在ubuntu-site,ubuntu-site2,ubuntu-site3上安装strongswan
apt install strongswan -y
打开转发
sysctl -w net.ipv4.ip_forward=1
root@ubuntu-site1:~# cat /etc/ipsec.conf | grep -v "^#"
config setup
conn site1-site2
left=12.12.12.1
leftsubnet=10.10.1.0/24
right=12.12.12.2
rightsubnet=10.10.2.0/24
authby=psk
auto=route
conn site1-site3
left=13.13.13.1
leftsubnet=10.10.1.0/24
right=13.13.13.3
rightsubnet=10.10.3.0/24
authby=psk
auto=route
root@ubuntu-site1:~# cat /etc/ipsec.secrets | grep -v "^#"
%any %any : PSK "yourPassword123"
root@ubuntu-site2:~# cat /etc/ipsec.conf | grep -v "^#"
config setup
conn site2-site1
left=12.12.12.2
leftsubnet=10.10.2.0/24
right=12.12.12.1
rightsubnet=10.10.1.0/24
authby=psk
auto=route
conn site2-site3
left=23.23.23.2
leftsubnet=10.10.2.0/24
right=23.23.23.3
rightsubnet=10.10.3.0/24
authby=psk
auto=route
root@ubuntu-site2:~# cat /etc/ipsec.secrets | grep -v "^#"
%any %any : PSK "yourPassword123"
root@ubuntu-site3:~# cat /etc/ipsec.conf | grep -v "^#"
config setup
conn site3-site1
left=13.13.13.3
leftsubnet=10.10.3.0/24
right=13.13.13.1
rightsubnet=10.10.1.0/24
authby=psk
auto=route
conn site3-site2
left=23.23.23.3
leftsubnet=10.10.3.0/24
right=23.23.23.2
rightsubnet=10.10.2.0/24
authby=psk
auto=route
root@ubuntu-site3:~# cat /etc/ipsec.secrets | grep -v "^#"
%any %any : PSK "yourPassword123"
ubuntu-site1,ubuntu-site2,ubuntu-site3启动ipsec:
ipsec restart
验证互通(略)
网友评论