这是一个创建于 3463 天前的主题,其中的信息可能已经有所发展或是发生改变。
这个openvz VPS是支持ipsec的,装好后ipsec verify也正常,但是连接错误代码792,启动ipsec的时候发现提示ipsec_setup: multiple ip addresses, using 127.0.0.2 on venet0
感觉这里有问题,venet0:0和venet0:1分别对应vps的两个IP
关键部分日志
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: ERROR: netlink_get_spi for [email protected] failed with errno 22: Invalid argument
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: responding to Quick Mode proposal {msgid:8aad69ba}
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: us: xxx.xxx.xxx.x<xxx.xxx.xxx.x>[+S=C]:17/1701
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: them: xxx.xxx.xxx.xxx[@fire,+S=C]:17/1701
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: ERROR: netlink response for Add SA [email protected] included errno 22: Invalid argument
Nov 7 10:01:03 rijx pluto[12312]: | failed to install outgoing SA: 0
Nov 7 10:01:04 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: discarding duplicate packet; already STATE_QUICK_R0
root@rijx:~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K2.6.32-042stab093.4 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
感觉这里有问题,venet0:0和venet0:1分别对应vps的两个IP
关键部分日志
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: ERROR: netlink_get_spi for [email protected] failed with errno 22: Invalid argument
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: responding to Quick Mode proposal {msgid:8aad69ba}
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: us: xxx.xxx.xxx.x<xxx.xxx.xxx.x>[+S=C]:17/1701
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: them: xxx.xxx.xxx.xxx[@fire,+S=C]:17/1701
Nov 7 10:01:03 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: ERROR: netlink response for Add SA [email protected] included errno 22: Invalid argument
Nov 7 10:01:03 rijx pluto[12312]: | failed to install outgoing SA: 0
Nov 7 10:01:04 rijx pluto[12312]: "L2TP-PSK-noNAT"[3] xxx.xxx.xxx.xxx #3: discarding duplicate packet; already STATE_QUICK_R0
root@rijx:~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K2.6.32-042stab093.4 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
目前尚无回复
Select Language