基于策略的ipsec vpn---strongswan

在ubuntu-site,ubuntu-site2,ubuntu-site3上安装strongswan

apt install strongswan -y

打开转发

sysctl -w net.ipv4.ip_forward=1

root@ubuntu-site1:~# cat /etc/ipsec.conf | grep -v "^#"

config setup

conn site1-site2

left=12.12.12.1

leftsubnet=10.10.1.0/24

right=12.12.12.2

rightsubnet=10.10.2.0/24

authby=psk

auto=route

conn site1-site3

left=13.13.13.1

leftsubnet=10.10.1.0/24

right=13.13.13.3

rightsubnet=10.10.3.0/24

authby=psk

auto=route

root@ubuntu-site1:~# cat /etc/ipsec.secrets | grep -v "^#"

%any %any : PSK "yourPassword123"

root@ubuntu-site2:~# cat /etc/ipsec.conf | grep -v "^#"

config setup

conn site2-site1

left=12.12.12.2

leftsubnet=10.10.2.0/24

right=12.12.12.1

rightsubnet=10.10.1.0/24

authby=psk

auto=route

conn site2-site3

left=23.23.23.2

leftsubnet=10.10.2.0/24

right=23.23.23.3

rightsubnet=10.10.3.0/24

authby=psk

auto=route

root@ubuntu-site2:~# cat /etc/ipsec.secrets | grep -v "^#"

%any %any : PSK "yourPassword123"

root@ubuntu-site3:~# cat /etc/ipsec.conf | grep -v "^#"

config setup

conn site3-site1

left=13.13.13.3

leftsubnet=10.10.3.0/24

right=13.13.13.1

rightsubnet=10.10.1.0/24

authby=psk

auto=route

conn site3-site2

left=23.23.23.3

leftsubnet=10.10.3.0/24

right=23.23.23.2

rightsubnet=10.10.2.0/24

authby=psk

auto=route

root@ubuntu-site3:~# cat /etc/ipsec.secrets | grep -v "^#"

%any %any : PSK "yourPassword123"

ubuntu-site1,ubuntu-site2,ubuntu-site3启动ipsec:

ipsec restart

验证互通(略)