帮忙看一下我的ipsec配置好吗?

贝贝080

下面是我的ipsec.conf的配置文件 有什么问题吗?
version        2.0        # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        interfaces=%defaultroute
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
             plutodebug=none
        #plutoload=%search
        #plutostart=%search
        uniqueids=yes

conn left-gateway-right-gateway
     left=172.150.0.1
     right=172.149.0.1
     auto=start
     keyingtries=0
     spi=0x200
     esp=3des-md5-96
     espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
     espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf

conn left-net-right-gateway
     left=172.150.0.1
     leftsubnet=10.0.0.0/24
     right=172.149.0.1
     auto=start
     keyingtries=0
     spi=0x200
     esp=3des-md5-96
     espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
     espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
                                                            
conn left-net-right-net
     left=172.150.0.1
     leftsubnet=10.0.0.0/24
     right=172.149.0.1
     rightsubnet=192.168.1.0/24
     auto=start
     keyingtries=0
     spi=0x200
     esp=3des-md5-96
     espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
     espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf

conn left-gateway-right-net
     left=172.150.0.1
     right=172.149.0.1
     rightsubnet=192.168.1.0/24
     auto=start
     keyingtries=0
     spi=0x200
     esp=3des-md5-96
     espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
     espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
===============================================
我同学机子上的ipsec.conf文件和这个文件是一样的  但是不知道 在建立连接的时候总是出现下面的错误
Jun 5 21:46:23 localhost pluto[3647]: "left-net-right-net" #3: ERROR: asynchronous network error report on eth1 for message to 172.149.0.1 port 500, complainant 172.150.0.1: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Jun 5 21:48:20 localhost pluto[3647]: ERROR: "left-net-right-net" #3: sendto on eth1 to 172.149.0.1:500 failed in EVENT_RETRANSMIT. Errno 101: Network is unreachable
还有这样的错误
Jun 5 21:12:49 localhost pluto[3647]: "left-gateway-right-gateway": route-host output: /usr/local/lib/ipsec/_updown: `ip route add 172.149.0.1/32 via 172.149.0.1 dev ipsec0' failed
Jun 5 21:12:49 localhost pluto[3647]: "left-gateway-right-gateway": route-host command exited with status 2
Jun 5 21:12:49 localhost pluto[3647]: "left-net-right-gateway": route-client output: RTNETLINK answers: Network is unreachable

QUSHIQIANG

网络通吗？

贝贝080

网络可以ping通的 没有问题

扫净缘客

Jun 5 21:46:23 localhost pluto[3647]: "left-net-right-net" #3: ERROR: asynchronous network error report on eth1 for message to 172.149.0.1 port 500, complainant 172.150.0.1: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Jun 5 21:48:20 localhost pluto[3647]: ERROR: "left-net-right-net" #3: sendto on eth1 to 172.149.0.1:500 failed in EVENT_RETRANSMIT. Errno 101: Network is unreachable


配置规则为MASQUERADE

然后开放5000 端口

扫净缘客

原帖由 "贝贝080" 发表：
还有这样的错误
Jun 5 21:12:49 localhost pluto[3647]: "left-gateway-right-gateway": route-host output: /usr/local/lib/ipsec/_updown: `ip route add 172.149.0.1/32 via 172.149.0.1 dev ipsec0' failed
Jun 5 21:12:49 localhost pluto[3647]: "left-gateway-right-gateway": route-host command exited with status 2
Jun 5 21:12:49 localhost pluto[3647]: "left-net-right-gateway": route-client output: RTNETLINK answers: Network is unreachable

你把你的/usr/local/lib/ipsec/_updown 贴出来看看

贝贝080

原帖由 "扫净缘客" 发表：
RROR: "left-net-right-net" #3: sendto on eth1 to 172.149.0.1:500 failed in EVENT_RETRANSMIT. Errno 101: Network is unreachable


配置规则为MASQUERADE

然后开放5000 端口

我把iptables服务的关掉了