Linux Ubuntu 16.03
我只是下载最新的strongswan版本[strongswan-5.6.0]
我用默认值来编译和制作strongswan
./configure 这是我的ipsec.conf
conn xxxx_NFederal authby=secret auto=start type=tunnel left=10.0.0.97 leftsubnet=10.0.0.0/8 rightid=%any right=xxxx rightsubnet=192.168.1.0/24 ike=aes256-sha-modp1024,aes128-sha-modp1024,3des-sha1-modp1024
ipsec状态表示:
root@ubuntu:/usr/local/etc# ipsec status Security Associations (0 up, 0 connecting): none
以下是日志中的行
Aug 20 19:16:04 ubuntu charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.4.0-92-generic, x86_64) Aug 20 19:16:05 ubuntu charon: 00[NET] could not open socket: Address family not supported by protocol Aug 20 19:16:05 ubuntu charon: 00[NET] could not open IPv6 socket, IPv6 disabled Aug 20 19:16:05 ubuntu charon: 00[KNL] received netlink error: Address family not supported by protocol (97) Aug 20 19:16:05 ubuntu charon: 00[KNL] unable to create IPv6 routing table rule Aug 20 19:16:05 ubuntu charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Aug 20 19:16:05 ubuntu charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Aug 20 19:16:05 ubuntu charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Aug 20 19:16:05 ubuntu charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Aug 20 19:16:05 ubuntu charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Aug 20 19:16:05 ubuntu charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Aug 20 19:16:05 ubuntu charon: 00[CFG] loaded EAP secret for @rod.xxxxx Aug 20 19:16:05 ubuntu charon: 00[CFG] loaded IKE secret for 10.0.0.97 xxx.xxxxxxx.net Aug 20 19:16:05 ubuntu charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic Aug 20 19:16:05 ubuntu charon: 00[JOB] spawning 16 worker threads Aug 20 19:16:05 ubuntu charon: 08[CFG] received stroke: add connection '3101_NFederal' Aug 20 19:16:05 ubuntu charon: 08[CFG] added configuration 'xxx_NFederal' Aug 20 19:16:05 ubuntu charon: 09[CFG] received stroke: initiate '3101_NFederal' Aug 20 19:16:05 ubuntu charon: 09[IKE] initiating IKE_SA xxx_NFederal[1] to 99.27.53.185 Aug 20 19:16:05 ubuntu charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Aug 20 19:16:05 ubuntu charon: 09[NET] sending packet: from 10.0.0.97[500] to 99.27.53.185[500] (632 bytes) Aug 20 19:16:05 ubuntu charon: 11[NET] received packet: from 99.27.53.185[500] to 10.0.0.97[500] (397 bytes) Aug 20 19:16:05 ubuntu charon: 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HTTP_CERT_LOOK) CERTREQ V ] Aug 20 19:16:05 ubuntu charon: 11[ENC] received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03 Aug 20 19:16:05 ubuntu charon: 11[IKE] local host is behind NAT, sending keep alives Aug 20 19:16:05 ubuntu charon: 11[IKE] received 3 cert requests for an unknown ca Aug 20 19:16:05 ubuntu charon: 11[IKE] authentication of '10.0.0.97' (myself) with pre-shared key Aug 20 19:16:05 ubuntu charon: 11[IKE] establishing CHILD_SA xxx_NFederal Aug 20 19:16:05 ubuntu charon: 11[ENC] generating IKE_AUTH request 1 [ IDi AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) ] Aug 20 19:16:05 ubuntu charon: 11[NET] sending packet: from 10.0.0.97[4500] to xxxx[4500] (348 bytes) Aug 20 19:16:05 ubuntu charon: 14[NET] received packet: from xxxx[4500] to 10.0.0.97[4500] (76 bytes) Aug 20 19:16:05 ubuntu charon: 14[ENC] parsed IKE_AUTH response 1 [ N(NO_PROP) ] Aug 20 19:16:05 ubuntu charon: 14[IKE] IDr payload missing Aug 20 19:16:05 ubuntu charon: 14[ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ] Aug 20 19:16:05 ubuntu charon: 14[NET] sending packet: from 10.0.0.97[4500] to xxxx[4500] (76 bytes)