论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2014-12-23 15:27 |只看该作者 |倒序浏览

本帖最后由 chentanyu 于 2015-01-03 08:05 编辑

不知道怎么回事，我的Linux版本是：Linux vmware 2.6.18-194.el5
                                    openswan:Linux Openswan U2.6.32

在协商ike时只发ike 1版本，按配置道理应该发ike 2来协商sa啊

配置文件如下/etc/ipsec.conf：
version       2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
      # Debug-logging controls:  "none" for (almost) none, "all" for lots.
      klipsdebug=none
      plutodebug="control parsing"
      # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
      protostack=netkey
      nat_traversal=yes
      virtual_private=%v4:192.168.0.0/16,%v4:172.16.0.0/12
      oe=off
      # Enable this if you see "failed to find any available worker"
      # nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf

在etc/ipsec.d/aa.conf
连接文件：
  conn aa
type=tunnel
#Define your IKE policy
authby=secret
keyingtries=0
ike=3des-md5;modp1024
ikelifetime="28800"
#Define IPsec Policy
auth=esp
esp=3des-md5
keylife="3600"
#Define Local then Remote Gateway & proxy-id
left=10.95.100.102
leftsubnet=172.16.20.0/24
# leftid=
leftnexthop=%defaultroute
right=211.144.XX
# rightid=
rightsubnet=192.168.0.0/24
rightnexthop=211.144.XX
compress=no
#Start the tunnel on boot
auto=start

controls, version, 配置文件, linux, second

Chrysanthemum.jpg (135.05 KB, 下载次数: 20)