我正在尝试在家中设置 strongSwan 服务器并从另一个网络连接到它。假设sun是 VPN 服务器,venus是客户端。这两个sun和venus是NAT网络后面。sun不是我家庭网络的网关。但是,端口 4500、500 和 50 (UDP) 被转发到sun.
ipsec.conf (sun)
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
charonstart=yes
plutostart=no
conn venus
left=%any
leftcert=sunCert.pem
right=%any
leftsubnet=10.135.1.0/24
rightid="C=IL, O=KrustyKrab, CN=venus"
keyexchange=ikev2
auto=add
type=tunnel
mobike=no
include /var/lib/strongswan/ipsec.conf.inc
ipsec.conf(金星)
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
charonstart=yes
plutostart=no
conn krustykrab
left=%defaultroute
leftsourceip=%config
leftid="C=IL, O=KrustyKrab, CN=venus"
leftcert=venusCert.pem
right=x.x.x.x # My home …** 编辑:** 我不再使用 Sabayon Linux,其他发行版上也没有出现这个问题。我建议关闭这个问题。
更新: 我意识到由于主机文件错误,两台机器都将它们的本地名称解析为 127.0.0.1 而不是它们的 LAN IP 地址。一旦我改变它并尝试挂载,客户端就会显示:
mount.nfs4: timeout set for Sun Mar 31 10:33:38 2013
mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.10.200,clientaddr=192.168.10.103'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting shakuras.darwinia.lan:/
查看客户端的系统日志:
rpc.gssd[13067]: dir_notify_handler: sig 37 si 0x7fffcfa36cb0 data 0x7fffcfa36b80
rpc.idmapd[13036]: New client: 1a
rpc.gssd[13067]: dir_notify_handler: sig 37 si 0x7fffcfa321f0 data 0x7fffcfa320c0
rpc.gssd[13067]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt1a)
rpc.gssd[13067]: handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 '
rpc.gssd[13067]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt1a)
rpc.gssd[13067]: process_krb5_upcall: service is …