Auth使用证书制作
Ubuntu 16.04 + strongswan。
从win7连接的客户端,像在strongswan Wiki中说的那样添加了证书。
configuration也像在strongswan维基,但我得到错误:'plutostart不赞成,所以我删除它。
所以我的ipsec.conf :
config setup #plutostart=no conn win7 left=%defaultroute leftcert=vpnHostCert.der leftsubnet=0.0.0.0/0 right=%any rightsendcert=never rightsourceip=10.42.42.0/24,2002:25f7:7489:3::/112 keyexchange=ikev2 auto=add
日志:
Jun 28 03:20:26 myserver charon: 12[IKE] IKE_SA (unnamed)[2] state change: CONNECTING => DESTROYING Jun 28 03:20:30 myserver charon: 13[NET] received packet: from MYIP[500] to SERVERIP[500] (528 bytes) Jun 28 03:20:30 myserver charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Jun 28 03:20:30 myserver charon: 13[IKE] MYIP is initiating an IKE_SA Jun 28 03:20:30 myserver charon: 13[IKE] IKE_SA (unnamed)[3] state change: CREATED => CONNECTING Jun 28 03:20:30 myserver charon: 13[IKE] remote host is behind NAT Jun 28 03:20:30 myserver charon: 13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] Jun 28 03:20:30 myserver charon: 13[NET] sending packet: from SERVERIP[500] to MYIP[500] (308 bytes) Jun 28 03:21:00 myserver charon: 14[JOB] deleting half open IKE_SA after timeout Jun 28 03:21:00 myserver charon: 14[IKE] IKE_SA (unnamed)[3] state change: CONNECTING => DESTROYING