客户端互ping不通 - Githubissues

任务列表

[x] 我已阅读自述文件
[x] 我已阅读重要提示
[x] 我已按照说明配置 VPN 客户端
[x] 我检查了 IKEv1 故障排除，IKEv2 故障排除以及 VPN 状态
[x] 我搜索了已有的 Issues

问题描述 前置条件：服务器端防火墙关闭，安全组出入已放行500、4500udp端口，客户端各自防火墙已关闭，没有修改默认子网，容器正常运行。

我使用IKEv2搭建了服务器，为每个客户端各自新建了证书，并且指定了静态IP，客户端通过Windows自带VPN连接，成功连接到服务器。但是在互ping测试的过程中，所有客户端都只能ping通192.168.43.5，其他客户端两两之间都无法ping通。另外想问一下，为什么客户端连接获取的ip都是/32呢？如何修改为/24？

日志检查日志及 VPN 状态，并添加错误日志以帮助解释该问题（如果适用）。连接日志如下： 006 #6: "fyw"[1] 113.200.174.57, type=ESP, add_time=1710234303, inBytes=1260, outBytes=1260, maxBytes=2^63B, id='CN=fyw, O=IKEv2 VPN', lease=192.168.43.5/32 006 #4: "fyw510"[2] 61.150.43.69, type=ESP, add_time=1710234266, inBytes=660, outBytes=300, maxBytes=2^63B, id='CN=fyw510, O=IKEv2 VPN', lease=192.168.43.6/32 006 #33: "fyw510"[2] 61.150.43.69, type=ESP, add_time=1710235169, inBytes=60, outBytes=0, maxBytes=2^63B, id='CN=fyw510, O=IKEv2 VPN', lease=192.168.43.6/32 006 #32: "wcp"[13] 58.56.130.66, type=ESP, add_time=1710235157, inBytes=766, outBytes=1072, maxBytes=2^63B, id='CN=wcp, O=IKEv2 VPN', lease=192.168.43.3/32 006 #18: "zjq"[1] 115.155.1.124, type=ESP, add_time=1710234636, inBytes=10910, outBytes=7474, maxBytes=2^63B, id='CN=zjq, O=IKEv2 VPN', lease=192.168.43.4/32

status日志如下： 000 Total IPsec connections: loaded 12, active 0 000
000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(6), half-open(0), open(0), authenticated(6), anonymous(0) 000 IPsec SAs: total(2), authenticated(2), anonymous(0) 000
000 #5: "fyw"[1] ip:57453 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 84258s; newest; idle; 000 #3: "fyw510"[2] ip:8643 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 84221s; idle; 000 #4: "fyw510"[2]ip:8643 STATE_V2_ESTABLISHED_CHILD_SA (established Child SA); EXPIRE in 84221s; IKE SA #3; idle; 000 #4: "fyw510"[2] ip esp.6a823c64@ip esp.2ade302c@172.17.0.5 tun.0@ip tun.0@172.17.0.5 Traffic: ESPin=660B ESPout=300B ESPmax=2^63B 000 #27: "fyw510"[2]ip:8643 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 84822s; newest; idle; 000 #44: "wcp"[13]ip:4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 85688s; idle; 000 #45: "wcp"[13]ip:4500 STATE_V2_ESTABLISHED_CHILD_SA (established Child SA); EXPIRE in 85688s; IKE SA #44; idle; 000 #45: "wcp"[13] ip esp.75ec3bae@ip esp.84da73fe@172.17.0.5 tun.0@ip tun.0@172.17.0.5 Traffic: ESPin=766B ESPout=1KB ESPmax=2^63B 000 #50: "wcp"[18] ip:4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 86011s; newest; idle; 000 #17: "zjq"[1] ip:8613 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 84591s; newest; idle;

服务器信息（请填写以下信息）

操作系统: [Centos7，云服务区]
服务提供商（如果适用）: [腾讯云]

客户端信息（请填写以下信息）

设备: [PC]
操作系统: [Windows10+Windows11]
VPN 模式: [IKEv2]

其它信息 ikev2.conf配置如下： conn ikev2-cp
left=%defaultroute
leftcert=ip leftsendcert=always
leftsubnet=192.168.43.0/24
leftrsasigkey=%cert right=%any
rightid=%fromcert rightaddresspool=192.168.43.10-192.168.43.50 rightca=%same
rightrsasigkey=%cert
narrowing=yes
dpddelay=30
retransmit-timeout=300s dpdaction=clear
auto=add
ikev2=insist
rekey=no
pfs=no
ike=aes_gcm_c_256-hmac_sha2_256-ecp_256,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 ikelifetime=24h
salifetime=24h encapsulation=yes leftid= ip modecfgdns="8.8.8.5 114.114.114.114"
mobike=yes

conn wcp rightid="CN=wcp, O=IKEv2 VPN" rightaddresspool=192.168.43.3-192.168.43.3 also=ikev2-cp

conn zjq
rightid="CN=zjq, O=IKEv2 VPN"
rightaddresspool=192.168.43.4-192.168.43.4 also=ikev2-cp conn fyw
rightid="CN=fyw, O=IKEv2 VPN"
rightaddresspool=192.168.43.5-192.168.43.5 also=ikev2-cp

客户端ipconfig： PPP 适配器 fyw510:

连接特定的 DNS 后缀 . . . . . . . : IPv4 地址 . . . . . . . . . . . . : 192.168.43.6 子网掩码 . . . . . . . . . . . . : 255.255.255.255 默认网关. . . . . . . . . . . . . :

hwdsl2 / setup-ipsec-vpn

客户端互ping不通 #1540