如何解决strongswan:left 和 leftid 有什么区别?
This tutorial 在设置 strongswan 时使用 left
参数,而 this tutorial 也使用 leftid
参数。 left
和 leftid
有什么区别?
解决方法
从 here 找到答案:
One defines the local IP address(es),`left`,which does not have to be specified
unless it should be restricted. The other,`leftid`,the local identity used during
authentication,which will default to the local IP address or the subject DN of the
local certificate,if one is configured.
Note that the convention is to use `left...` options for local settings and `right...` for
those of the remote,but they might get swapped if an IP in `right` is found locally.
Please refer to the man page for ipsec.conf (`man ipsec.conf`) or the [wiki page for
the conn section][1] for details.
----
You can't set `left` to an IP address that's not installed on any local interface. As you
can see in the log,the daemon won't be able to send packets from that address.
Likewise,inbound request are dropped because the destination address doesn't match
the config (the `no IKE config found for ...` message). So either don't configure it (same
as setting it to `%any`) or configure a local address from/on which packets can be
sent/received (e.g. `172.30.13.1` in your case).
[1]: https://wiki.strongswan.org/projects/strongswan/wiki/Connsection
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。