如果您从合作伙伴处获得以下规范。您将如何编写 ipsec.conf 文件来连接隧道。
Authentication Method PSK Pre-Shared Key
Encryption Scheme IKE
Diffie-Hellman Group Group 2
Encryption Algorithm 3DES
Hashing Algorithm Sha1
Main or Aggressive Mode Main mode
Lifetime (for renegotiation) 28800 seconds
Phase 2
Encapsulation (ESP or AH) ESP
Encryption Algorithm 3DES
Authentication Algorithm SHA1
Perfect Forward Secrecy Group 2
Lifetime (for renegotiation) 3600 seconds
Lifesize in KB (for renegotiation) Not used
Key Exchange For Subnets? Yes
Encapsulation (ESP or AH) ESP
我曾经写过类似的东西但仍然无法连接。
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
#VPN connections
conn xxx-jsrx
aggressive=yes
authby=secret
auto=start
#esp=3des-sha1
ike=3des-sha1-modp1024
ikelifetime=28800
keyexchange=ike
#[email protected]
rightid=xxx.xxx.xxx.xxx
left=xx.xxx.xxx.xxx
right=xxx.xxx.xxx.xxx
Ipsec.secrets 看起来像这样;
xxx.xxx.xxx.xxx(正确):PSK“xxxxxxxxxxxxxx”
谢谢。