求助:openswan问题
在我的实验中需要实现linux下的IPSEC,我决定用openswan,系统是FC6,在按照一篇《十分钟配置openswan》的文章进行安装后,用ipsec verify检验除了最后OE外全部OK,接着我开始配置,我准备实现road warrior模式,我的实验环境是:
laptop(192.168.0.138)---PC(192.168.0.136)---(192.168.0.137)虚拟机1(192.168.2.1)---(192.168.2.6)虚拟机2
上述实验环境中,笔记本和虚拟机1均为FC6且都安装了openswan,并且测试安装通过,虚拟机1和2是由PC通过vmware虚拟的,其中,虚拟机1的eth0(192.168.0.137)是桥接在vmnet0上,而eth1(192.168.2.1)通过自定义的vmnet2和虚拟机2相连。
在laptop上ping 192.168.0.136, 192.168.0.137能ping 通,
而在虚拟机1上ping 192.168.0.136, 192.168.0.138能ping通,ping 192.168.2.6都ping通
在虚拟机2上ping 192.168.2.1能ping通,ping 192.168.0.137能ping通。
laptop(@left)上的ipsec.conf是:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
nat_traversal=yes
nhelpers=0
conn %default
authby=rsasig
compress=yes
include /etc/ipsec.d/examples/no_oe.conf
conn road
left=192.168.0.138
leftnexthop=@defaultroute
[EMAIL="leftid=@left"]leftid=@left[/EMAIL]
leftrsasigkey=xxxx
right=192.168.0.137
rightsubnet=192.168.2.0/24
[EMAIL="rightid=@right"]rightid=@right[/EMAIL]
rightrsasigkey=xxxx
auto=add
虚拟机1(@right)上的ipsec.conf文件是:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
nat_traversal=yes
nhelpers=0
conn %default
authby=rsasig
compress=yes
include /etc/ipsec.d/examples/no_oe.conf
conn road
left=192.168.0.137
[EMAIL="leftid=@right"]leftid=@right[/EMAIL]
leftsubnet=192.168.2.0/24
leftrsasigkey=xxxx
rightnexthop=@defaultroute
right=192.168.0.138
[EMAIL="rightid=@left"]rightid=@left[/EMAIL]
rightrsasigkey=xxxx
auto=add
配置好之后,我在laptop端启用ipsec:ipsec auto --up road出错:提示:021 no connection named "road"
然后我将laptop端ipsec.conf配置中的红色字段[EMAIL="leftnexthop=@defaultroute"]leftnexthop=@defaultroute[/EMAIL] 改为leftnexthop=192.168.0.137 后,再启用ipsec:
#ipsec auto --up road
此时不再显示021错误,显示:
STATE_MAIN_I1:initiate
STATE_MAIN_I1:retransmission;will wait 20s for response
STATE_MAIN_I1:retransmission;will wait 40s for response
.
.
.
还是不成功,到底是何原因,百思不得其解,寻求各位高手帮助,不甚感激!
