1 编译时,开启--enable-kernel-libipsec
2. 运行 sudo ipsec statusall|grep kernel,查看有没有 kernel-libipsec kernel-netlink 插件,默认不启用。
3.编辑 etc/strongswan.d/charon/kernel-libipsec.conf,
kernel-libipsec {
# Allow that the remote traffic selector equals the IKE peer.
allow_peer_ts = yes
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
}
strongswan启动之后,会看到ipsec0 这个tun device,提示
created TUN device: ipsec0
kernel-libipsec {
# Allow that the remote traffic selector equals the IKE peer.
allow_peer_ts = yes
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
}
kernel-libipsec {
# Allow that the remote traffic selector equals the IKE peer.
allow_peer_ts = yes
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
}
etc/strongswan.d/charon/kernel-libipsec.confetc/strongswan.d/charon/kernel-libipsec.confetc/strongswan.d/charon/kernel-libipsec.confetc/strongswan.d/charon/kernel-libipsec.conf
阅读(1775) | 评论(0) | 转发(0) |