服务器端OS:debian 6 64位,安装strongswan 5.0.2, 内网ip(192.168.1.200/24), 外网ip(123.234.123.234)
iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
配置信息如下
===================================
# /etc/ipsec.conf
config setup
conn ios
keyexchange = ikev1
authby = xauthrsasig
xauth = server
left = %defaultroute
leftsubnet = 0.0.0.0/0
leftfirewall = yes
leftcert = serverCert.pem
right = %any
rightid="C=CN, O=StrongSwan, CN=*"
rightsubnet = 10.0.0.0/24
rightsourceip = 10.0.0.0/24
rightcert = clientCert.pem
auto = add
conn rw
keyexchange=ikev2
left=%defaultroute
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
leftfirewall=yes
right=%any
rightsourceip=10.0.0.0/24
auto=add
# /etc/ipsec.secrets
: RSA serverKey.pem
# /etc/strongswan.conf
charon {
threads = 16
dns1 = 8.8.8.8
dns2 = 8.8.4.4
}
===================================
客户端OS:debian 6 32位,安装strongswan 5.0.2, 内网ip(192.168.0.2/24), 外网ip(234.123.234.123)
配置信息如下
===================================
# /etc/ipsec.conf
config setup
conn rw
keyexchange=ikev2
left=%defaultroute
leftsourceip=%config
leftcert=clientCert.pem
leftfirewall=yes
right=123.234.123.234
rightsubnet=10.0.0.0/24
rightid="C=CN, O=StrongSwan, CN=client"
auto=add
# /etc/ipsec.secrets
: RSA clientKey.pem
===================================
用 iOS 6.1.2 的原生 cisco ipsec 客户端测试成功(conn ios),用 windows 7 也测试成功。
在linux上测试,连接上后无法访问远程的局域网,访问外网也是通过本地的网络(234.123.234.123)
# ip route list
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
default via 192.168.0.1 dev eth0
# ip route list table 220
10.0.0.0/24 via 192.168.0.1 dev eth0 proto static src 10.0.0.1
应该是路由表设置问题吧??该如何配置路由表呢??
iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
配置信息如下
===================================
# /etc/ipsec.conf
config setup
conn ios
keyexchange = ikev1
authby = xauthrsasig
xauth = server
left = %defaultroute
leftsubnet = 0.0.0.0/0
leftfirewall = yes
leftcert = serverCert.pem
right = %any
rightid="C=CN, O=StrongSwan, CN=*"
rightsubnet = 10.0.0.0/24
rightsourceip = 10.0.0.0/24
rightcert = clientCert.pem
auto = add
conn rw
keyexchange=ikev2
left=%defaultroute
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
leftfirewall=yes
right=%any
rightsourceip=10.0.0.0/24
auto=add
# /etc/ipsec.secrets
: RSA serverKey.pem
# /etc/strongswan.conf
charon {
threads = 16
dns1 = 8.8.8.8
dns2 = 8.8.4.4
}
===================================
客户端OS:debian 6 32位,安装strongswan 5.0.2, 内网ip(192.168.0.2/24), 外网ip(234.123.234.123)
配置信息如下
===================================
# /etc/ipsec.conf
config setup
conn rw
keyexchange=ikev2
left=%defaultroute
leftsourceip=%config
leftcert=clientCert.pem
leftfirewall=yes
right=123.234.123.234
rightsubnet=10.0.0.0/24
rightid="C=CN, O=StrongSwan, CN=client"
auto=add
# /etc/ipsec.secrets
: RSA clientKey.pem
===================================
用 iOS 6.1.2 的原生 cisco ipsec 客户端测试成功(conn ios),用 windows 7 也测试成功。
在linux上测试,连接上后无法访问远程的局域网,访问外网也是通过本地的网络(234.123.234.123)
# ip route list
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
default via 192.168.0.1 dev eth0
# ip route list table 220
10.0.0.0/24 via 192.168.0.1 dev eth0 proto static src 10.0.0.1
应该是路由表设置问题吧??该如何配置路由表呢??
Select Language