大佬们您好,我在 CentOS7 上连接 strongswan 时,分配 IP 地址后,提示 no CHILD_SA built failed to establish CHILD_SA, 连接失败。安卓和 WINDOWS 连接正常,
服务端版本 5.6.2,Centos 端版本是 5.6.2,这是配置文件
http://popcn.net/ipsec.conf====================服务端配置============================
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# cachecrls=yes
uniqueids=never
# Add connections here.
conn %default
ikelifetime=60m
keylife=120m
rekeymargin=3m
keyingtries=1
# authby=psk/secret
conn ikev2
keyexchange=ikev2
ike=aes256-sha256-modp2048,3des-sha1-modp2048,aes256-sha1-modp2048!
esp=aes256-sha256,3des-sha1,aes256-sha1!
type=tunnel
rekey=no
leftfirewall=no
left=%defaultroute
leftsubnet=0.0.0.0/0,::/0
leftupdown=/usr/local/etc/strongswan.d/proxyndp.updown
leftid=本地对外地址
leftauth=pubkey
leftcert=server.cert.pem
leftsendcert=ifasked
right=%any
rightsourceip=10.10.8.0/24,
rightdns=8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844
# rightsubnet=0.0.0.0/0,::/0
# rightcert=client.cert.pem
# rightsendcert=never
rightauth=eap-mschapv2
eap_identity=%any
dpdaction=clear
fragmentation=yes
compress=yes
auto=add
strongswan restart
strongswan up linux-client
strongswan statusall
====================客户端配置============================
config setup
# strictcrlpolicy=yes
uniqueids =never
conn %default
conn linux-client
keyexchange=ikev2
rekey=no
ike=aes256-sha256-modp2048,3des-sha1-modp2048,aes256-sha1-modp2048!
esp=aes256-sha256,3des-sha1,aes256-sha1!
right=对端地址
rightid=@对端地址
rightsubnet=0.0.0.0/0,::/0
rightauth=pubkey
left=%any
leftsourceip=%config
leftcert=server.cert.pem
leftsendcert=ifasked
leftauth=eap-mschapv2
eap_identity=user
type=tunnel
auto=add
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
https://www.v2ex.com/t/631694
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.