我有一个场景,我想从 Libreswan 连接到 DRG。我遵循了官方文档: https ://docs.cloud.oracle.com/iaas/Content/Network/Concepts/libreswan.htm 隧道已启动,但没有流量。我的配置是:
config setup
plutoopts="--perpeerlog"
protostack=auto
conn oracle-tunnel-1
left=DRG tunnel 1 public IP address
right=192.168.12.4
rightid=Libreswan public IP # See preceding note about 1-1 NAT device
authby=secret
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
auto=start
mark=5/0xffffff1 # Needs to be unique across all tunnels
vti-interface=vti1
vti-routing=no
encapsulation=no
conn oracle-tunnel-2
left=DRG tunnel 2 public IP address
right=192.168.12.4
rightid=Libreswan public IP # See preceding note about 1-1 NAT device
authby=secret
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
auto=start
mark=5/0xffffff2 # Needs to be unique across all tunnels
vti-interface=vti2
vti-routing=no
encapsulation=no
隧道已开通:
#1: "oracle-tunnel-1":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2847s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
#4: "oracle-tunnel-1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27828s; newest IPSEC; eroute owner; isakmp#1; idle;
import:admin initiate
#4: "oracle-tunnel-1" esp.bbba50fa@DRG-IP esp.7db55be9@192.168.12.4
tun.0@DRG-IP tun.0@192.168.12.4 ref=0 refhim=0 Traffic: ESPin=0B
ESPout=0B! ESPmax=4194303B
#2: "oracle-tunnel-2":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2606s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
#3: "oracle-tunnel-2":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27837s; newest IPSEC; eroute owner; isakmp#2; idle;
import:admin initiate
#3: "oracle-tunnel-2" esp.9dfaf013@DRG-IP esp.43348c8c@192.168.12.4
tun.0@DRG-IP tun.0@192.168.12.4 ref=0 refhim=0 Traffic: ESPin=84B
ESPout=0B! ESPmax=4194303B
但是没有流量。
有任何想法吗?