V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
nop
V2EX  ›  问与答

L2TP over ipsec on openvz

  •  
  •   nop · 2014-11-08 01:00:34 +08:00 · 5211 次点击
    这是一个创建于 3702 天前的主题,其中的信息可能已经有所发展或是发生改变。
    这个openvz VPS是支持ipsec的,装好后ipsec verify也正常,但是连接错误代码792,启动ipsec的时候发现提示ipsec_setup: multiple ip addresses, using 127.0.0.2 on venet0
    感觉这里有问题,venet0:0和venet0:1分别对应vps的两个IP


    关键部分日志
    Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: ERROR: netlink_get_spi for [email protected] failed with errno 22: Invalid argument
    Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: responding to Quick Mode proposal {msgid:8aad69ba}
    Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: us: xxx.xxx.xxx.x<xxx.xxx.xxx.x>[+S=C]:17/1701
    Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: them: xxx.xxx.xxx.xxx[@fire,+S=C]:17/1701
    Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: ERROR: netlink response for Add SA [email protected] included errno 22: Invalid argument
    Nov 7 10:01:03 rijx pluto[12312]: | failed to install outgoing SA: 0
    Nov 7 10:01:04 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: discarding duplicate packet; already STATE_QUICK_R0


    root@rijx:~# ipsec verify
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path [OK]
    Linux Openswan U2.6.37/K2.6.32-042stab093.4 (netkey)
    Checking for IPsec support in kernel [OK]
    SAref kernel support [N/A]
    NETKEY: Testing XFRM related proc values [OK]
    [OK]
    [OK]
    Checking that pluto is running [OK]
    Pluto listening for IKE on udp 500 [OK]
    Pluto listening for NAT-T on udp 4500 [OK]
    Two or more interfaces found, checking IP forwarding [OK]
    Checking NAT and MASQUERADEing [OK]
    Checking for 'ip' command [OK]
    Checking /bin/sh is not /bin/dash [WARNING]
    Checking for 'iptables' command [OK]
    Opportunistic Encryption Support [DISABLED]
    目前尚无回复
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1405 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 17:29 · PVG 01:29 · LAX 09:29 · JFK 12:29
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.