📄 west-console.txt

📁 ipsec vpn
💻 TXT
字号:
west:~# TESTNAME=x509-pluto-03west:~# source /testing/pluto/bin/westlocal.shwest:~# ping -n -c 4 192.0.2.254PING 192.0.2.254 (192.0.2.254): 56 data bytes64 bytes from 192.0.2.254: icmp_seq=0 ttl=257 time=999 ms64 bytes from 192.0.2.254: icmp_seq=1 ttl=257 time=999 ms64 bytes from 192.0.2.254: icmp_seq=2 ttl=257 time=999 ms64 bytes from 192.0.2.254: icmp_seq=3 ttl=257 time=999 ms--- 192.0.2.254 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max = 3.1/4.5/9.26 mswest:~# iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROPwest:~# ping -n -c 4 192.0.2.254PING 192.0.2.254 (192.0.2.254): 56 data bytes--- 192.0.2.254 ping statistics ---4 packets transmitted, 0 packets received, 100% packet losswest:~# ipsec setup startipsec_setup: Starting Openswan IPsec VERSIONwest:~# ipsec auto --add westnet-eastnet-x509-crwest:~# /testing/pluto/basic-pluto-01/eroutewait.sh trapwest:~# ipsec whack --debug-control --debug-emittingwest:~# ipsec auto --up  westnet-eastnet-x509-cr104 "westnet-eastnet-x509-cr" #1: STATE_MAIN_I1: initiate003 "westnet-eastnet-x509-cr" #1: received Vendor ID payload [Openswan 003 "westnet-eastnet-x509-cr" #1: received Vendor ID payload [Dead Peer Detection]106 "westnet-eastnet-x509-cr" #1: STATE_MAIN_I2: sent MI2, expecting MR2108 "westnet-eastnet-x509-cr" #1: STATE_MAIN_I3: sent MI3, expecting MR3004 "westnet-eastnet-x509-cr" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}117 "westnet-eastnet-x509-cr" #2: STATE_QUICK_I1: initiate004 "westnet-eastnet-x509-cr" #2: STATE_QUICK_I2: sent QI2, IPsec SA establishedwest:~# echo donedonewest:~# ipsec lookwest NOW0.0.0.0/0          -> 0.0.0.0/0          => %trap192.0.1.0/24       -> 192.0.2.0/24       => tun0xIPIP@192.1.2.23 esp0xESPSPI@192.1.2.23ipsec0->eth1 mtu=16260(9999)->1500tun0xTUN#@192.1.2.23 IPIP: dir=out src=192.1.2.45 natencap=none natsport=0 natdport=0  esp0xKLIPSPIK@192.1.2.23 ESP_AES_HMAC_SHA1: dir=out src=192.1.2.45 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=64 alen=160 aklen=160 eklen=128 natencap=none natsport=0 natdport=0  esp0xKLIPSPIK@192.1.2.45 ESP_AES_HMAC_SHA1: dir=in  src=192.1.2.23 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=64   alen=160 aklen=160 eklen=128  natencap=none natsport=0 natdport=0  tun0xTUN#@192.1.2.45 IPIP: dir=in  src=192.1.2.23 policy=192.0.2.0/24->192.0.1.0/24 flags=0x8<>  natencap=none natsport=0 natdport=0  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface0.0.0.0         192.1.2.254     0.0.0.0         UG       99 0          0 eth10.0.0.0         192.1.2.254     128.0.0.0       UG       99 0          0 ipsec0128.0.0.0       192.1.2.254     128.0.0.0       UG       99 0          0 ipsec0192.0.2.0       0.0.0.0         255.255.255.0   U        99 0          0 ipsec0192.1.2.0       0.0.0.0         255.255.255.0   U        99 0          0 eth1192.1.2.0       0.0.0.0         255.255.255.0   U        99 0          0 ipsec0west:~# west:~#
💿 文件大小 3514 K
👤 上传用户 akk79600872
📂 所属分类网络
🏷️ 相关标签

#ipsec #vpn
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -