ikev1参考:https://blog.csdn.net/zdl244/article/details/103163256
[root@moc ~]# yum install epel-release -y [root@moc ~]# yum install strongswan -y [root@moc ~]# cat /etc/strongswan/ipsec.conf
config setup # strictcrlpolicy=yes # uniqueids = no conn strongswan-sangfor left=192.168.1.120 leftsubnet=172.16.21.0/24,172.16.22.0/24,172.16.23.0/24 # leftid=@strongswan right=192.168.1.96 rightsubnet=172.16.10.0/24,172.16.20.0/24,172.16.30.0/24 # rightid=@sangfor keyexchange=ikev2 #ike版本v2 ike=prfmd5-3des-md5-modp1024 #PRF为md5 ikelifetime=3600s esp=aes256-sha1 lifetime=28800s authby=secret auto=add[root@moc ~]# cat /etc/strongswan/ipsec.secrets
# ipsec.secrets - strongSwan IPsec secrets file : PSK 123123[root@moc ~]# systemctl start strongswan -------------------------本段配置完毕,对端配置深信服防火墙
基本配置: 兴趣流: IKE配置: ----------------------配置完毕
建立成功截图:
[root@moc ~]# strongswan status Security Associations (1 up, 0 connecting): strongswan-sangfor[1]: ESTABLISHED 1 second ago, 192.168.1.120[192.168.1.120]...192.168.1.96[192.168.1.96] strongswan-sangfor{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c1f42ac9_i eaba05cb_o strongswan-sangfor{1}: 172.16.21.0/24 172.16.22.0/24 172.16.23.0/24 === 172.16.10.0/24 172.16.20.0/24 172.16.30.0/24