|
|
用的是freeswan2.06,redhat 9.0
运行ipsec manual --up samplehth,出现一下问题.
[root@reallys root]# ipsec manual --up samplehth
RTNETLINK answers: Network is unreachable
/usr/local/lib/ipsec/_updown: `ip route add 10.15.3.30/32 via 10.15.3.30 dev ipsec0' failed
ipsec.conf文件如下
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# basic configuration
version 2.0 #conforms to second version of ipsec.conf specification
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work.
interfaces=eth1
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Manual connections to be started at startup.
#manualstart="test1 test2"
# Auto connections to be loaded into Pluto at startup.
#plutoload=samplehth
# Auto connections to be started at startup.
#plutostart=samplefire
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
spi=0x200
esp=3des-md5-96
espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
# key lifetime (before automatic rekeying)
keylife=8h
# sample host-to-host tunnel (no subnets)
# Here we assume (for purposes of illustration) that the hosts talk directly
# to each other, so we don't need next-hop settings.
conn samplehth
### left host (public-network address)
left=10.16.8.81
### next hop to reach right
leftnexthop=
### right host
right=10.15.3.30
### next hop to reach left
rightnexthop=
### (manual) SPI number
spi=0x300
# (manual) encryption/authentication algorithm and parameters to it
esp=3des-md5-96
espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
auto=add |
|
IP卡
狗仔卡
发表于 2004-5-17 21:44:40
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡