- 论坛徽章:
- 0
|
环境:
ubuntu 8.04, 服务端打开forward.
192.168.60.0/24为服务端子网
192.168.1.6/24为服务端外网地址
192.168.1.7/24为客户端外网地址
目的:
想通过从服务端动态获得IP地址,然后用动态获得的IP地址访问192.168.60.0/24.
问题:
根据下面的配置,可以获得IP地址,但就是建立不了tunnel(192.168.1.6-192.168.1.7)
哪位兄弟配置过,帮忙看看!!
服务端配置
path certificate "/etc/racoon/certs";
listen {
adminsock disabled;
}
remote anonymous {
exchange_mode aggressive;
certificate_type x509 "test2.crt" "test2.key";
my_identifier asn1dn;
proposal_check strict;
generate_policy on;
nat_traversal on;
dpd_delay 20;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method hybrid_rsa_server;
dh_group 2;
}
}
mode_cfg {
network4 192.168.6.10;
pool_size 10;
netmask4 255.255.255.0;
auth_source system;
dns4 192.168.6.100;
wins4 192.168.6.100;
split_network include 192.168.60.0/24;
banner "/etc/racoon/motd";
pfs_group 2;
}
sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
} |
客户端配置
path certificate "/etc/racoon/certs";
path pre_shared_key "/etc/racoon/psk.txt";
listen {
adminsock "/var/racoon/racoon.sock" "root" "operator" 0660;
}
remote 192.168.1.6 {
exchange_mode aggressive;
ca_type x509 "ca.crt";
proposal_check strict;
nat_traversal on;
ike_frag on;
mode_cfg on;
script "/etc/racoon/phase1-up.sh" phase1_up;
script "/etc/racoon/phase1-down.sh" phase1_down;
passive off;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method hybrid_rsa_client;
dh_group 2;
}
}
sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
|
[ 本帖最后由 rmqh 于 2008-9-20 10:24 编辑 ] |
|