第一步:
Install openswan (say yes to all dependencies)
yum install openswan
第二步:
Configure ipsec.conf parameters in openswan:
vi /etc/ipsec.conf
(client:10.9.142.5(内网),106.75.97.2(外网))
config setup
protostack=netkey
nat_traversal=yes
oe=off
logfile=/var/log/pluto22.log
dumpdir=/var/run/pluto/
virtual_private=%v4:172.16.2.0/24,%v4:10.9.0.0/16,%v4:172.16.1.0/24,%v4:10.0.0.0/8
nhelpers=0
include /etc/ipsec.d/*.conf
conn hk-stock
authby=secret
auto=start
type=tunnel
left=10.9.142.5
leftsubnet=10.9.0.0/16
leftnexthop=%defaultroute
right=69.172.85.15
rightsubnet=172.16.1.0/24
rightnexthop=%defaultroute
ike=aes256
keyexchange=ike
phase2=esp
phase2alg=aes256
compress=no
pfs=no
第三步:
vim /etc/ipsec.secrets
10.9.142.5 69.172.85.15 106.75.97.2 : PSK "weifreeman"
第四步:
# turn on ip forwarding
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
# activate it:
sysctl -p
参考链接:http://www.houseoflinux.com/vpn/vpn-site-to-site-openswan-x-asa-cisco/
https://community.opsourcecloud.net/View.jsp?procId=9efb7ca88925381eec45279a2828da19