ipsec
2021-08-03 本文已影响0人
akka9
cat /etc/sysctl.d/91-ipsec.conf
net.ipv6.conf.all.forwarding=1
net.ipv4.ip_forward = 1
net.ipv4.ip_no_pmtu_disc=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
A:
cat /etc/ipsec.d/v1.conf
conn v1
rightid=666.55.44.33
right=666.55.44.33
rightsubnet=10.10.2.0/24
leftnexthop=%defaultroute
leftsubnet=10.248.1.232/29
leftid=383.666.101.702
left=10.248.1.234
authby=secret
auto=start
ikelifetime=7200s
keylife=7200s
ike=3des-md5;modp1024
phase2alg=3des-sha1
ikev2=no
aggressive=no
pfs=no
B:
cat /etc/ipsec.d/v1.conf
conn v1
right=10.10.2.10
rightid=666.55.44.33
rightsubnet=10.10.2.10/24
rightnexthop=%defaultroute
leftsubnet=10.248.1.232/29
leftid=383.666.101.702
left=383.666.101.702
authby=secret
auto=start
ikelifetime=7200s
keylife=7200s
ike=3des-md5;modp1024
phase2alg=3des-sha1
ikev2=no
aggressive=no
pfs=no
A & B:
cat /etc/ipsec.d/v1.secrets
%any 666.55.44.33 : PSK 'XXXXXXXX'
%any 383.666.101.702 : PSK 'XXXXXXXX'
%any 10.248.1.234 : PSK 'XXXXXXXX'
