服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 将Ubuntu 14.04与Strongswan连接到Microsoft Azure
Intereting Posts
NTFS权限:如何使一个文件夹只读取一个组,但只给这个组的一个成员写入权限? 什么意思是Windows服务的“自动(延迟)”模式? 你能否更新一个Hyper-V父差异磁盘推送更新给所有的孩子? 避免服务器宕机 SQL Server 2008远程访问 在Chef-solo开始之前运行脚本? 无法在Vim中为HTML文件find正确的编码 Iomega StorCenter Pro 150d – 重置为出厂默认设置后,访问被拒绝到文件夹 在mysql-data文件夹中巨大#sql-xxxx_xxxx.ibd文件 尝试在CentOS 7计算机上安装Azure文件存储时出错 通过http代理或socks代理从一个icinga / nagios实例提交检查到另一个 我如何添加更多的工作人员到Apache? RabbitMQ双节点高可用性群集间歇性地中断了Veeam备份作业 下载FreeBSD打印系统 nginx try_files混淆

将Ubuntu 14.04与Strongswan连接到Microsoft Azure

我想将我的Ubuntu 14.04服务器与Strongswan连接到Microsoft Azure网关。 我只想在Azure和Ubuntu服务器之间build立连接。 在Azure中,我configuration了一个dynamic网关。

Azure的:

虚拟networking:

10.0.1.0/24(整个虚拟networking)
10.0.1.0/27(VM的子网)
10.0.1.32/29(网关的子网)
1.1.1.1(网关IP)

本地networking:

10.0.2.15/32(networking)
2.2.2.2(网关地址)

带有Strongswan的Ubuntu Server 14.04:

StrongSwan:Linux strongSwan U5.1.2 / K3.16.0-49-generic

networking:

10.0.2.15(与strongswan Ubuntu的服务器)
2.2.2.2(带NAT的网关)

CONFIGS:

/etc/ipsec.conf: 

conn azure type=tunnel closeaction=restart dpdaction=restart ike=aes256-sha1-modp1024 esp=aes256-sha1 reauth=no keyexchange=ikev2 mobike=no ikelifetime=28800s keylife=3600s keyingtries=%forever leftauth=psk left=10.0.2.15 # local instance ip (strongswan) leftsubnet=0.0.0.0/0 leftid=10.0.2.15 # local instance ip (strongswan) right=1.1.1.1 # vpn gateway ip (azure) rightid=1.1.1.1 # vpn gateway ip (azure) rightsubnet=10.0.1.0/24 # private ip segment (azure) auto=start

/etc/ipsec.secrests: 

 10.0.2.15 1.1.1.1 : PSK "secret-pre-shared-key"

系统日志: 

 Sep 24 10:34:50 vpn-test charon: 04[CFG] received stroke: add connection 'azure' Sep 24 10:34:50 vpn-test charon: 04[CFG] added configuration 'azure' Sep 24 10:34:50 vpn-test charon: 06[CFG] received stroke: initiate 'azure' Sep 24 10:34:50 vpn-test charon: 06[IKE] initiating IKE_SA azure[1] to 1.1.1.1 Sep 24 10:34:50 vpn-test charon: 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Sep 24 10:34:50 vpn-test charon: 06[NET] sending packet: from 10.0.2.15[500] to 1.1.1.1[500] (1044 bytes) Sep 24 10:34:50 vpn-test charon: 08[NET] received packet: from 1.1.1.1[500] to 10.0.2.15[500] (865 bytes) Sep 24 10:34:50 vpn-test charon: 08[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) VV CERTREQ ] Sep 24 10:34:50 vpn-test charon: 08[ENC] received unknown vendor ID: 2b:51:69:05:7d:7c:96:fc:bf:b5:e4:61:00:00:00 Sep 24 10:34:50 vpn-test charon: 08[ENC] received unknown vendor ID: 1d:e3:cd:b7:ea:16:b7:e5:be:08:f1 Sep 24 10:34:50 vpn-test charon: 08[IKE] local host is behind NAT, sending keep alives Sep 24 10:34:50 vpn-test charon: 08[IKE] received 25 cert requests for an unknown ca Sep 24 10:34:50 vpn-test charon: 08[IKE] authentication of '10.0.2.15' (myself) with pre-shared key Sep 24 10:34:50 vpn-test charon: 08[IKE] establishing CHILD_SA azure Sep 24 10:34:50 vpn-test charon: 08[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ] Sep 24 10:34:50 vpn-test charon: 08[NET] sending packet: from 10.0.2.15[4500] to 1.1.1.1[4500] (316 bytes) Sep 24 10:34:50 vpn-test charon: 09[NET] received packet: from 1.1.1.1[4500] to 10.0.2.15[4500] (68 bytes) Sep 24 10:34:50 vpn-test charon: 09[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] Sep 24 10:34:50 vpn-test charon: 09[IKE] received AUTHENTICATION_FAILED notify error