debian搭建strongswan无法上网

yohu · 发表于 2014-7-24 19:36:30

http://wiki.loopop.net/doku.php?id=server:v
p
n:strongswanonopenvz

按照这篇教程搭建，客户端可以连接上，但无法上网，防火墙规则均已添加，运行--nofork好像也没看到什么错误。求教

[ol]

15[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

06[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

06[ENC] parsed INFORMATIONAL_V1 request 2094045229 [ HASH N(DPD) ]

06[ENC] generating INFORMATIONAL_V1 request 1434276860 [ HASH N(DPD_ACK) ]

06[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

04[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

04[ENC] parsed INFORMATIONAL_V1 request 1105187608 [ HASH N(DPD) ]

04[ENC] generating INFORMATIONAL_V1 request 1310077779 [ HASH N(DPD_ACK) ]

04[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

03[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

03[ENC] parsed INFORMATIONAL_V1 request 251775382 [ HASH N(DPD) ]

03[ENC] generating INFORMATIONAL_V1 request 1888973920 [ HASH N(DPD_ACK) ]

03[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

01[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

01[ENC] parsed INFORMATIONAL_V1 request 1845217418 [ HASH N(DPD) ]

01[ENC] generating INFORMATIONAL_V1 request 1421090344 [ HASH N(DPD_ACK) ]

01[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

16[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

16[ENC] parsed INFORMATIONAL_V1 request 1122948801 [ HASH N(DPD) ]

16[ENC] generating INFORMATIONAL_V1 request 1408308175 [ HASH N(DPD_ACK) ]

16[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

05[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

05[ENC] parsed INFORMATIONAL_V1 request 2943651872 [ HASH N(DPD) ]

05[ENC] generating INFORMATIONAL_V1 request 1489139752 [ HASH N(DPD_ACK) ]

05[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

15[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

15[ENC] parsed INFORMATIONAL_V1 request 2293537455 [ HASH N(DPD) ]

15[ENC] generating INFORMATIONAL_V1 request 4240464391 [ HASH N(DPD_ACK) ]

15[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)

06[NET] received packet: from clientip[4500] to vpsip[4500] (92 bytes)

06[ENC] parsed INFORMATIONAL_V1 request 120148890 [ HASH N(DPD) ]

06[ENC] generating INFORMATIONAL_V1 request 2576800464 [ HASH N(DPD_ACK) ]

06[NET] sending packet: from vpsip[4500] to clientip[4500] (92 bytes)[/ol]复制代码

hostvps · 发表于 2014-7-24 22:35:59

我的客户端无法连接，怎么办，

雨宫音羽 · 发表于 2014-7-24 22:37:29

他的教程里没说要打开ipv4 forward

你开了吗？

/etc/sysctl.conf

yohu · 发表于 2014-7-24 22:45:43

雨宫音羽发表于 2014-7-24 22:37

他的教程里没说要打开ipv4 forward

你开了吗？
开了的，很奇怪，我试了racoon，strongswan，都是同样的能连接不能上网。openvz/kvm都试过，估计是哪里姿势不对。

hostvps · 发表于 2014-7-24 22:37:00

yohu 发表于 2014-7-24 22:45

开了的，很奇怪，我试了racoon，strongswan，都是同样的能连接不能上网。openvz/kvm都试过，估计是哪里姿 ...
你换个客户端试试

hostvps · 发表于 2014-7-24 22:51:07

你是什么系统下测试的啊？

yohu · 发表于 2014-7-24 22:45:00

hostvps 发表于 2014-7-24 22:59

你是什么系统下测试的啊？
服务器是debian，客户端用iphone和ubuntu都测试过，结果都一样。

h0stl0c · 发表于 2014-7-24 22:59:06

能连上说明strongswan没问题。

不能上网九成mtu问题。改小。

yohu · 发表于 2014-7-25 01:20:21

h0stl0c 发表于 2014-7-25 02:04

能连上说明strongswan没问题。

不能上网九成mtu问题。改小。
能不能具体说下应该怎么改？是改客户端还是服务器？具体应该改成多大的值？我刚试了一下改客户端这边改成1360和1492，都不行。

h0stl0chostvps · 发表于 2014-7-24 22:59:00

yohu 发表于 2014-7-25 03:10

能不能具体说下应该怎么改？是改客户端还是服务器？具体应该改成多大的值？我刚试了一下改客户端这边改成 ...
改到1200试试看？楼主，我按照教程安装不成功，能不能帮帮我啊

		自动登录	找回密码
密码			立即注册