|
本帖最后由 nihongliang 于 2017-3-6 14:40 编辑
下面贴个我自己配的环境,亲测是可以通的,楼主可以参考下
sangfor端的配置
见附件图
openswan配置
cat /etc/ipsec.conf (注释的配置我就不贴了)
config setup
protostack=netkey
dumpdir=/var/run/pluto/
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
conn net-net
ike=3des-md5
esp=3des-md5
authby=secret
keyingtries=0
left=172.16.0.10
leftsubnet=192.168.200.0/24
leftnexthop=%defaultroute
right=172.16.0.9
rightsubnet=192.168.250.0/24
rightnexthop=%defaultroute
compress=no
ikelifetime=3600
keylife=7200
pfs=no
auto=start
/这里是第一阶段的密钥
cat /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
172.16.0.10 172.16.0.9: PSK "cisco"
楼主可以在linux上运行 ipsec auto --status 看下日志 |
|