1.关于strongswan 的介绍
srongswan 是基于ipsec 的开源 vpn 服务器,目前已经实现了ikev1 和 ikev2的vpn 服务器,其官网上有相应的示例,但如果是初学者来说,可能会比较难,本人就是一个菜鸟,刚开始做的时候,一头雾水,网上的资源也相对较少,因此本人整理关于如何搭建ikev1 模式的vpn 服务器,并且测试成功
2. 安装strongswan
Centos安装依赖:yum install -y gmp-devel
Debian/ubuntu安装依赖:
apt-get –y install gcc
apt-get –y install make
apt-ge -y install libgmp10 libgmp3-dev libssl-dev pkg-config libpcsclite-dev libpam0g-dev
下载:
wget http://download.strongswan.org/strongswan.tar.gz
tar xzf strongswan.tar.gcd
cd strongswan-*
./configure --sysconfdir=/etc --enable-openssl --enable-nat-transport --disable-mysql --disable-ldap --disable-static --enable-shared --enable-md4 --enable-eap-mschapv2 --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-peap --enable-eap-radius --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym --enable-eap-simaka-reauth --enable-eap-simaka-sql --enable-eap-tls --enable-eap-tnc --enable-eap-ttls
make > make install
3.与strogswan 相关的配置文件及其配置
stongswan 的相关配置文件在/etc 目录下,需要修改的配置文件有/etc/ipsec.conf , /etc/strongswan.conf , /etc/ipse.secrets ,/etc/strongswan.d/charon-logging.conf
1)首先修改ipsec.conf 配置文,如下所示:
conn android_xauth_psk
keyexchange=ikev1
fragmentation=yes
keyingtries=3
left=%defaultroute
leftauth=psk
right=%any
rightsourceip = %config
rightsubnet=0.0.0.0/0
rightauth=psk
rightauth2&