centos ipsec tunnel 配置

配置

环境：

10.10.10.1--172.16.1.71-------172.16.1.72----10.20.20.1

172.16.1.71上的配置

[root@***-test01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ipsec0 

ONBOOT=yes

IKE_METHOD=PSK

DSTGW=10.20.20.1

SRCGW=172.16.1.71

DSTNET=10.20.20.0/24

SRCNET=10.10.10.1/24

DST=172.16.1.72

TYPE=IPSEC

[root@***-test01 ~]# 

[root@***-test01 ~]# cat /etc/sysconfig/network-scripts/keys-ipsec0 

IKE_PSK=7c4a8d09ca3762af61e5

[root@***-test01 ~]# ls -l /etc/sysconfig/network-scripts/keys-ipsec0 

-rw------- 3 root root 29 Mar  9 08:28 /etc/sysconfig/network-scripts/keys-ipsec0

[root@***-test01 ~]# cat /etc/racoon/psk.txt 

# file for pre-shared keys used for IKE authentication

# format is:  'identifier' 'key'

# For example:

#

#  10.1.1.1             flibbertigibbet

#  www.example.com      12345

#  foo@www.example.com  micropachycephalosaurus

172.16.1.72  7c4a8d09ca3762af61e5

[root@***-test01 ~]# 

[root@***-test01 ~]# cat /etc/racoon/racoon.conf 

# Racoon IKE daemon configuration file.

# See 'man racoon.conf' for a description of the format and entries.

path include "/etc/racoon";

path pre_shared_key "/etc/racoon/psk.txt";

path certificate "/etc/racoon/certs";

sainfo anonymous

{

        pfs_group 2;

        lifetime time 1 hour ;

        encryption_algorithm 3des, blowfish 448, rijndael ;

        authentication_algorithm hmac_sha1, hmac_md5 ;

        compression_algorithm deflate ;

}

include "/etc/racoon/172.16.1.72.conf";

具体参考

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-ipsec-net2net.html