ubuntu10.04安装openswan，求大神

[poloshiao]

ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-99-generic-pae...
但是ipsec verify后
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.45/K3.2.0-99-generic-pae (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [NOT DISABLED]

1. ipsec_setup start 程序進行中 應該還沒完成
1-1. http://manpages.ubuntu.com/manpages/pre ... tup.8.html
ipsec_setup - control IPsec subsystem
start start Klips and Pluto, including setting up Netkey (XFRM) or
Klips to do crypto operations on the interface(s) specified in
the configuration file. and (if the configuration file so
specifies) asking Pluto to negotiate automatically-keyed

2. 檢查一下 你的 /etc/ipsec.conf 檔案 有關 crypto 如何設定
http://manpages.ubuntu.com/manpages/har ... pto.6.html
crypto - The Crypto Application
2-1. 這個 manpage 在 12.04 (precise) 還沒看到

3. 猜測
到目前為止
openswan 安裝應該已經完成
後面的程序 應該是 設定/執行 問題
3-1. 這一篇 看看 有沒有 參考價值
https://help.ubuntu.com/community/L2TPServer
IPSec / Openswan

[qilimi]

https://help.ubuntu.com/community/L2TPServer
IPSec / Openswan

配置完后
ipsec verify后
Checking if IPsec got installed and started correctly:

Version check and ipsec on-path [OK]
Openswan U2.6.45/K3.2.0-99-generic-pae (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/all/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]

ipsec verify: encountered errors
是这样的

[poloshiao]

viewtopic.php?p=3157337#p3157337
2.Linux f403tech-pc 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC 2012 i686 i686 i386 GNU/Linux

Openswan U2.6.45/K3.2.0-99-generic-pae (netkey)

viewtopic.php?p=3157332#p3157332
把下面指令 複製 貼進終端機 執行
uname -a
把結果直接 選取/複製 貼上來

1. 這個 K3.2.0-99-generic-pae 版本 需要查證一下
1-1. 把下面指令 複製 貼進終端機 執行
1-1-1. uname -a
1-1-2. sudo dpkg -S ipsec
把結果直接 選取/複製 貼上來
uname -a
把結果直接 選取/複製 貼上來

ipsec verify后
Hardware random device check [N/A]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
ipsec verify: encountered errors

2. 這一些 應該被懷疑 沒有妥適 設定或安排
2-1. 但是 它並不代表錯誤 如果你暫時用不到這些實作 可以先暫時放下
2-2. 看看 這一篇 能否幫你
https://raymii.org/s/tutorials/IPSEC_L2 ... 12.04.html
IPSEC L2TP VPN on Ubuntu 12.04 with OpenSwan, xl2tpd and ppp
2-2-1. 使用 上面被懷疑 沒有妥適 設定或安排 的項目 為關鍵字 搜尋 可以提高效率
詳細的閱讀 對於 OpenSwan 的進一步理解 有幫助
2-2-2. 比對一下
https://raymii.org/s/tutorials/IPSEC_L2 ... tml#Verify
Verify

3. 套件 openswan 與 套件 strongswan-starter
3-1. http://packages.ubuntu.com/search?suite ... chon=names
套件 openswan
支援到 Ubuntu 14.04 LTS
3-2. http://packages.ubuntu.com/search?suite ... chon=names
套件 strongswan-starter
一直到 Ubuntu 16.04 還在 套件庫內
3-3. 如果想 體驗/比較 strongswan 參閱
3-3-1. http://blog.atime.me/note/strongSwan-se ... erver.html
Ubuntu安装和配置strongSwan
3-3-2. https://wiki.strongswan.org/projects/st ... secCommand
IpsecCommand - strongSwan

[qilimi]

2-2. 看看 這一篇 能否幫你
https://raymii.org/s/tutorials/IPSEC_L2 ... 12.04.html
IPSEC L2TP VPN on Ubuntu 12.04 with OpenSwan, xl2tpd and ppp
2-2-1. 使用 上面被懷疑 沒有妥適 設定或安排 的項目 為關鍵字 搜尋 可以提高效率
詳細的閱讀 對於 OpenSwan 的進一步理解 有幫助

终于安装好了~谢谢，万分感谢！