有没有 在 Openwrt 中使用 strongswan 成功配置 IPSec/IKEv2 客户模式的吗?指点下

16 天前
 wuruxu

现在我配置 swanctl config 后,发现 IKEv2 通道可以连接成功
IP 地址也是可以获取到,但是只能 ping 通第一个包
问了 AI 还是没有解决, 看看配置也没发现问题 

root@wyp.OpenWrt:~# swanctl -l
wg-ikev2: #10, ESTABLISHED, IKEv2, 28a3420f18ba49b1_i* 3f67d6eb052db9f4_r
  local  'opwrt@redmi' @ 192.168.109.52[4500] [192.168.166.53]
  remote 'wg.wuruxu.cn' @ 36.20.59.248[4500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  established 10552s ago, rekeying in 2521s
  wg-child: #19, reqid 1, cpu -, INSTALLED, TUNNEL-in-UDP, ESP:CHACHA20_POLY1305/CURVE_25519
    installed 1520s ago, rekeying in 20080s, expires in 5680s
    in  cc78c042 (-|0x0000029a),      0 bytes,     0 packets
    out c80ce2b3 (-|0x0000029a),      0 bytes,     0 packets
    local  192.168.166.53/32
    remote 192.168.166.0/24
root@wyp.OpenWrt:~# ping 192.168.166.1
PING 192.168.166.1 (192.168.166.1): 56 data bytes
64 bytes from 192.168.166.1: seq=0 ttl=64 time=7.154 ms
^C
--- 192.168.166.1 ping statistics ---
136 packets transmitted, 1 packets received, 99% packet loss
round-trip min/avg/max = 7.154/7.154/7.154 ms
root@wyp.OpenWrt:~# ip a s xfrm0
8: xfrm0@NONE: <NOARP,UP,LOWER_UP> mtu 1380 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 192.168.166.53/32 scope global xfrm0
       valid_lft forever preferred_lft forever
    inet6 fe80::f1df:2d32:dc75:8978/64 scope link stable-privacy proto kernel_ll 
       valid_lft forever preferred_lft forever
root@wyp.OpenWrt:~# ip xfrm state
src 192.168.109.52 dst 36.20.59.248
	proto esp spi 0x00000000 reqid 1 mode tunnel
	replay-window 0 
	anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
	if_id 0x29a
	dir out
	sel src 192.168.166.53/32 dst 192.168.166.1/32 proto icmp type 8 code 0 
src 192.168.109.52 dst 36.20.59.248
	proto esp spi 0xc80ce2b3 reqid 1 mode tunnel
	replay-window 0 flag af-unspec
	aead rfc7539esp(chacha20,poly1305) 0x1e23b190eea21180d92a97c34dbabf854dd9fdff1b664d82d4ff3f80f293e71ebb4424d5 128
	encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
	lastused 2025-08-20 05:21:58
	anti-replay context: seq 0x0, oseq 0x1, bitmap 0x00000000
	if_id 0x29a
	dir out
src 36.20.59.248 dst 192.168.109.52
	proto esp spi 0xcc78c042 reqid 1 mode tunnel
	replay-window 32 flag af-unspec
	aead rfc7539esp(chacha20,poly1305) 0x988f6a49d3a033c65b94cca6eaa1a1bdc617d2a1ef7d5eea071b2f05402b1b551192412a 128
	encap type espinudp sport 0 dport 4500 addr 0.0.0.0
	lastused 2025-08-20 05:21:58
	anti-replay context: seq 0x1, oseq 0x0, bitmap 0x00000001
	if_id 0x29a
	dir in
root@wyp.OpenWrt:~# ip route show
default via 192.168.110.1 dev wan proto static src 192.168.109.52 
36.20.59.248 via 192.168.110.1 dev wan proto static 
192.168.18.0/24 dev br-lan proto kernel scope link src 192.168.18.1 
192.168.108.0/22 dev wan proto kernel scope link src 192.168.109.52 
192.168.111.0/24 dev wg0 proto static scope link 
192.168.166.0/24 dev xfrm0 proto static scope link 
root@wyp.OpenWrt:~#
554 次点击
所在节点    OpenWrt
0 条回复

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1153572

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX