Huawei IPsec Server 公网IP, Vyos IPsec Client 无公网IP (GRE Over IPsec)
设备环境
Vyos 1.3x
Huawei AR651W
vyos_dhcp_192.168.1.109------->TPlink(NAT_192.168.75.238)-------->华为_192.168.75.247
IPsec 感兴趣流
Vyos_100.100.100.2/32 === Huawei_100.100.100.1/32
Huawei IPsec Server 公网IP 配置模板
华为:
acl name CT 3900
rule 10 permit ip source 100.100.100.1 0 destination 100.100.100.2 0
#
ipsec proposal IPSEC
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ike proposal 1
encryption-algorithm 3des
dh group2
authentication-algorithm sha1
sa duration 28800
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer IPSEC
undo version 2
pre-shared-key plain key123
ike-proposal 1
rsa encryption-padding oaep
rsa signature