我是这个范围内的新手。我尝试在谷歌云平台上使用 centos7(不同区域)配置 strongswan 站点到站点。我已经按照本指南进行操作:
- https://blog.ruanbekker.com/blog/2018/02/11/setup-a-site-to-site-ipsec-vpn-with-strongswan-and-preshared-key-authentication/
- https://www.tecmint.com/setup-ipsec-vpn-with-strongswan-on-centos-rhel-8/
- https://medium.com/@georgeswizzalonge/how-to-setup-a-site-to-site-vpn-connection-with-strongswan-32d4ed034ae2
这ipsec.conf
来自站点 A:
config setup
charondebug="all"
strictcrlpolicy=no
uniqueids = yes
conn sg-to-jkt
authby=secret
left=%defaultroute
leftid=34.xx.xx.xxx
leftsubnet=10.xxx.x.xx/24
right=34.xxx.xxx.xxx
rightsubnet=10.xxx.x.x/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
ipsec.secrets
档案网站A:
site-A site-B : PSK "someencryptedkey"
本站ipsec.conf
B:
config setup
charondebug="all"
strictcrlpolicy=no
uniqueids = yes
conn jkt-to-sg
authby=secret
left=%defaultroute
leftid=34.xxx.xxx.xxx
leftsubnet=10.xxx.x.x/24
right=34.xx.xx.xxx
rightsubnet=10.xxx.x.xx/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
ipsec.secret
文件站点 B:
site-B site-A : PSK "someencryptedkey"
我的问题是:
为什么每次我重新启动 strongswan(strongswan restart)时,strongswan 服务(systemctl status strongswan)都会死/不活动?(注:strongswan隧道还在)
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled; vendor preset: disabled) Active: inactive (dead) since Sun 2020-10-11 16:37:06 UTC; 32min ago
ESP 协议中没有流量,
tcpdump esp
不显示任何内容,但 strongswan 隧道已启动。我意识到状态给出的结果与示例不同。结果返回ESP in UDP SPIs
而不是ESP SPIs
. 有什么不同或其他吗?
感谢您的帮助和建议