我在cisco asa和我的 Linux机器之间配置了ipsec,它按预期工作.但是,当我在linux机器上重新启动网络服务或重新启动cisco端的端口时,隧道将停止工作,但隧道状态已启动:
/etc/init.d/ipsec status/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabledIPsec running - pluto pID: 2684pluto pID 26841 tunnels upsome eroutes exist
当我尝试连接到另一端(telnet,Ping,ssh)时,连接不起作用.
我的/etc/ipsec.conf看起来像这样:
# /etc/ipsec.conf - Openswan IPsec configuration file## Manual: ipsec.conf.5## Please place your own config files in /etc/ipsec.d/ ending in .confversion 2.0 # conforms to second version of ipsec.conf specification# basic configurationconfig setup # DeBUG-logging controls: "none" for (almost) none,"all" for lots. # klipsdeBUG=none # plutodeBUG="control parsing" # For Red Hat Enterprise linux and Fedora,leave protostack=netkey protostack=netkey nat_traversal=yes virtual_private= oe=off # Enable this if you see "Failed to find any available worker" nhelpers=0#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.include /etc/ipsec.d/*.conf
我的/etc/ipsec.d/myvpn.conf看起来像这样:
conn myvpn authby=secret # Key exchange method left=server-ip # Public Internet IP address of the # left VPN device leftsubnet=server-ip/32 # subnet protected by the left VPN device leftnexthop=%defaultroute # correct in many situations right=asa-ip # Public Internet IP address of # the RIGHT VPN device rightsubnet=network/16 # subnet protected by the RIGHT VPN device rightnexthop=asa-ip # correct in many situations auto=start # authorizes and starts this connection # on booting auth=esp esp=aes-sha1 compress=no
当我重新启动openswan服务时,一切都开始工作,但我认为应该有一些自动执行此 *** 作的逻辑.有谁知道我错过了什么?
解决方法 如果双方都可用,您可能希望启用死对等检测.当隧道实际上不再工作并断开或重置隧道时,死对等检测会发出通知.如果不可用,您还可以尝试将会话重新协商时间降低到非常低的水平;您的隧道将频繁创建新密钥并设置新隧道以定期替换旧隧道,以便在会话中断时超时后有效地重新创建隧道.
对于linux本身的PPP会话,我只需在/etc/ppp/ip-up.local中进行“service ipsec restart”,以便在PPP设备重新联机时重启所有隧道.
因人而异.
总结以上是内存溢出为你收集整理的linux – 网络重启后Openswan隧道无法正常工作全部内容,希望文章能够帮你解决linux – 网络重启后Openswan隧道无法正常工作所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)