如何根据规范编写 Ipsec.conf 文件

如何根据规范编写 Ipsec.conf 文件

如果您从合作伙伴处获得以下规范。您将如何编写 ipsec.conf 文件来连接隧道。

Authentication Method   PSK Pre-Shared Key
Encryption Scheme       IKE
Diffie-Hellman Group    Group 2
Encryption Algorithm    3DES
Hashing Algorithm       Sha1
Main or Aggressive Mode     Main mode
Lifetime (for renegotiation)        28800 seconds
Phase 2
Encapsulation (ESP or AH)       ESP
Encryption Algorithm        3DES
Authentication Algorithm        SHA1
Perfect Forward Secrecy     Group 2
Lifetime (for renegotiation)        3600 seconds
Lifesize in KB (for renegotiation)      Not used
Key Exchange For Subnets?       Yes
Encapsulation (ESP or AH)       ESP

我曾经写过类似的东西但仍然无法连接。

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
    # strictcrlpolicy=yes
    # uniqueids = no

# Add connections here.

#VPN connections

conn xxx-jsrx
    aggressive=yes
    authby=secret
    auto=start     
    #esp=3des-sha1
    ike=3des-sha1-modp1024
    ikelifetime=28800
    keyexchange=ike
    #[email protected]
    rightid=xxx.xxx.xxx.xxx 
    left=xx.xxx.xxx.xxx
    right=xxx.xxx.xxx.xxx

Ipsec.secrets 看起来像这样;

xxx.xxx.xxx.xxx(正确):PSK“xxxxxxxxxxxxxx”

谢谢。

相关内容