openswan不同应用情景配置方法

孤鸿

June 6, 2016

2598 views

No comments

4187 words

VPN

场景1

192.168.28.213<192.168.28.213>[+S=C]…192.168.28.214[+S=C]===162.168.1.0/24

1.conn test
2.    left=192.168.28.213
3.right=%any  
4.    rightsubnet=vhost:%no,%priv
5.    auto=add  
6.    authby=secret
7.    ike=3des-md5!
8.    ikelifetime=3600s
9.    type=transport
10.    esp=3des-md5!
11.    keylife=28800s  
12.    pfs=no

1.conn ipsec_1
2.    left=192.168.28.214
3.    leftsubnet=162.168.1.0/24
4.    right=192.168.28.213
5.    auto=add
6.    authby=secret
7.    leftid=192.168.28.214
8.    rightid=192.168.28.213
9.    ike=3des-md5
10.    ikelifetime=3600s
11.    type=transport
12.    esp=3des-md5
13.    keylife=28800s
14.    pfs=no

场景2

192.168.28.213<192.168.28.213>[+S=C]…192.168.28.214[+S=C]

1.conn test
2.    left=192.168.28.213
3.    right=%any  
4.    rightsubnet=vhost:%no,%priv
5.    auto=add  
6.    authby=secret
7.    ike=3des-md5!
8.    ikelifetime=3600s
9.    type=transport
10.    esp=3des-md5!
11.    keylife=28800s  
12.    pfs=no

1.conn ipsec_1
2.    left=192.168.28.214
3.    right=192.168.28.213
4.    auto=add
5.    authby=secret
6.    leftid=192.168.28.214
7.    rightid=192.168.28.213
8.    ike=3des-md5
9.    ikelifetime=3600s
10.    type=transport
11.    esp=3des-md5
12.    keylife=28800s
13.    pfs=no

场景3

网络拓扑

1.   192.165.1.1/24      192.168.252.8   192.168.252.5    / vlan1 192.166.1.1/24
2.                  /------\                   /------\  /
3.|  S   |===================|  C   |-X
4.                  \------/                   \------/  \
5.                                                        \ vlan2 192.167.1.0/24

S端配置

1.conn lantolan2
2.    left=192.168.252.8
3.    leftsubnet=192.165.1.0/24
4.    right=%any
5.    rightsubnet=vhost:%no,%priv
6.    auto=add
7.    authby=secret
8.    leftid=192.168.252.8
9.    rightid=192.168.252.5
10.    ike=des-md5-modp1024!
11.    ikelifetime=3600s
12.    type=tunnel
13.    esp=des-md5!
14.    keylife=28800s
15.    pfs=no

C端配置

1.conn lantolan1
2.    left=192.168.252.5
3.    leftsubnet=192.166.1.0/24
4.    right=192.168.252.8
5.    rightsubnet=192.165.1.0/24
6.    auto=add
7.    authby=secret
8.    leftid=192.168.252.5
9.    rightid=192.168.252.8
10.    ike=des-md5-modp1024!
11.    ikelifetime=3600s
12.    type=tunnel
13.    esp=des-md5!
14.    keylife=28800s
15.    pfs=no

1.conn test
2.    left=192.168.252.5
3.    leftsubnet=192.167.1.0/24
4.    right=192.168.252.8
5.    rightsubnet=192.165.1.0/24
6.    auto=add
7.    authby=secret
8.    leftid=192.168.252.5
9.    rightid=192.168.252.8
10.    ike=des-md5-modp1024!
11.    ikelifetime=3600s
12.    type=tunnel
13.    esp=des-md5!
14.    keylife=28800s
15.    pfs=no

场景4

网络拓扑 (注意网络拓扑)

1.    10.61.2.1/24
2.        PC1
3.           \          10.61.2.254/8                              10.61.48.254/24
4.            \_________________
5.                              \ /-------\                    /--------\        10.61.48.1/24
6.|   S     |===================|   C    |---------PC3
7.             _________________/ \-------/                    \--------/
8.            /
9.           /          10.61.1.254/8
10.         PC2
11.    10.61.1.1/24

注意：
PC1和PC2的IP地址，如果PC1和PC2的IP地址为10.61.0.0/8这个网段就不能互通了，因为PC会建立一条这个网段到本地的一条路由

S端配置

1.conn ss
2.  left=192.168.28.213
3.  leftsubnet=10.61.0.0/16
4.  right=192.168.28.214
5.  rightsubnet=10.61.48.0/24
6.  auto=add
7.  authby=secret
8.  leftid=192.168.28.213
9.  rightid=192.168.28.214
10.  ike=3des-md5!
11.  ikelifetime=3600s
12.  type=tunnel
13.  esp=3des-md5!
14.  keylife=28800s
15.  pfs=no

C端配置

1.conn s1200
2.    left=192.168.28.214
3.    leftsubnet=10.61.48.0/24
4.    right=192.168.28.213
5.    rightsubnet=10.61.0.0/16
6.    auto=add
7.    authby=secret
8.    leftid=192.168.28.214
9.    rightid=192.168.28.213
10.    ike=3des-md5
11.    ikelifetime=3600s
12.    type=tunnel
13.    esp=3des-md5
14.    keylife=28800s
15.    pfs=no

openswan不同应用情景配置方法