openswan启动后直接关闭网络接口

zenglingping

在测试环境中，当我设置好配置文件后，启动ipsec(openswan)，所有网络接口自动被shutdown，不知为何？

有人说是OE，但我没有启用OE。

1. Dec 10 11:49:11 chgw pluto[4768]: "clear#202.12.27.33/32" 0.0.0.0: deleting connection "clear#202.12.27.33/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
2. Dec 10 11:49:11 chgw pluto[4768]: "clear#198.41.0.4/32" 0.0.0.0: deleting connection "clear#198.41.0.4/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
3. Dec 10 11:49:11 chgw pluto[4768]: "clear#198.32.64.12/32" 0.0.0.0: deleting connection "clear#198.32.64.12/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
4. Dec 10 11:49:11 chgw pluto[4768]: "clear#193.0.14.129/32" 0.0.0.0: deleting connection "clear#193.0.14.129/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
5. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.228.79.201/32" 0.0.0.0: deleting connection "clear#192.228.79.201/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
6. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.203.230.10/32" 0.0.0.0: deleting connection "clear#192.203.230.10/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
7. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.112.36.4/32" 0.0.0.0: deleting connection "clear#192.112.36.4/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
8. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.58.128.30/32" 0.0.0.0: deleting connection "clear#192.58.128.30/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
9. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.36.148.17/32" 0.0.0.0: deleting connection "clear#192.36.148.17/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
   
10. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.33.4.12/32" 0.0.0.0: deleting connection "clear#192.33.4.12/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
    
11. Dec 10 11:49:11 chgw pluto[4768]: "clear#192.5.5.241/32" 0.0.0.0: deleting connection "clear#192.5.5.241/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
    
12. Dec 10 11:49:11 chgw pluto[4768]: "clear#128.63.2.53/32" 0.0.0.0: deleting connection "clear#128.63.2.53/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
    
13. Dec 10 11:49:11 chgw pluto[4768]: "clear#128.8.10.90/32" 0.0.0.0: deleting connection "clear#128.8.10.90/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0}
    
14. Dec 10 11:49:11 chgw pluto[4768]: "clear": deleting connection
    
15. Dec 10 11:49:11 chgw pluto[4768]: "clear-or-private": deleting connection
    
16. Dec 10 11:49:11 chgw pluto[4768]: "block": deleting connection
    
17. Dec 10 11:49:11 chgw pluto[4768]: "packetdefault": deleting connection
    
18. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface lo/lo ::1:500
    
19. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface lo/lo 127.0.0.1:4500
    
20. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface lo/lo 127.0.0.1:500
    
21. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface eth1/eth1 125.12.10.22:4500
    
22. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface eth1/eth1 125.12.10.22:500
    
23. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface eth0/eth0 192.168.40.254:4500
    
24. Dec 10 11:49:11 chgw pluto[4768]: shutting down interface eth0/eth0 192.168.40.254:500
    
25. Dec 10 11:49:12 chgw pluto[4768]: ADNS process terminated by signal 105
    
26. Dec 10 11:50:00 chgw sshd[5300]: Accepted password for root from 116.6.76.51 port 49919 ssh2
    
27. Dec 10 11:50:00 chgw sshd[5300]: pam_unix(sshd:session): session opened for user root by (uid=0)

复制代码

kns1024wh

不见配置文件呀
放上来分析

zenglingping

配置文件参考如下：

1. # cat /etc/ipsec.conf
   
2. # /etc/ipsec.conf - Openswan IPsec configuration file
   
3. #
   
4. # Manual:     ipsec.conf.5
   
5. #
   
6. # Please place your own config files in /etc/ipsec.d/ ending in .conf
   
7. 
   
8. version 2.0     # conforms to second version of ipsec.conf specification
   
9. 
   
10. # basic configuration
    
11. config setup
    
12.         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    
13.         # klipsdebug=none
    
14.         # plutodebug="control parsing"
    
15.         nat_traversal=yes
    
16. 
    
17. include /etc/ipsec.d/*.conf
    
18. 
    
19. conn net-to-net
    
20.         right=192.168.3.110
    
21.         rightsubnet=172.16.16.0/24
    
22.         rightid=@right01
    
23.         # RSA 2192 bits   right01   Fri Dec 11 19:17:56 2009
    
24.         rightrsasigkey=0sAQOOeh9pmtAtelwLZj9FLjTZELUyUB0jI6LDV3bVeFv8j02/V271wSBK7nSJJvwvKBwaqfAwwIjMRjzR2Fhj8iAjNDF8kPSo24wWzjuM/mLNT/sXz4zLOk5cYyiyv4qpB0P//Z2tVsyZCRWv6nHMwJuetjpGpwdA5SE0gj87/t6kJVe35c8uAZYLXRX86lKx///2XUVBB+p9TnrO1noNgTEoE/bDnWg+h6cqo/8DmDXkfvk3trC+kuXp2o5/N0kAoX76biV/tRoGZ4zf9hOkxm0FPUo0Et+f5k8+ce2KyqPn6pt6rvJqn6A9qzZS5DtAvWcI9w1bjAaeh51SK1w4k0bKbBv2F+wt4Wnv9IDBUU32jT5F
    
25.         rightnexthop=%defaultroute
    
26.         left=192.168.3.120
    
27.         leftsubnet=10.10.10.0/24
    
28.         leftid=@left01
    
29.         # RSA 2192 bits   left01   Fri Dec 11 19:19:51 2009
    
30.         leftrsasigkey=0sAQONLWrWTYoHV2Z7QyQwtMG5CqhK9h+mdgHIh1/o0MXRfTTzoZv5bS3EeZgMbCeQwX7hkMvSaJfJEZUsEAolr+ZTE9QV6xqNGX7+AgqnDDI2DCQIe1el7hl7XTgoAppSC7TOlb3D3L0oI5LCR8UkzEOqevGo0HH1oUeBePt3kINWyZlbecSP+mxy+32NnOR+T6pnKuan038xYF2T3ahvU2Cceds6zkerWMsYyP+Ye3VDIEof8+RjO5CgM4Z3JJLatnd0xo7sGY+bfsviBqB5FQq/ghfrw5QkqCWOb93bx8a1P5TRokQgQrI3igTSmNkICkmQFQtnrXkcnlUtVGPwfYiONWe/T8FclrOXtYRZhvaoFBZ7
    
31.         leftnexthop=%defaultroute
    
32.         auto=add

复制代码

或许是由于CentOS 版本的问题，我后来使用CentOS 5.0则没有此问题，出现以上问题的是CentOS 5.4 X86的版本。

zenglingping

估计是版本的问题，结贴。

kns1024wh

原帖由 zenglingping 于 2009-12-15 18:00 发表
估计是版本的问题，结贴。

多测试 就会有结果的