在虚拟机上按照OpenSwan软件,执行以下的操作:
1) yum install -y epel-release
2) yum install -y libreswan
3) yum install -y python2
4) ln -s /usr/bin/python2 /usr/bin/python
5) vi /etc/ipsec.conf
1) 确保include /etc/ipsec.d/*.conf前面没有注释符
2) 确保logfile=/var/log/pluto.log 前面没有注释符
6) vi /etc/ipsec.d/nettonet.conf,并添加如下的内容
conn nettonet
authby=secret
auto=start
leftid=39.98.193.226 <--阿里云VPN虚拟机的公网ip
left=%defaultroute
leftsubnet=192.168.0.0/16 <--阿里云VPC CIDR
leftnexthop=%defaultroute
rightid=ZHY
right=52.83.126.30 <--AWS VPN虚拟机的公网ip
rightsubnet=10.0.0.0/16 <--AWS VPC CIDR
keyingtries=%forever
ike=aes128-sha1;modp1024
ikelifetime=86400s
phase2alg=aes128-sha1
salifetime=3600s
pfs=no
7) vi /etc/ipsec.d/nettonet.secrets,并添加如下的内容
39.98.193.226 52.83.126.30: PSK "aws123"
这里的aws123表示密钥密码,可以是任何值。
8) vi /etc/sysctl.conf,并添加如下内容:
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
9)运行sysctl -p从而启用新的配置
10、运行ipsec verify命令确认OpenSwan运行正常。
