硬件解决方案
Huawei VRP
软件解决方案
- Openswan(an IPsec Implementation for Linux)
- strongSwan(Open-source, modular and portable IPsec-based VPN solution)
- Racoon(IKE (ISAKMP/Oakley) key management daemon)
服务测试工具
ike-scan
royhills/ike-scan: The IKE Scanner
Huawei Firewall: IPSec Troubleshooting – Using IPSec Debugs – Huawei
discover and fingerprint IKE hosts (IPsec VPN Servers) ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.
1)/usr/bin/ike-scan
2)/usr/bin/psk-crack
ike-scan -v --trans=5,2,1,2 ddns.dc-hive.d3rm.site # --trans=5,2,1,2 # Enc=5 (3DES-CBC), Hash=2 (SHA1), Auth=1 (shared key), DH Group=2 (modp 1024) # 具体取值参考 rfc2409 文档;
Huawei
相关文档:
1)IPSEC 故障类关键 Debugging 信息说明
2)Huawei Firewall: IPSec Troubleshooting – Using IPSec Debugs – Huawei
debugging ike v2 all