Ipsec
VPN ERROR 500 STATE_MAIN_I1,無法啟動階段 2
我正在嘗試使用openswan從CentOS 7建立一個站點到站點vpn到fortigate 60c,我每次得到的錯誤如下
000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_v1_RETRANSMIT in 8s; nodpd; idle; import:admin initiate 000 #1: pending Phase 2 for "office" replacing #0
我的配置文件
辦公室.conf
conn office left=%defaultroute # Your local linux machine IP leftsubnet=192.168.3.0/24 # The subnet of your local Linux machine leftid=@openswan # Same as given in Sonicwall leftnexthop=%defaultroute # leftxauthclient=yes right=mrt.mx # Sonicwall VPN IP rightsubnet=192.168.1.0/24 # Sonicwall LAN subnet rightid=office # Sonicwall Unique Identifier # rightxauthserver=yes # keyingtries=0 # pfs=yes auto=start auth=esp esp=3DES-SHA1 ike=3DES-SHA1 ikelifetime=1800s authby=secret aggrmode=no # leftmodecfgclient=yes dpddelay=30 dpdtimeout=60
ipsec.conf
GNU nano 2.3.1 Fichero: /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes interfaces=%defaultroute oe=off # Enable this if you see "failed to find any available worker" nhelpers=0 include /etc/ipsec.d/*.conf
我有以下錯誤,我在一篇文章中讀到它無關緊要,但我確實必須啟用轉發,它解決了這個錯誤並允許建立連接找到兩個或多個介面,檢查 IP 轉發
$$ FAILED $$
`sysctl -w net.ipv4.forwarding=1`