VPN Site-to-Site Openswan x ASA (Cisco) on centos6.5

第一步：

Install openswan (say yes to all dependencies)
yum install openswan

第二步：

Configure ipsec.conf parameters in openswan:
vi /etc/ipsec.conf 
(client:10.9.142.5（内网）,106.75.97.2（外网）)

config setup
    protostack=netkey
    nat_traversal=yes
    oe=off
    logfile=/var/log/pluto22.log
    dumpdir=/var/run/pluto/
    virtual_private=%v4:172.16.2.0/24,%v4:10.9.0.0/16,%v4:172.16.1.0/24,%v4:10.0.0.0/8
     nhelpers=0
    include /etc/ipsec.d/*.conf


conn hk-stock
        authby=secret
        auto=start
        type=tunnel

        left=10.9.142.5
        leftsubnet=10.9.0.0/16
        leftnexthop=%defaultroute

        right=69.172.85.15
        rightsubnet=172.16.1.0/24
        rightnexthop=%defaultroute

        ike=aes256
        keyexchange=ike
        phase2=esp
        phase2alg=aes256
        compress=no 
        pfs=no

第三步：

vim /etc/ipsec.secrets

10.9.142.5 69.172.85.15 106.75.97.2 : PSK "weifreeman"

第四步：

# turn on ip forwarding

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

# activate it:

sysctl -p 

参考链接：http://www.houseoflinux.com/vpn/vpn-site-to-site-openswan-x-asa-cisco/

https://community.opsourcecloud.net/View.jsp?procId=9efb7ca88925381eec45279a2828da19

http://www.slashroot.in/linux-ipsec-site-site-vpnvirtual-private-network-configuration-using-openswan