![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
Route
情況
當 VPN 到 R.R.R.R 後, ssh R.R.R.R 仍會是自己的 Wan IP
route print output
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.88.1 192.168.88.177 4506
0.0.0.0 0.0.0.0 On-link 192.168.30.10 26
R.R.R.R 255.255.255.255 192.168.88.1 192.168.88.177 4251
......
192.168.30.10 255.255.255.255 On-link 192.168.30.10 281
......
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.88.1 Default
Metric
Prefer the path with the lowest metric, the metric is derived from the speed of the link
On-link
The NIC is in direct contact with it
On-link as the gateway means that the route resolves locally.
(Unrouted subnets that are handled locally)
The default route resolving locally may be happening due to installed network security software
(setting it to redirect traffic through its scanning engines)
Windows 10 connect IPSec
GUI
一直在 Connecting
Server log
... IPsec Client 12 (s.s.s.s:500 -> d.d.d.d:500): A new IPsec client is created.
... IPsec IKE Session (IKE SA) 11 (Client: 12) (s.s.s.s:500 -> d.d.d.d:500): A new IKE SA (Main Mode) is created.
Initiator Cookie: 0x97E9E94B49BB2589, Responder Cookie: 0x8FBE6CFB181D85B0, DH Group: MODP 2048 (Group 14),
Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
... IPsec Client 12 (s.s.s.s:4500 -> d.d.d.d:4500): The port number information of this client is updated.
... IPsec Client 12 (s.s.s.s:4500 -> d.d.d.d:4500):
... IPsec IKE Session (IKE SA) 11 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): This IKE SA is established between the server and the client.
... IPsec IKE Session (IKE SA) 11 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): The client initiates a QuickMode negotiation.
... IPsec ESP Session (IPsec SA) 17 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): A new IPsec SA (Direction: Client -> Server) is created.
SPI: 0xFE4D830A, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 250000 Kbytes or 3600 seconds
... IPsec ESP Session (IPsec SA) 17 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): A new IPsec SA (Direction: Server -> Client) is created.
SPI: 0x8C53590E, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 250000 Kbytes or 3600 seconds
... IPsec ESP Session (IPsec SA) 17 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): This IPsec SA is established between the server and the client.
... IPsec Client 12 (s.s.s.s:4500 -> d.d.d.d:4500): The L2TP Server Module is started.
一直都沒有一下句
... L2TP PPP Session [s.s.s.s:1701]: A new PPP session (Upper protocol: L2TP) is started.
IP Address of PPP Client: s.s.s.s (Hostname: "tim-pc"), Port Number of PPP Client: 1701, IP Address of PPP Server: d.d.d.d, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client - Microsoft", IPv4 TCP MSS (Max Segment Size): 1314 bytesFix
Cannot connect to an L2TP/IPsec server behind a NAT-T device
NAT-T environment (Port 4500)
- 0: It cannot establish security associations with servers that are located behind NAT devices.
- 1: servers that are located behind NAT devices.
- 2: both the server and the client are behind NAT devices
Run the following from an elevated command prompt:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
reboot