8
回答
CentOS 6下l2tp + ipsec VPN服务器配置问题
注册华为云得mate10,2.9折抢先购!>>>   

按照  http://www.esojourn.org/wp/?p=404 这里的步骤,一步步来,但是仍然在ipsec verify时遇到了问题。

现在得到的结果是:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K(no kernel code presently loaded)
Checking for IPsec support in kernel [FAILED]
SAref kernel support [N/A]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [FAILED]
Pluto listening for NAT-T on udp 4500 [FAILED]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking NAT and MASQUERADEing [OK]
Checking for ‘ip’ command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for ‘iptables’ command [OK]
Opportunistic Encryption Support [DISABLED]


google了很多资料,由于无基础,基本看不懂,有没有什么好的办法判断问题出在哪?

望高手指点下!

举报
fengkuok
发帖于5年前 8回/9K+阅
共有8个答案 最后回答: 3年前
Linux Openswan U2.6.32/K(no kernel code presently loaded)
Checking for IPsec support in kernel [FAILED]
此版本的内核不支持IPSEC
--- 共有 5 条评论 ---
王瑞平@fengkuok ipsec不启动这两个肯定不正常 5年前 回复
王瑞平@fengkuok 500端口IDE桌面监听和4500NAT监听没响应 5年前 回复
fengkuokPluto listening for IKE on udp 500 [FAILED] Pluto listening for NAT-T on udp 4500 [FAILED] 主要是这两个怎么回事? 5年前 回复
fengkuokhttp://sjolzy.cn/The-Centos-L2TP-related-error-solve.html 5年前 回复
fengkuokhttp://sjolzy.cn/The-Centos-L2TP-related-error-solve.html 这里说: Checking for IPsec support in kernel [FAILED] Checking that pluto is running [FAILED] 这两个错误可以不管 5年前 回复

@王瑞平 

[root@www openswan-2.6.38]# make install
OBJDIR: OBJ.linux.x86_64
(cd /root/openswan-2.6.38/OBJ.linux.x86_64 && OBJDIRTOP=/root/openswan-2.6.38/OBJ.linux.x86_64 OBJDIR=/root/openswan-2.6.38/OBJ.linux.x86_64 make install )
make[1]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64'
make[2]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libopenswan'
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libopenswan'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libpluto'
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libpluto'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libaes'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libaes'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libdes'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libdes'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libmd5'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libmd5'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libsha1'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libsha1'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libsha2'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libsha2'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libmd2'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/libmd2'
make[4]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/liboswcrypto'
make[4]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto/liboswcrypto'
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libcrypto'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libwhack'
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libwhack'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libipsecconf'
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib/libipsecconf'
make[2]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/lib'
make[2]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/proc'
# remove any old vendor file installed previously
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/proc'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/pluto'
mkdir -p /usr/local/libexec/ipsec /usr/local/lib/ipsec
mkdir -p -m 755 /etc/ipsec.d
mkdir -p -m 755 /etc/ipsec.d/cacerts
mkdir -p -m 755 /etc/ipsec.d/aacerts
mkdir -p -m 755 /etc/ipsec.d/ocspcerts
mkdir -p -m 755 /etc/ipsec.d/certs
mkdir -p -m 755 /etc/ipsec.d/crls
mkdir -p -m 700 /etc/ipsec.d/private
mkdir -p -m 700 /var/run/pluto
install -b --suffix=.old pluto whack /usr/local/libexec/ipsec
#install --mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old whackinit /usr/local/libexec/ipsec
if true ; then install -b --suffix=.old _pluto_adns  /usr/local/libexec/ipsec ; fi
install  /root/openswan-2.6.38/programs/pluto/pluto.8 /usr/local/man/man8/ipsec_pluto.8
sh /root/openswan-2.6.38/packaging/utils/manlink /root/openswan-2.6.38/programs/pluto/pluto.8 | \
while read from to ; \
do \
ln -s -f ipsec_$from /usr/local/man/man8/$to; \
done
install  /root/openswan-2.6.38/programs/pluto/ipsec.secrets.5 /usr/local/man/man5
sh /root/openswan-2.6.38/packaging/utils/manlink /root/openswan-2.6.38/programs/pluto/ipsec.secrets.5 | \
while read from to ; \
do \
ln -s -f $from /usr/local/man/man5/$to; \
done
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/pluto'
info: addcon/Makefile: MAKECMDGOALS="install"
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/addconn'
# remove any old vendor file installed previously
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/addconn'
make[3]: Entering directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/_confread'
/usr/bin/xmlto man /root/openswan-2.6.38/programs/_confread/ipsec.conf.5.xml 
/usr/bin/xmlto: line 576: 23871 已杀死               "$XSLTPROC_PATH" $XSLTOPTS -o "$XSLT_PROCESSED" "$STYLESHEET" "$INPUT_FILE"
make[3]: *** [ipsec.conf.5] 错误 1
make[3]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs/_confread'
make[2]: *** [install] 错误 1
make[2]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64/programs'
make[1]: *** [install] 错误 1
make[1]: Leaving directory `/root/openswan-2.6.38/OBJ.linux.x86_64'
make: *** [install] 错误 2

安装2.6.38就会遇到这个情况


问题发生在配置文件编译过程,查查配置文件

配置IPSec
编辑配置文件/etc/ipsec.conf:

cp /etc/ipsec.conf /etc/ipsec.conf.bak
vim /etc/ipsec.conf

查找protostack=auto,修改为:

protostack=netkey

在最后加入:

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=YOUR.SERVER.IP.ADDRESS
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any

“YOUR.SERVER.IP.ADDRESS”换成VPS的外网IP。其中一些设置含义可以参考/etc/ipsec.d/examples/l2tp-psk.conf文件的内容。

 

@王瑞平

昨晚我根据

/usr/bin/xmlto: line 576: 23871 已杀死               "$XSLTPROC_PATH" $XSLTOPTS -o "$XSLT_PROCESSED" "$STYLESHEET" "$INPUT_FILE"

这个信息,remove 了xmlto后Openswan U2.6.38安装成功!

但是目前ipsec verify后还是和最初的一个样。

有一点不明白的,/etc/ipsec.conf文件中

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
这个节点是干嘛的?


顶部