gpt4 book ai didi

linux - IPSec VPN 客户端 Linux

转载 作者:太空狗 更新时间:2023-10-29 12:33:54 25 4
gpt4 key购买 nike

<分区>

我有一个 IP 地址为@public_A 的 SonicWall 路由器。这个路由器后面是一个局域网192.168.2.0/24。另一方面,我有一台 IP 地址为@public_B 的 Linux Ubuntu 机器

我的目标是为 Linux 实现一个 VPN IPSec 客户端,这样我就可以将消息从我的 Linux 客户端机器发送到 192.168.2.0/24 LAN。

此客户端已存在于由 SonicWall 开发的 Windows 机器上,但不适用于 Linux 机器。

根据互联网上许多帖子的建议,我决定配置 OpenSwan 隧道以连接到该 LAN。

ipsec.conf :

conn sonicwall
type=tunnel
left=public_B
leftid=@yyyyyyyyyyyyyyy
leftxauthclient=yes
right=public_A
rightsubnet=192.168.2.0/24
rightxauthserver=yes
rightid=@xxxxxxxxxxxxxxxx
keyingtries=0
pfs=no
aggrmode=yes
auto=add
auth=esp
esp=aes256-sha1
#phase2alg=aes256-sha1
ike=aes256-sha1;modp1536
authby=secret
leftxauthusername=USER
#xauth=yes
keyexchange=ike

启动时的日志:

~# ipsec whack --name sonicwall --initiate
002 "sonicwall" #9: initiating Aggressive Mode #9, connection "sonicwall"
112 "sonicwall" #9: STATE_AGGR_I1: initiate
003 "sonicwall" #9: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
003 "sonicwall" #9: ignoring unknown Vendor ID payload [xxxxxxxxxxxxxxxxxx]
003 "sonicwall" #9: received Vendor ID payload [RFC 3947] method set to=109
003 "sonicwall" #9: received Vendor ID payload [Dead Peer Detection]
003 "sonicwall" #9: received Vendor ID payload [XAUTH]
002 "sonicwall" #9: Aggressive mode peer ID is ID_FQDN: '@xxxxxxxxxxxxxxxxx'
003 "sonicwall" #9: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
002 "sonicwall" #9: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
004 "sonicwall" #9: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1536}
002 "sonicwall" #9: XAUTH: Answering XAUTH challenge with user='USER'
002 "sonicwall" #9: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "sonicwall" #9: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
003 "sonicwall" #9: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
003 "sonicwall" #9: received and ignored informational message
002 "sonicwall" #9: XAUTH: Successfully Authenticated
002 "sonicwall" #9: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "sonicwall" #9: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "sonicwall" #10: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK {using isakmp#9 msgid:489fb919 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}
117 "sonicwall" #10: STATE_QUICK_I1: initiate
002 "sonicwall" #10: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "sonicwall" #10: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xff65c149 <0x6de1b3e3 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none}

注意:在那之后我的路由表中没有添加任何路由。

我的隧道似乎功能齐全,但是:我无法向路由器后面的 LAN 发送任何消息。我不知道如何使用我刚刚设置的隧道,以便至少向 LAN 中的机器发送 ping。我该怎么办?

即使不使用 OpenSwan,您也可以给我建议以实现我的目标

感谢阅读和帮助。

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com