<div dir="ltr"><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:14.399999618530273px"><div><div>hi list :</div><div>I'm using as a reference <a href="http://www2.strongswan.org/uml/testresults5/ikev2/nat-virtual-ip/index.html" target="_blank">http://www2.strongswan.org/uml/testresults5/ikev2/nat-virtual-ip/index.html</a></div>
<div>make a nat ipsec vpn .</div><div>Can I create vpn tunnel to vps server.<br></div><div>LAN must have a computer system through the <a href="http://192.168.5.0/24" target="_blank">192.168.5.0/24</a> .GW: 192.168.5.1 nat to this vpn server vps server.<br>
</div><div>But when the vpn link is established, <a href="http://192.168.5.0/24" target="_blank">192.168.5.0/24</a> computer can not communicate and gateways (192.168.5.1 Ubuntu 12.04.3 LTS \n \l</div><div>) <br></div><div>
Check log files and found there is an error in charon.log </div><div><div>/var/log/charon.log </div><div><br></div><div><div>Sep 9 13:42:48 14[CHD] updown: iptables v1.4.12: host/network `PH_IP_ALICE' not found</div>
<div>Sep 9 13:42:48 14[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.</div><div>Sep 9 13:42:48 14[CHD] updown: iptables v1.4.12: host/network `PH_IP_ALICE' not found</div><div>
Sep 9 13:42:48 14[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.</div><div>Sep 9 13:42:48 14[CHD] updown: iptables v1.4.12: host/network `PH_IP_ALICE' not found</div><div>Sep 9 13:42:48 14[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.</div>
<div>Sep 9 13:42:48 14[CHD] updown: inserted NAT rule mapping PH_IP_ALICE to virtual IP 10.4.0.1</div></div><div><br></div>Thank you for you help<br></div><div><br></div><div>root@ubuntu:/var/log# cat /usr/local/etc/ipsec.conf</div>
<div># /etc/ipsec.conf - strongSwan IPsec configuration file</div><div><br></div><div>config setup</div><div><br></div><div>conn %default</div><div><span style="white-space:pre-wrap"> </span>ikelifetime=60m</div><div><span style="white-space:pre-wrap"> </span>keylife=20m</div>
<div><span style="white-space:pre-wrap"> </span>rekeymargin=3m</div><div> keyingtries=1</div><div><span style="white-space:pre-wrap"> </span>keyexchange=ikev2</div><div><span style="white-space:pre-wrap"> </span>authby=secret</div>
<div><span style="white-space:pre-wrap"> </span>mobike=no</div><div><br></div><div>conn net-net </div><div><span style="white-space:pre-wrap"> </span>left=192.168.2.132</div><div><span style="white-space:pre-wrap"> </span>leftsourceip=%config</div>
<div><span style="white-space:pre-wrap"> </span>leftupdown=/usr/local/etc/nat_updown</div><div><span style="white-space:pre-wrap"> </span>lefthostaccess=yes</div><div><span style="white-space:pre-wrap"> </span>right=aaaa</div>
<div><span style="white-space:pre-wrap"> </span>rightsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div><div><span style="white-space:pre-wrap"> </span>auto=add</div><div>root@ubuntu:/var/log# </div></div>
<div><br></div><div><br></div><div>root@ubuntu:/var/log# ipsec statusall</div><div>Status of IKE charon daemon (strongSwan 5.1.0, Linux 3.8.0-29-generic, i686):</div><div> uptime: 6 minutes, since Sep 09 13:42:26 2013</div>
<div> malloc: sbrk 135168, mmap 0, used 109544, free 25624</div><div> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4</div><div> loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic</div>
<div>Listening IP addresses:</div><div> 192.168.5.1</div><div> 192.168.2.132</div><div> 10.4.0.1</div><div> 192.168.122.1</div><div>Connections:</div><div> net-net: 192.168.2.132...aaaaa IKEv2</div><div> net-net: local: [192.168.2.132] uses pre-shared key authentication</div>
<div> net-net: remote: [aaaaa] uses pre-shared key authentication</div><div> net-net: child: dynamic === <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> TUNNEL</div><div>Security Associations (1 up, 0 connecting):</div>
<div> net-net[1]: ESTABLISHED 6 minutes ago, 192.168.2.132[192.168.2.132]...aaaa[aaaa]</div><div> net-net[1]: IKEv2 SPIs: 173601cd7dbaf308_i* f5252d462b165af1_r, pre-shared key reauthentication in 45 minutes</div>
<div> net-net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048</div><div> net-net{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c88b5515_i c573f88b_o</div><div> net-net{1}: AES_CBC_128/HMAC_SHA1_96, 3110 bytes_i (37 pkts, 43s ago), 3759 bytes_o (53 pkts, 43s ago), rekeying in 8 minutes</div>
<div> net-net{1}: <a href="http://10.4.0.1/32" target="_blank">10.4.0.1/32</a> === <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> </div><div><br></div></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:14.399999618530273px">
<br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:14.399999618530273px"><div>root@ubuntu:/var/log# ifconfig -a</div><div>eth0 Link encap:Ethernet HWaddr 5c:63:bf:8b:f4:93 </div><div> inet addr:192.168.2.132 Bcast:192.168.2.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::5e63:bfff:fe8b:f493/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:77245 errors:0 dropped:810 overruns:0 frame:0</div><div>
TX packets:21770 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:8837448 (8.8 MB) TX bytes:2952018 (2.9 MB)</div><div><br></div><div>eth1 Link encap:Ethernet HWaddr 00:0b:2f:57:58:24 </div>
<div> inet addr:192.168.5.1 Bcast:192.168.5.255 Mask:255.255.255.0</div><div> inet6 addr: fe80::20b:2fff:fe57:5824/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:18596 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:6622 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:1230544 (1.2 MB) TX bytes:544986 (544.9</div>
</div><div><br></div>-- <br>我爱臭豆腐<br>老老实实做人 认认真真做事<br><a href="mailto:email%3Ahao.wangbj@gmail.com" target="_blank">email:hao.wangbj@gmail.com</a>
</div>