylife="3600"
#Define Local then Remote Gateway & proxy-id
left=10.95.100.102
leftsubnet=172.16.20.0/24
# leftid=
leftnexthop=%defaultroute
right=211.144.XX
# rightid=
rightsubnet=192.168.0.0/24
rightnexthop=211.144.XX
compress=no
#Start the tunnel on boot
auto=start
终于找打原因
ikev2=yes;
这样就好了。
页:
[1]