1. install openswan package
#apt-get install openswan
2. modify ipsec.conf setting
#vim /etc/ipsec.conf
version 2.0
config setup
dumpdir = /var/run/pluto
nat_traversal = yes
oe = off
protostack = auto
interfaces = %defaultroute
klipsdebug = none
plutodebug = none
conn asa
type = tunnel
authby = secret
left = 10.10.22.33
leftsubnet = 172.16.22.0/24
leftnexthop = 172.16.22.1
right = 10.1.22.28
rightsubnet = 192.168.100.0/24
rightnexthop = 192.168.100.1
esp= 3des-md5-96
keyexchange = ike
pfs = no
auto = add
3. modify ipsec.secrets
# vim /etc/ipsec.secrets
10.1.22.28 10.10.22.33: PSK "asopfjas@owewfspfjowp@ksloj"
include /var/lib/openswan/ipsec.secrets.inc
沒有留言:
張貼留言