📄 east-console.txt

📁 ipsec vpn
💻 TXT
字号:
east:~# ipsec setup startipsec_setup: Starting Openswan IPsec VERSIONeast:~# /testing/pluto/bin/wait-until-policy-loadedeast:~# ipsec whack --label "\"SAwest-east\" leftrsasigkey"  --keyid "@west" --pubkeyrsa "0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7"east:~# ipsec whack --label "\"SAwest-east\" rightrsasigkey"  --keyid "@east" --pubkeyrsa "0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL"east:~# ipsec whack --name SAwest-east --encrypt --tunnel --pfs --rsasig --host "192.1.2.23"  --nexthop "192.1.2.45" --updown "ipsec _updown" --id "@east" --to --host "%any" --nexthop "%direct" --updown "ipsec _updown" --id "@west" --ipseclifetime "28800" --rekeymargin "540" --keyingtries "1"002 added connection description "SAwest-east"east:~# ipsec auto --status000 interface ipsec0/eth1 192.1.2.23000 %myid = (none)000 debug none000  000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128000  000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192000  000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000  000 "packetdefault": 0.0.0.0/0===192.1.2.23[%myid]---192.1.2.254...%opportunistic; prospective erouted; eroute owner: #0000 "packetdefault":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;000 "packetdefault":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3000 "packetdefault":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS+lKOD+rKOD; prio: 0,0; interface: eth1; 000 "packetdefault":   newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "SAwest-east": 192.1.2.23[@east,S?C]---192.1.2.45...%any[@west,S?C]; unrouted; eroute owner: #0000 "SAwest-east":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;000 "SAwest-east":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1000 "SAwest-east":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: eth1; 000 "SAwest-east":   newest ISAKMP SA: #0; newest IPsec SA: #0; 000  000  east:~# east:~# ipsec lookeast NOW0.0.0.0/0          -> 0.0.0.0/0          => %trapipsec0->eth1 mtu=16260(9999)->1500Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface0.0.0.0         192.1.2.254     0.0.0.0         UG       99 0          0 eth10.0.0.0         192.1.2.254     128.0.0.0       UG       99 0          0 ipsec0128.0.0.0       192.1.2.254     128.0.0.0       UG       99 0          0 ipsec0192.0.1.0       192.1.2.45      255.255.255.0   UG       99 0          0 eth1192.1.2.0       0.0.0.0         255.255.255.0   U        99 0          0 eth1192.1.2.0       0.0.0.0         255.255.255.0   U        99 0          0 ipsec0east:~# ipsec auto --status000 interface ipsec0/eth1 192.1.2.23000 %myid = (none)000 debug none000  000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128000  000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192000  000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000  000 "packetdefault": 0.0.0.0/0===192.1.2.23[%myid]---192.1.2.254...%opportunistic; prospective erouted; eroute owner: #0000 "packetdefault":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;000 "packetdefault":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3000 "packetdefault":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS+lKOD+rKOD; prio: 0,0; interface: eth1; 000 "packetdefault":   newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "SAwest-east": 192.1.2.23[@east,S?C]---192.1.2.45...%any[@west,S?C]; unrouted; eroute owner: #0000 "SAwest-east":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;000 "SAwest-east":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1000 "SAwest-east":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: eth1; 000 "SAwest-east":   newest ISAKMP SA: #0; newest IPsec SA: #0; 000  000  east:~# echo endend
💿 文件大小 3514 K
👤 上传用户 akk79600872
📂 所属分类网络
🏷️ 相关标签

#ipsec #vpn
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -