本文详细介绍了如何在Ubuntu 14.04上使用StrongSwan 4.4.0配置IPSec隧道,包括配置文件的设置、IKEv2密钥交换及预共享密钥的使用等关键步骤。
strongswan4.4.0 on ubuntu14.04
10.1.1.242<----------->10.1.1.243
Host1: 10.1.1.242
cat /etc/strongswan.conf
charon {
reuse_ikesa=no
install_routes=no
block_threshold=50
cookie_threshold=100
}
cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
conn r1~v1
rekeymargin=30
rekeyfuzz=100%
left=10.1.1.242
right=10.1.1.243
leftsubnet=10.1.1.0/24
rightsubnet=10.1.1.0/24
leftprotoport=1
rightprotoport=1
authby=secret
leftid=10.1.1.242
rightid=%any
ike=3des-sha1-modp768!
esp=3des-md5!
type=tunnel
ikelifetime=600s
keylife=300s
mobike=no
auto=route
reauth=no
cat /etc/ipsec.secrets
%vr-0 10.1.1.242 10.1.1.243 : PSK "test"
Host2: 10.1.1.243
cat /etc/strongswan.conf
charon {
reuse_ikesa=no
install_routes=no
}
cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
conn r1~v1
rekeymargin=30
rekeyfuzz=100%
left=10.1.1.243
right=10.1.1.242
leftsubnet=10.1.1.0/24
rightsubnet=10.1.1.0/24
leftprotoport=1
rightprotoport=1
authby=secret
leftid=10.1.1.243
rightid=%any
ike=3des-sha1-modp768!
esp=3des-md5!
type=tunnel
ikelifetime=600s
keylife=300s
dpdaction=clear
dpddelay=20
mobike=no
auto=route
reauth=no
cat /etc/ipsec.secrets
%vr-0 10.1.1.243 10.1.1.242 : PSK "test"
After configuring the 2 hosts, run "ipsec stop && ipsec start".
10.1.1.242<----------->10.1.1.243
Host1: 10.1.1.242
cat /etc/strongswan.conf
charon {
reuse_ikesa=no
install_routes=no
block_threshold=50
cookie_threshold=100
}
cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
conn r1~v1
rekeymargin=30
rekeyfuzz=100%
left=10.1.1.242
right=10.1.1.243
leftsubnet=10.1.1.0/24
rightsubnet=10.1.1.0/24
leftprotoport=1
rightprotoport=1
authby=secret
leftid=10.1.1.242
rightid=%any
ike=3des-sha1-modp768!
esp=3des-md5!
type=tunnel
ikelifetime=600s
keylife=300s
mobike=no
auto=route
reauth=no
cat /etc/ipsec.secrets
%vr-0 10.1.1.242 10.1.1.243 : PSK "test"
Host2: 10.1.1.243
cat /etc/strongswan.conf
charon {
reuse_ikesa=no
install_routes=no
}
cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
conn r1~v1
rekeymargin=30
rekeyfuzz=100%
left=10.1.1.243
right=10.1.1.242
leftsubnet=10.1.1.0/24
rightsubnet=10.1.1.0/24
leftprotoport=1
rightprotoport=1
authby=secret
leftid=10.1.1.243
rightid=%any
ike=3des-sha1-modp768!
esp=3des-md5!
type=tunnel
ikelifetime=600s
keylife=300s
dpdaction=clear
dpddelay=20
mobike=no
auto=route
reauth=no
cat /etc/ipsec.secrets
%vr-0 10.1.1.243 10.1.1.242 : PSK "test"
After configuring the 2 hosts, run "ipsec stop && ipsec start".
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
