Fix for IKEv2
- Fix an issue where multiple IKEv2 clients behind the same NAT cannot connect simultaneously to the VPN server. Note that before this fix, this issue only occurs when using an IP address (instead of a DNS name) for IKEv2 for the VPN server. - This issue is found to be related to Libreswan's matching of local IDs when checking connections. A local ID with '@' prefix has type ID_FQDN, which does not match the ID_IPV4_ADDR type that the peer expects. This prevents connection switching from working correctly for the scenario above. Removing the prefix fixed the issue. - Fixes #924
This commit is contained in:
parent
c6182d76bb
commit
954b2acb7c
@ -407,13 +407,15 @@ To customize IKEv2 or client options, run this script without arguments.
|
||||
fi
|
||||
```
|
||||
|
||||
**注:** 如果你在上面的第一步指定了服务器的域名(而不是 IP 地址),则必须将以下命令中的 `leftid=$PUBLIC_IP` 换成 `leftid=@$PUBLIC_IP`。
|
||||
|
||||
```bash
|
||||
cat > /etc/ipsec.d/ikev2.conf <<EOF
|
||||
|
||||
conn ikev2-cp
|
||||
left=%defaultroute
|
||||
leftcert=$PUBLIC_IP
|
||||
leftid=@$PUBLIC_IP
|
||||
leftid=$PUBLIC_IP
|
||||
leftsendcert=always
|
||||
leftsubnet=0.0.0.0/0
|
||||
leftrsasigkey=%cert
|
||||
|
@ -407,13 +407,15 @@ As an alternative to using the [helper script](#using-helper-scripts), advanced
|
||||
fi
|
||||
```
|
||||
|
||||
**Note:** If you specified the server's DNS name (instead of its IP address) in step 1 above, you must replace `leftid=$PUBLIC_IP` in the command below with `leftid=@$PUBLIC_IP`.
|
||||
|
||||
```bash
|
||||
cat > /etc/ipsec.d/ikev2.conf <<EOF
|
||||
|
||||
conn ikev2-cp
|
||||
left=%defaultroute
|
||||
leftcert=$PUBLIC_IP
|
||||
leftid=@$PUBLIC_IP
|
||||
leftid=$PUBLIC_IP
|
||||
leftsendcert=always
|
||||
leftsubnet=0.0.0.0/0
|
||||
leftrsasigkey=%cert
|
||||
|
@ -917,7 +917,6 @@ cat > /etc/ipsec.d/ikev2.conf <<EOF
|
||||
conn ikev2-cp
|
||||
left=%defaultroute
|
||||
leftcert=$server_addr
|
||||
leftid=@$server_addr
|
||||
leftsendcert=always
|
||||
leftsubnet=0.0.0.0/0
|
||||
leftrsasigkey=%cert
|
||||
@ -942,6 +941,16 @@ conn ikev2-cp
|
||||
encapsulation=yes
|
||||
EOF
|
||||
|
||||
if [ "$use_dns_name" = "1" ]; then
|
||||
cat >> /etc/ipsec.d/ikev2.conf <<EOF
|
||||
leftid=@$server_addr
|
||||
EOF
|
||||
else
|
||||
cat >> /etc/ipsec.d/ikev2.conf <<EOF
|
||||
leftid=$server_addr
|
||||
EOF
|
||||
fi
|
||||
|
||||
case $swan_ver in
|
||||
3.2[35679]|3.3[12]|4.*)
|
||||
if [ -n "$dns_server_2" ]; then
|
||||
|
Loading…
x
Reference in New Issue
Block a user