首页 > 编程知识 正文

strongswan配置详解,strongswan配置文件

时间:2023-05-04 21:22:04 阅读:261215 作者:3420

strongswan与sangfor的ikev2配置

ikev1参考:https://blog.csdn.net/zdl244/article/details/103163256

[root@moc ~]# yum install epel-release -y
[root@moc ~]# yum install strongswan -y
[root@moc ~]# cat /etc/strongswan/ipsec.conf

config setup # strictcrlpolicy=yes # uniqueids = noconn strongswan-sangfor left=192.168.1.120 leftsubnet=172.16.21.0/24,172.16.22.0/24,172.16.23.0/24# leftid=@strongswan right=192.168.1.96 rightsubnet=172.16.10.0/24,172.16.20.0/24,172.16.30.0/24# rightid=@sangfor keyexchange=ikev2 #ike版本v2 ike=prfmd5-3des-md5-modp1024 #PRF为md5 ikelifetime=3600s esp=aes256-sha1 lifetime=28800s authby=secret auto=add

[root@moc ~]# cat /etc/strongswan/ipsec.secrets

# ipsec.secrets - strongSwan IPsec secrets file : PSK 123123

[root@moc ~]# systemctl start strongswan
-------------------------本段配置完毕,对端配置深信服防火墙

基本配置:

兴趣流:

IKE配置:


----------------------配置完毕

建立成功截图:

[root@moc ~]# strongswan statusSecurity Associations (1 up, 0 connecting):strongswan-sangfor[1]: ESTABLISHED 1 second ago, 192.168.1.120[192.168.1.120]...192.168.1.96[192.168.1.96]strongswan-sangfor{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c1f42ac9_i eaba05cb_ostrongswan-sangfor{1}: 172.16.21.0/24 172.16.22.0/24 172.16.23.0/24 === 172.16.10.0/24 172.16.20.0/24 172.16.30.0/24

阅读全文

版权声明:该文观点仅代表作者本人。处理文章:请发送邮件至 三1五14八八95#扣扣.com 举报,一经查实,本站将立刻删除。

Copyright © 2012-2020,Powered By 恩蓝号 滇ICP备2023008288号-2