strongswan与sangfor的ikev2配置
ikev1参考:https://blog.csdn.net/zdl244/article/details/103163256
[root@moc ~]# yum install epel-release -y
[root@moc ~]# yum install strongswan -y
[root@moc ~]# cat /etc/strongswan/ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn strongswan-sangfor
left=192.168.1.120
leftsubnet=172.16.21.0/24,172.16.22.0/24,172.16.23.0/24
# leftid=@strongswan
right=192.168.1.96
rightsubnet=172.16.10.0/24,172.16.20.0/24,172.16.30.0/24
# rightid=@sangfor
keyexchange=ikev2 #ike版本v2
ike=prfmd5-3des-md5-modp1024 #PRF为md5
ikelifetime=3600s
esp=aes256-sha1
lifetime=28800s
authby=secret
auto=add
[root@moc ~]# cat /etc/strongswan/ipsec.secrets
# ipsec.secrets - strongSwan IPsec secrets file
: PSK 123123
[root@moc ~]# systemctl start strongswan
-------------------------本段配置完毕,对端配置深信服防火墙
基本配置:
兴趣流:
IKE配置:
----------------------配置完毕
建立成功截图:
[root@moc ~]# strongswan status
Security Associations (1 up, 0 connecting):
strongswan-sangfor[1]: ESTABLISHED 1 second ago, 192.168.1.120[192.168.1.120]...192.168.1.96[192.168.1.96]
strongswan-sangfor{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c1f42ac9_i eaba05cb_o
strongswan-sangfor{1}: 172.16.21.0/24 172.16.22.0/24 172.16.23.0/24 === 172.16.10.0/24 172.16.20.0/24 172.16.30.0/24