- 论坛徽章:
- 0
|
|
我在rh9下面(内核为2.4.20)下安装了freeswan2.05、l2tpd0.69、pppd2.4.1,编译内核,安装过程一切都顺利,而且程序都能正常的运行,但是后来的配置过程就不行了。\r\n然后就是安装文档进行配置:\r\n/usr/share/ssl/misc/CA -newca\r\n生成服务器端证书\r\n/usr/share/ssl/misc/CA -newreq\r\n/usr/share/ssl/misc/CA -sign\r\nmv newcert.pem linux.com.pem\r\nmv newreq.pem linux.com.key\r\ncp linux.com.key /etc/ipsec.d/private\r\ncp linux.com.pem /etc/ipsec.d/certs\r\ncp demoCA/cacert.pem /etc/ipsec.d/cacerts\r\nopenssl ca -gencrl -out /etc/ipsec.d/crls/crl.pem\r\n修改/etc/ipsec.secrets,删除所有内容,添加如下\r\n:RSA linux.com.key “linux”\r\n生成客户端证书\r\n/usr/share/ssl/misc/CA -newreq\r\n/usr/share/ssl/misc/CA -sign\r\nmv newcert.pem windows.com.pem\r\nmv newreq.pem windows.com.key\r\ncp windows.com.pem /etc/ipsec.d/certs\r\nopenssl pkcs12 -export -in windows.com.pem -inkey windows.com.key -certfile demoCA/cacert.pem -out windows.com.p12\r\n将windows.com.p12传到windows的机器上\r\n\r\n配置ipsec.conf文件\r\nversion 2.0\r\nconfig setup \r\n interfaces=\"ipsec0=eth0\" \r\n uniqueids=yes\r\n\r\nconn %default \r\n keyingtries=1\r\n compress=yes \r\n authby=rsasig \r\n leftrsasigkey=%cert \r\n rightrsasigkey=%cert\r\n left=192.168.0.1 \r\n leftnexthop=%direct \r\n leftcert=linux.com.pem \r\n leftid=\"\"\r\n leftprotoport=17/0 \r\n rightprotoport=17/1701\r\n auto=add\r\n pfs=no\r\n\r\nconn roadwarrior \r\n right=%any #客户端的ip不受限制\r\n rightid=\"\"\r\n rightcert=windows.com.pem \r\n \r\n启动了ipsec和l2tpd后,从客户端进行拨号,结果总是协商超时,用tcpdump进行察看,发现进行了几次的协商,但是下面这个包是不停的重复,而且间隔的时间越来越长,是什么原因呢?\r\n14:22:40.343628 10.1.10.68.500 >; 10.1.10.181.500: isakmp: phase 1 I ident[E]: [encrypted id] (frag 31345:1280@0\r\n+)\r\n14:22:41.339935 10.1.10.68.500 >; 10.1.10.181.500: isakmp: phase 1 I ident[E]: [encrypted id] (frag 31346:1280@0\r\n+)\r\n14:22:43.339914 10.1.10.68.500 >; 10.1.10.181.500: isakmp: phase 1 I ident[E]: [encrypted id] (frag 31347:1280@0\r\n+) |
|
免费注册
发表于 2005-03-22 15:35
