Проблема с ipsec
День добрый!
Настроил ipsec.conf в таком виде:
version 2.0
config setup
forwardcontrol=yes
klipsdebug=none
nat_traversal=yes
plutodebug=none
include /etc/ipsec.d/examples/no_oe.conf
conn beta-delta
left=82.140.78.114
leftid=@beta
leftsubnet=192.168.1.0/24
leftrsasigkey=0sAQO1zIwlJ9fWFNstt9deM...
leftnexthop=82.140.78.113
right=82.140.78.116
rightid=@delta
rightsubnet=192.168.4.0/24
rightrsasigkey=0sAQNdT6WPo7BT4HC/mvKQ1...
rightnexthop=82.140.78.113
auto=add
Запускаю:
root@beta:~# ipsec auto --up beta-delta
104 "beta-delta" #1: STATE_MAIN_I1: initiate
003 "beta-delta" #1: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "beta-delta" #1: received Vendor ID payload [Dead Peer Detection]
003 "beta-delta" #1: received Vendor ID payload [RFC 3947] method set
to=109
106 "beta-delta" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "beta-delta" #1: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): no NAT detected
108 "beta-delta" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "beta-delta" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
003 "beta-delta" #2: ERROR: netlink_get_spi for
esp.0@82.140.78.114/4096/4294967295 failed with errno 22: Invalid argument
Что не так?
Reply to: