首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
OpenWrt 是一个专门面向嵌入式设备的 Linux 发行版。你可以将 OpenWrt 支持的型号的嵌入式设备,比如各种路由器上的系统,换成一个有更多可能性可以折腾的 Linux 系统。
OpenWrt 官方网站
wuruxu
V2EX  ›  OpenWrt

有没有 在 Openwrt 中使用 strongswan 成功配置 IPSec/IKEv2 客户模式的吗?指点下

  •   
  •   wuruxu · 16 天前 · 551 次点击

    现在我配置 swanctl config 后,发现 IKEv2 通道可以连接成功
    IP 地址也是可以获取到,但是只能 ping 通第一个包
    问了 AI 还是没有解决, 看看配置也没发现问题 

    [email protected]:~# swanctl -l
wg-ikev2: #10, ESTABLISHED, IKEv2, 28a3420f18ba49b1_i* 3f67d6eb052db9f4_r
  local  'opwrt@redmi' @ 192.168.109.52[4500] [192.168.166.53]
  remote 'wg.wuruxu.cn' @ 36.20.59.248[4500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  established 10552s ago, rekeying in 2521s
  wg-child: #19, reqid 1, cpu -, INSTALLED, TUNNEL-in-UDP, ESP:CHACHA20_POLY1305/CURVE_25519
    installed 1520s ago, rekeying in 20080s, expires in 5680s
    in  cc78c042 (-|0x0000029a),      0 bytes,     0 packets
    out c80ce2b3 (-|0x0000029a),      0 bytes,     0 packets
    local  192.168.166.53/32
    remote 192.168.166.0/24
[email protected]:~# ping 192.168.166.1
PING 192.168.166.1 (192.168.166.1): 56 data bytes
64 bytes from 192.168.166.1: seq=0 ttl=64 time=7.154 ms
^C
--- 192.168.166.1 ping statistics ---
136 packets transmitted, 1 packets received, 99% packet loss
round-trip min/avg/max = 7.154/7.154/7.154 ms
[email protected]:~# ip a s xfrm0
8: xfrm0@NONE: <NOARP,UP,LOWER_UP> mtu 1380 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 192.168.166.53/32 scope global xfrm0
       valid_lft forever preferred_lft forever
    inet6 fe80::f1df:2d32:dc75:8978/64 scope link stable-privacy proto kernel_ll 
       valid_lft forever preferred_lft forever
[email protected]:~# ip xfrm state
src 192.168.109.52 dst 36.20.59.248
	proto esp spi 0x00000000 reqid 1 mode tunnel
	replay-window 0 
	anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
	if_id 0x29a
	dir out
	sel src 192.168.166.53/32 dst 192.168.166.1/32 proto icmp type 8 code 0 
src 192.168.109.52 dst 36.20.59.248
	proto esp spi 0xc80ce2b3 reqid 1 mode tunnel
	replay-window 0 flag af-unspec
	aead rfc7539esp(chacha20,poly1305) 0x1e23b190eea21180d92a97c34dbabf854dd9fdff1b664d82d4ff3f80f293e71ebb4424d5 128
	encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
	lastused 2025-08-20 05:21:58
	anti-replay context: seq 0x0, oseq 0x1, bitmap 0x00000000
	if_id 0x29a
	dir out
src 36.20.59.248 dst 192.168.109.52
	proto esp spi 0xcc78c042 reqid 1 mode tunnel
	replay-window 32 flag af-unspec
	aead rfc7539esp(chacha20,poly1305) 0x988f6a49d3a033c65b94cca6eaa1a1bdc617d2a1ef7d5eea071b2f05402b1b551192412a 128
	encap type espinudp sport 0 dport 4500 addr 0.0.0.0
	lastused 2025-08-20 05:21:58
	anti-replay context: seq 0x1, oseq 0x0, bitmap 0x00000001
	if_id 0x29a
	dir in
[email protected]:~# ip route show
default via 192.168.110.1 dev wan proto static src 192.168.109.52 
36.20.59.248 via 192.168.110.1 dev wan proto static 
192.168.18.0/24 dev br-lan proto kernel scope link src 192.168.18.1 
192.168.108.0/22 dev wan proto kernel scope link src 192.168.109.52 
192.168.111.0/24 dev wg0 proto static scope link 
192.168.166.0/24 dev xfrm0 proto static scope link 
[email protected]:~#
    目前尚无回复
    StrongswanOpenWrtIKEv2
    关于   ·   帮助文档   ·   自助推广系统   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2351 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 18ms · UTC 15:51 · PVG 23:51 · LAX 08:51 · JFK 11:51
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.