search

teddysun / across

Across the Great Wall we can reach every corner in the world
https://teddysun.com
Apache License 2.0
4.97k stars 2.22k forks source link

最新教程安装,ipsec启不起来:Checking that pluto is running [FAILED] #65

Open lihua123569 opened 4 years ago

lihua123569 commented 4 years ago

[root@localhost ~]# systemctl status ipsec ● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled) Active: reloading (reload) (Result: exit-code) since 一 2020-06-01 18:48:49 CST; 10s ago Docs: man:ipsec(8) man:pluto(8) man:ipsec.conf(5) Process: 5303 ExecStopPost=/usr/sbin/ipsec --stopnflog (code=exited, status=0/SUCCESS) Process: 5301 ExecStopPost=/sbin/ip xfrm state flush (code=exited, status=0/SUCCESS) Process: 5300 ExecStopPost=/sbin/ip xfrm policy flush (code=exited, status=0/SUCCESS) Process: 4699 ExecStop=/usr/libexec/ipsec/whack --shutdown (code=exited, status=33) Process: 6380 ExecStart=/usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork (code=exited, status=1/FAILURE) Process: 6368 ExecStartPre=/usr/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS) Process: 6365 ExecStartPre=/usr/sbin/ipsec --checknss (code=exited, status=0/SUCCESS) Process: 6120 ExecStartPre=/usr/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS) Process: 6119 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS) Main PID: 6380 (code=exited, status=1/FAILURE) Status: "Exited." Error: 1 (不允许的操作) Memory: 680.0K CGroup: /system.slice/ipsec.service

6月 01 18:48:49 localhost.localdomain pluto[6380]: DH22 IKEv1: IKE ESP AH IKEv2: IKE ESP AH 6月 01 18:48:49 localhost.localdomain pluto[6380]: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS 6月 01 18:48:49 localhost.localdomain pluto[6380]: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS 6月 01 18:48:49 localhost.localdomain pluto[6380]: no crypto helpers will be started; all cryptographic operations will be done inline 6月 01 18:48:49 localhost.localdomain pluto[6380]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-327.el7.x86_64 6月 01 18:48:49 localhost.localdomain pluto[6380]: | selinux support is enabled. 6月 01 18:48:49 localhost.localdomain pluto[6380]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs 6月 01 18:48:49 localhost.localdomain pluto[6380]: watchdog: sending probes every 100 secs 6月 01 18:48:49 localhost.localdomain systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. 6月 01 18:48:49 localhost.localdomain systemd[1]: ipsec.service: main process exited, code=exited, status=1/FAILURE [root@localhost ~]# ipsec verify Verifying installed system and configuration files

Version check and ipsec on-path [OK] Libreswan 3.25 (netkey) on 3.10.0-327.el7.x86_64 Checking for IPsec support in kernel [OK] NETKEY: Testing XFRM related proc values ICMP default/send_redirects [OK] ICMP default/accept_redirects [OK] XFRM larval drop [OK] Pluto ipsec.conf syntax [OK] Two or more interfaces found, checking IP forwarding [OK] Checking rp_filter [OK] Checking that pluto is running [FAILED] Checking 'ip' command [OK] Checking 'iptables' command [OK] Checking 'prelink' command does not interfere with FIPS [OK] Checking for obsolete ipsec.conf options [OK]

ipsec verify: encountered 2 errors - see 'man ipsec_verify' for help

lihua123569 commented 4 years ago

本地实体服务器。TUN支持的。

teddysun commented 4 years ago

日志显示你装的是 libreswan 3.25 这个 repo 里的 l2tp.sh 脚本已经被废弃了,而且里面定义的版本是 3.27

lihua123569 commented 4 years ago

那现在用哪个呢,docker哪个?能发个链接吗?是不是要翻墙