你好,我的Strongswam VPN隧道有问题 我具有阶段1和阶段2配置,但只有1处于运行状态..................................... ................................................... ................................................... ................................................... ................................................... ................................................... ................................................... ................................................... ..................................
config setup
charondebug="all"
uniqueids=yes
conn yyy-to-xxx
authby=secret
left=10.12.0.8
leftid=30.71.172.92
leftsourceip=%config
leftsubnet=10.12.0.8/32
right=40.204.128.170
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
# pfs=no
aggressive=no
keyingtries=0
keyexchange=ikev1
ikelifetime=1h
lifetime=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
type=tunnel
auto=start
conn add_xxx_sub0
also=yyy-to-xxx
right=40.204.152.238
rightsubnet=40.204.152.238/32[%any/10501]
leftsubnet=10.12.0.8/32
auto=start
ipsec状态
Security Associations (1 up, 0 connecting):
yyy-to-xxx[51]: ESTABLISHED 14 seconds ago, 10.12.0.8[30.71.172.92]...40.204.128.170[40.204.128.170]
ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-1034-gcp, x86_64):
uptime: 17 minutes, since Apr 17 16:40:58 2020
malloc: sbrk 1622016, mmap 0, used 823744, free 798272
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 112
loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc
hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-
generic counters
Listening IP addresses:
10.12.0.8
Connections:
yyy-to-xxxx: 10.12.0.8...40.204.128.170 IKEv1, dpddelay=30s
yyy-to-xxx: local: [30.71.172.92] uses pre-shared key authentication
yyy-to-xxx: remote: [40.204.128.170] uses pre-shared key authentication
yyy-to-xxx: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
add_xxx_sub0: child: 10.12.0.8/32 === 40.204.152.238/32[10501] TUNNEL, dpdaction=restart
add_xxx_sub1: child: 10.12.0.8/32 === 40.204.152.232/32[8001] TUNNEL, dpdaction=restart
add_xxx_sub2: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
yyy-to-xxx[54]: ESTABLISHED 7 seconds ago,
10.128.0.8[30.71.172.92]...40.204.128.170[40.204.128.170]
yyy-to-xxx[54]: IKEv1 SPIs: e5f0058cab84984d_i* 123b59c38f1bb2fa_r, pre-shared key reauthentication
in 46 minutes
yyy-to-xxx[54]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
yyy-to-xxx[54]: Tasks queued: QUICK_MODE QUICK_MODE QUICK_MODE QUICK_MODE
yyy-to-xxx[54]: Tasks active: MODE_CONFIG