HQY 一个和谐有爱的空间

 linux客户端10..1.1.100-  （10.1.1.247）linux服务器 （192.168.11.247）- （192.168.11.100）linux客户端

strongswan安装过程参考之前文章、开启ip转发、关闭selinux、firewall开启udp 500\4500端口

服务器 配置

root@localhost strongswan]# vi ipsec.conf

config setup

    cachecrls = yes

    #strictcrlpolicy=yes

    strictcrlpolicy=no

    #uniqueids=no

    uniqueids=no

conn %default

   closeaction =clear

   dpdaction =clear

   dpddelay =0

   reauth =no

   ikelifetime =60m

   rekey =no

   lifetime= 20m

   keyingtries =1

   keyexchange = ikev2

   ike =aes-sha1-modp1024

   esp =aes-sha1-modp1024

   left= %any

#   leftsubnet = 0.0.0.0/0

   right=%any

   auto= add

conn psk

  leftauth=psk

  rightauth=psk

  rightsourceip =7.7.7.10-7.7.7.99

  leftsubnet = 192.168.11.0/24,192.168.13.0/24

[root@localhost strongswan]# vi ipsec.secrets 

# ipsec.secrets - strongSwan IPsec secrets file

: RSA vpnHostKey.pem

: PSK "12345678"

hqy %any : EAP "12345678"

hqy %any : XAUTH "12345678"

[root@localhost strongswan]# strongswan start

客户端

conn %default

 keyexchange=ikev2

 keyingtries=%forever

 reauth =no

 ike =aes-sha1-modp1024

 esp =aes-sha1-modp1824

 mobike=no

conn fento

 left=10.1.1.147

 leftsourceip =%config

 leftauth=psk

 leftid = NIL

 right =10.1.1.247

 rightid =%any

 rightsubnet =0.0.0.0/0

 rightauth =psk

 dpdaction=restart

 dpddelay=30

 auto=add

[root@localhost strongswan]# vi ipsec.secrets 

ipsec.secrets - strongSwan IPsec secrets file

: RSA vpnHostKey.pem

: PSK "12345678"

hqu %any : EAP "12345678"

hqy %any : XAUTH "12345678"

[root@localhost strongswan]# strongswan start

[root@localhost strongswan]# strongswan up psk

协商获取到IP 7.7.7.10-7.7.7.99 后 就可以ping到192.168.11.100

推荐本站淘宝优惠价购买喜欢的宝贝:

本文链接：https://hqyman.cn/post/5149.html 非本站原创文章欢迎转载，原创文章需保留本站地址！

休息一下~~