我试图build立一个站点到站点vpn从一个CentOS 7与openswan fortigate 60c,我每次得到的错误是以下
000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_v1_RETRANSMIT in 8s; nodpd; idle; import:admin initiate 000 #1: pending Phase 2 for "office" replacing #0 我的configuration文件
office.conf
conn office left=%defaultroute # Your local linux machine IP leftsubnet=192.168.3.0/24 # The subnet of your local Linux machine leftid=@openswan # Same as given in Sonicwall leftnexthop=%defaultroute # leftxauthclient=yes right=mrt.mx # Sonicwall VPN IP rightsubnet=192.168.1.0/24 # Sonicwall LAN subnet rightid=office # Sonicwall Unique Identifier # rightxauthserver=yes # keyingtries=0 # pfs=yes auto=start auth=esp esp=3DES-SHA1 ike=3DES-SHA1 ikelifetime=1800s authby=secret aggrmode=no # leftmodecfgclient=yes dpddelay=30 dpdtimeout=60
ipsec.conf文件
GNU nano 2.3.1 Fichero: /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes interfaces=%defaultroute oe=off # Enable this if you see "failed to find any available worker" nhelpers=0 include /etc/ipsec.d/*.conf
我有以下的错误,我读了一个post,这是没有关系,但我不得不启用转发,它解决了这个错误,并允许build立连接两个或多个接口find,检查IP转发[FAILED]
`sysctl -w net.ipv4.forwarding=1`