在使用以下configuration在ubuntu-14.04 LTS系统上创build一个vti隧道/接口的同时,我看到错误Keys are not allowed with ipip and sit tunnels 。
我做了apt-get install iproute2*和更新..但
root@server:/usr/local/etc# root@server:/usr/local/etc# uname -a Linux server 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux root@server:/usr/local/etc# ip tunnel add vti1 mode vti local 10.80.90.65 remote 2.2.2.34 okey 32 ikey 32 Keys are not allowed with ipip and sit tunnels root@server:/usr/local/etc# ^C root@server:/usr/local/etc# uname -a Linux server 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux root@server:/usr/local/etc# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04 LTS Release: 14.04 Codename: trusty root@server:/usr/local/etc# ip tunnel add vti1 mode vti local 10.80.90.65 remote 2.2.2.34 okey 32 ikey 32 Keys are not allowed with ipip and sit tunnels root@server:/usr/local/etc# ============================================================== the following is the man-help of the ip tunnel command on this system: root@server:/usr/local/etc# ip tunnel help Usage: ip tunnel { add | change | del | show | prl | 6rd } [ NAME ] [ mode { ipip | gre | sit | isatap | vti } ] [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ] [ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ] [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ] Where: NAME := STRING ADDR := { IP_ADDRESS | any } TOS := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff } TTL := { 1..255 | inherit } KEY := { DOTTED_QUAD | NUMBER } root@server:/usr/local/etc#
我错过了什么? 我需要进一步做什么?
ikey和okey是指特定GRE(通用路由封装)隧道function的选项,用于标记两个端点之间的通信stream。 这不是一种encryption,只是在GRE封装的数据包内沿隧道传播的标签。
相反,VTI不是封装,它是特定Linux系统上的一个本地function,主要用于将特定的IPsec策略应用于通过它的stream量。
因此,总结一下,没有必要使用(i | o)键和(i | o)seq与VTI,因为它根本不会做任何事情。