服务器 Gind.cn
  1. 服务器 Gind.cn
  3. build立IPSec隧道,但没有分配给vpn接口的IP地址
Intereting Posts
子站点在网站中不被识别 – 可用 ospf控制如何泛滥? 我们如何绕过我们的托pipe交换服务器的“安全function”,总是需要凭据? 将文件包含在Apache HTTP服务器版本2.2 httpd.conf中 AWS路线53:如果我想要使用外部服务器,我需要更改SOA和NSlogging吗? AWS负载均衡器,多个实例 – NAT 如何测量networkingstream量往返延迟和抖动 试图降低apache 2进程的数量 Nagios基本configuration(用于快速添加新机器) AWS second NIC vs辅助IP pipe理Amazon EC2 Web服务器上的持久数据 用Apache2redirectVirtualHost中的一个文件夹 Operations Manager 2007 如何检查我的ElasticSearch进程是否使用压缩的oops? Postfix:只有当我还没有在收件人列表中时,我如何才能发送邮件给我自己?

build立IPSec隧道,但没有分配给vpn接口的IP地址

我正在使用带有预共享密钥的l2tpipsec vpn来连接我的工作环境。 我使用的ipsec实现来自libreswan。 我遵循IPsec_VPN_client_setup来设置连接。 

sudo ipsec auto --add work 002 "work": deleting non-instance connection 002 added connection description "work" sudo ipsec auto --up work 002 "work" #1: initiating Main Mode 104 "work" #1: STATE_MAIN_I1: initiate 002 "work" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 106 "work" #1: STATE_MAIN_I2: sent MI2, expecting MR2 010 "work" #1: STATE_MAIN_I2: retransmission; will wait 500ms for response 002 "work" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 108 "work" #1: STATE_MAIN_I3: sent MI3, expecting MR3 010 "work" #1: STATE_MAIN_I3: retransmission; will wait 500ms for response 002 "work" #1: Main mode peer ID is ID_IPV4_ADDR: '180.211.105.234' 002 "work" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 004 "work" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192 integ=sha group=MODP1024} 002 "work" #2: initiating Quick Mode PSK+ENCRYPT+DONT_REKEY+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:880c0dee proposal=defaults pfsgroup=no-pfs} 117 "work" #2: STATE_QUICK_I1: initiate 002 "work" #2: byte 7 of ISAKMP NAT-OA Payload should have been zero, but was not (ignored) 002 "work" #2: byte 8 of ISAKMP NAT-OA Payload should have been zero, but was not (ignored) 002 "work" #2: byte 7 of ISAKMP NAT-OA Payload should have been zero, but was not (ignored) 002 "work" #2: byte 8 of ISAKMP NAT-OA Payload should have been zero, but was not (ignored) 003 "work" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed 002 "work" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 004 "work" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x025a9f5d <0xb9efc96d xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=180.211.105.234:4500 DPD=active}

看着IPsec SAbuild立的传输模式 ,我假设ipsec隧道已经build立。

稍后列出networking接口,我可以在那里find接口 

 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp59s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether 84:7b:eb:3a:38:26 brd ff:ff:ff:ff:ff:ff 3: wlp60s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 9c:b6:d0:0d:75:53 brd ff:ff:ff:ff:ff:ff inet 192.168.0.101/24 brd 192.168.0.255 scope global dynamic wlp60s0 valid_lft 6793sec preferred_lft 6793sec inet6 fe80::59f5:4465:15a7:c01c/64 scope link valid_lft forever preferred_lft forever 4: ip_vti0@NONE: <NOARP> mtu 1332 qdisc noop state DOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0

这里ip_vti0是隧道创build的新接口,但为什么没有分配ip地址呢? 不应该从vpn的子网获得有效的地址吗?