无法在Cisco 3900和strongSwan客户端之间build立站点到站点vpn连接

我有网站，显示数据，从GSM调制解调器接收。所以我试图连接我的网站到GSMnetworking提供商使用VPN。

供应商方面有一个思科3900，configuration为站点到站点VPN服务器和我的身边我有强大的安装在debian linux和configuration为客户端。

我正在使用本指南进行客户端configurationhttp://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html

在GSMnetworking提供商方面的configuration是这样的：

VPN设备版本：Cisco 3900
VPN模块：DES + 3DES + AES
VPN网关IP：“VpnGatewayIP”
主机使用VPN：10.248.64.0/20

隧道信息

阶段1（IKE）

身份validation方法：预共享密钥
encryption架构：IKE
完美的前向保密 – IKE：DH Group-5
encryptionalgorithm：AES256
散列algorithm：SHA1
每隔86400秒重新协商一次IKE SA

阶段2（IPSEC）

IPSec：ESP
完善的前向保密 – IPSEC：DH Group-5
encryptionalgorithmIPSec：AES256
散列algorithmIPSec：SHA1
每3600秒重新协商IPSec SA
积极的模式：不使用

这是我的configuration文件/etc/ipsec.conf的内容

config setup strictcrlpolicy=no charondebug="ike 1, knl 2, cfg 0" conn %default ikelifetime=1440m keylife=60m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret conn "providerVPN" left=MyServerIP leftsubnet=MyServerIP/32 leftid=MyServerIP leftfirewall=yes right=VpnGatewayIP rightsubnet=10.248.64.0/20 rightid=VpnGatewayIP auto=add ike=aes256-sha1-modp1536 esp=aes256-sha1

和PSK文件/etc/ipsec.secrets

 MyServerIP VpnGatewayIP : PSK someSecretKey

像这样开始客户端

 /etc/init.d/ipsec start

之后这ifconfig没有显示任何新的连接和“IPSec状态”给我输出

 Security Associations (0 up, 0 connecting): none

有一个来自/var/log/daemon.log的日志

 Sep 6 17:54:12 gmapfish ipsec[1221]: ipsec starter stopped Sep 6 17:54:15 gmapfish ipsec[1320]: Starting strongSwan 5.2.1 IPsec [starter]... Sep 6 17:54:15 gmapfish charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-686-pae, i686) Sep 6 17:54:15 gmapfish charon: 00[KNL] known interfaces and IP addresses: Sep 6 17:54:15 gmapfish charon: 00[KNL] lo Sep 6 17:54:15 gmapfish charon: 00[KNL] 127.0.0.1 Sep 6 17:54:15 gmapfish charon: 00[KNL] ::1 Sep 6 17:54:15 gmapfish charon: 00[KNL] eth0 Sep 6 17:54:15 gmapfish charon: 00[KNL] "MyServerIP" Sep 6 17:54:15 gmapfish charon: 00[KNL] 10.19.0.5 Sep 6 17:54:15 gmapfish charon: 00[KNL] df80::501:a8ef:ef9f:a321 Sep 6 17:54:15 gmapfish charon: 00[LIB] loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default stroke updown Sep 6 17:54:15 gmapfish charon: 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies) Sep 6 17:54:15 gmapfish charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 Sep 6 17:54:15 gmapfish charon: 00[JOB] spawning 16 worker threads Sep 6 17:54:15 gmapfish charon: 07[KNL] "VpnGatewayIP" is not a local address or the interface is down Sep 6 17:54:15 gmapfish ipsec[1320]: charon (1348) started after 60 ms

任何build议我的设置有什么问题？

最后，我发现我的问题的解决scheme，这只是configuration问题。

而不是auto = add必须有auto = start和esp = aes256-sha1必须是esp = aes256-sha1-modp1536

我也添加了数据库参数，但工作是可选的。如果你改变这两个参数，它将工作。

最终的工作configuration是这样的。

 # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4" #uniqueids = no conn %default ikelifetime=1440m keylife=60m rekeymargin=3m keyingtries=1 mobike=no keyexchange=ikev1 dpdaction=clear dpddelay=200s conn "providerVPN" type=tunnel auto=start aggressive=no esp=aes256-sha1-modp1536 ike=aes256-sha1-modp1536 right=VpnGatewayIP rightsubnet=10.248.64.0/20 rightid=VpnGatewayIP rightauth=psk left=MyServerIP leftsubnet=MyServerIP/32 leftid=MyServerIP leftauth=psk dpddelay=30s dpdaction=hold dpdtimeout=120s ikelifetime=86400s lifetime=86400s