附录1 – Strongswan配置
使用Strongswan搭建客户端VPN网关,这里以Ubuntu上安装Strongswan为例。
1. 安装Strongswan
sudo apt-get install strongswan
n ipsec version 查看ipsec安装的版本
[root@cxing ~]# ipsec version
Linux strongSwan U5.3.2/K3.10.0-229.14.1.el7.x86_64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
2 配置ipsec config文件,添加一下内容到/etc/ipsec.conf
[root@cxing ~]# more /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
mobike=no
keyexchange=ikev1
dpdaction=clear
dpddelay=2s
include /etc/ipsec.all.conf
3 添加以下内容到/etc/ipsec.all.conf
[root@cxing ~]# more /etc/ipsec.all.conf
conn all
auto=route
esp=aes128-sha1-modp2048! #表示aes128, sha1, group14
ike=aes128-sha1-modp2048! #表示aes128, sha1, group14
right=129.41.230.168 #Bluemix端网关IP地址
left=119.81.142.156 #本地网关IP地址
leftauth=psk
rightauth=psk
rightsubnet=172.31.0.0/16,172.30.0.