IPSec VPN客户端Linux

时间:2013-08-09 09:17:39

标签: linux vpn ipsec

我有一个带有IP地址@public_A的SonicWall路由器。此路由器后面是LAN 192.168.2.0/24。 另一方面,我有一台带有IP地址@public_B的Linux Ubuntu机器

我的目标是为Linux实现VPN IPSec客户端,以便我能够将Linux客户端计算机上的消息发送到192.168.2.0/24 LAN。

此客户端已存在于由SonicWall开发的Windows计算机上,但不适用于Linux计算机。

我决定根据互联网上许多帖子的建议,配置一个OpenSwan隧道以连接到这个局域网。

ipsec.conf:

conn sonicwall
        type=tunnel
        left=public_B
        leftid=@yyyyyyyyyyyyyyy
        leftxauthclient=yes
        right=public_A
        rightsubnet=192.168.2.0/24
        rightxauthserver=yes
        rightid=@xxxxxxxxxxxxxxxx
        keyingtries=0
        pfs=no
        aggrmode=yes
        auto=add
        auth=esp
        esp=aes256-sha1
        #phase2alg=aes256-sha1
        ike=aes256-sha1;modp1536
        authby=secret
        leftxauthusername=USER
        #xauth=yes
        keyexchange=ike

发布日志:

~# ipsec whack --name sonicwall --initiate
002 "sonicwall" #9: initiating Aggressive Mode #9, connection "sonicwall"
112 "sonicwall" #9: STATE_AGGR_I1: initiate
003 "sonicwall" #9: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
003 "sonicwall" #9: ignoring unknown Vendor ID payload [xxxxxxxxxxxxxxxxxx]
003 "sonicwall" #9: received Vendor ID payload [RFC 3947] method set to=109 
003 "sonicwall" #9: received Vendor ID payload [Dead Peer Detection]
003 "sonicwall" #9: received Vendor ID payload [XAUTH]
002 "sonicwall" #9: Aggressive mode peer ID is ID_FQDN: '@xxxxxxxxxxxxxxxxx'
003 "sonicwall" #9: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
002 "sonicwall" #9: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
004 "sonicwall" #9: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1536}
002 "sonicwall" #9: XAUTH: Answering XAUTH challenge with user='USER'
002 "sonicwall" #9: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "sonicwall" #9: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
003 "sonicwall" #9: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
003 "sonicwall" #9: received and ignored informational message
002 "sonicwall" #9: XAUTH: Successfully Authenticated
002 "sonicwall" #9: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "sonicwall" #9: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "sonicwall" #10: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK {using isakmp#9 msgid:489fb919 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}
117 "sonicwall" #10: STATE_QUICK_I1: initiate
002 "sonicwall" #10: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "sonicwall" #10: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xff65c149 <0x6de1b3e3 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none}

注意:在我的路由表中没有添加任何路由。

我的隧道似乎完全是功能但是:我无法向路由器后面的LAN发送任何消息。我不知道如何使用我刚刚设置的隧道,以便至少向局域网中的机器发送ping。我该怎么办?

即使不是使用OpenSwan

,您也可以给我建议以实现我的目标

感谢阅读和帮助。

1 个答案:

答案 0 :(得分:0)

成功通过身份验证后,您是否有任何新的网络接口?检查ip addr以查看您是否有任何ppp0或类似的界面。

我不确定您的情况,因为您的身份验证方法与我过去配置的方法不同(预共享密钥openswan + user / pass xl2tpd)但是,如果有任何相似之处,请运行{{1通常使用预共享密钥建立隧道进行身份验证但不启动接口,此时我必须告诉xl2tpd进行连接,然后使用用户和密码进行身份验证,然后创建接口ipsec auto --up ${connection_name}

ppp0的输出是什么(在启动openswan服务之后)?

相关问题
最新问题