配置

 
 
环境:
10.10.10.1--172.16.1.71-------172.16.1.72----10.20.20.1
 
172.16.1.71上的配置
[root@***-test01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ipsec0 
ONBOOT=yes
IKE_METHOD=PSK
DSTGW=10.20.20.1
SRCGW=172.16.1.71
DSTNET=10.20.20.0/24
SRCNET=10.10.10.1/24
DST=172.16.1.72
TYPE=IPSEC
[root@***-test01 ~]# 
 
[root@***-test01 ~]# cat /etc/sysconfig/network-scripts/keys-ipsec0 
IKE_PSK=7c4a8d09ca3762af61e5
 
[root@***-test01 ~]# ls -l /etc/sysconfig/network-scripts/keys-ipsec0 
-rw------- 3 root root 29 Mar  9 08:28 /etc/sysconfig/network-scripts/keys-ipsec0
 
[root@***-test01 ~]# cat /etc/racoon/psk.txt 
# file for pre-shared keys used for IKE authentication
# format is:  'identifier' 'key'
# For example:
#
#  10.1.1.1             flibbertigibbet
#  www.example.com      12345
#  foo@www.example.com  micropachycephalosaurus
172.16.1.72  7c4a8d09ca3762af61e5
[root@***-test01 ~]# 
 
[root@***-test01 ~]# cat /etc/racoon/racoon.conf 
 
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
 
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
 
sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
}
include "/etc/racoon/172.16.1.72.conf";
 
具体参考