在cloudstack4.2中发现,在高级网络中创建vpn server,只能使用源地址创建vpn server,获取出来的公共IP创建出的VPN
server 无法使用。
在虚拟路由器中抓包看见使用获取的公网IP创建的VPN,vpn客户端连接时候返回的数据包是由源地址(虚拟路由器公网IP)发出,可能是这个原因导致的。
> From: wilc...@hotmail.com
> To: users-cn@cloudstack.apache.org
> Subject: 网络中配置vpn,无法连接
> Date: Thu, 19 Dec 2013 06:54:23 +0000
>
> 在高级网络中,使用一个公共IP创建vpn server。创建完成后,在windows XP中创建一个vpn client连接vpn
> server。用户、密码、公共密钥都配置好了,但连接时总“报错:678,远程计算机没反应”。在虚拟路由器中的查看日志:/var/log/auto.log
> Dec 19 01:45:01 r-409-VM CRON[17872]: pam_unix(cron:session): session closed
> for user root
> Dec 19 01:45:14 r-409-VM pluto[28116]: packet from 192.168.0.34:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Dec 19 01:45:14 r-409-VM pluto[28116]: packet from 192.168.0.34:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Dec 19 01:45:14 r-409-VM pluto[28116]: packet from 192.168.0.34:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Dec 19 01:45:14 r-409-VM pluto[28116]: packet from 192.168.0.34:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> responding to Main Mode from unknown peer 192.168.0.34
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> STATE_MAIN_R1: sent MR1, expecting MI2
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33: Main
> mode peer ID is ID_IPV4_ADDR: '192.168.0.34'
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33: the
> peer proposed: 192.168.0.170/32:17/1701 -> 192.168.0.34/32:17/0
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> responding to Quick Mode proposal {msgid:4c4ddaec}
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> us: 192.168.0.170<192.168.0.170>[+S=C]:17/1701
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> them: 192.168.0.34[+S=C]:17/1701
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Dec 19 01:45:14 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #34:
> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x477764e3 <0xe4997faf
> xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
> Dec 19 01:45:49 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> received Delete SA(0x477764e3) payload: deleting IPSEC State #34
> Dec 19 01:45:49 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> received and ignored informational message
> Dec 19 01:45:49 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34 #33:
> received Delete SA payload: deleting ISAKMP State #33
> Dec 19 01:45:49 r-409-VM pluto[28116]: "L2TP-PSK"[17] 192.168.0.34: deleting
> connection "L2TP-PSK" instance with peer 192.168.0.34 {isakmp=#0/ipsec=#0}
> Dec 19 01:45:49 r-409-VM pluto[28116]: packet from 192.168.0.34:500: received
> and ignored informational message这是什么问题?
>
