CentOS IPsec:この接続の両端で自分自身を識別できません。 [閉じる]

CentOS IPsec:この接続の両端で自分自身を識別できません。 [閉じる]

centOSのIPsecに問題があります。接続を追加するときに使用されます。

ipsec auto --add cx

それを与える

multiple ip addresses, using  127.0.0.1 on venet0

利用について

ipsec auto --up cx

私はこの接続の両端で自分自身を識別できないことを理解しています。

IPアドレス出力

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever

2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/void 
    inet 127.0.0.1/32 scope host venet0
    inet <here goes ip>/32 brd <here goes ip> scope global venet0:0

IPsec構成ファイル

## general configuration parameters ##

config setup
    plutodebug=none
        plutostderrlog=/var/log/pluto.log
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        ## disable opportunistic encryption in Red Hat ##
        oe=off

## disable opportunistic encryption in Debian ##
## Note: this is a separate declaration statement ##
#include /etc/ipsec.d/examples/no_oe.conf

## connection definition in Red Hat ##
conn mazeed
    authby=secret
        auto=start
        ike=aes256-sha
        auth=esp
        ## phase 1 ##
        keyexchange=ike
        ## phase 2 ##
        #phase2=esp
        #phase2alg=aes256-sha
        compress=no
        pfs=yes
        type=tunnel
        left=<ip goes here from above>
        leftsubnet=192.168.30.10/24
        leftnexthop=%defaultroute
        right=<remote ip>
        rightsubnet=172.16.198.29/24

エディタ:IPsecの確認

Verifying installed system and configuration files

Version check and ipsec on-path                     [OK]
Libreswan U3.12/K(no kernel code presently loaded) on 2.6.32-46-pve
Checking for IPsec support in kernel                [FAILED]

 The ipsec service should be started before running 'ipsec verify'

Pluto ipsec.conf syntax                             [OK]
Hardware random device                              [N/A]
Checking rp_filter                                  [OK]
Checking that pluto is running                      [OK]
 Pluto listening for IKE on udp 500                 [FAILED]
 Pluto listening for IKE/NAT-T on udp 4500          [DISABLED]
 Pluto ipsec.secret syntax                          [OK]
Checking 'ip' command                               [OK]
Checking 'iptables' command                         [OK]
Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options             [OK]
Opportunistic Encryption                            [DISABLED]

ipsec verify: encountered 3 errors - see 'man ipsec_verify' for help

ただし、ファイアウォールではすべてのポートが開いています。

ベストアンサー1

おすすめ記事