{"id":2220,"date":"2021-07-30T18:20:07","date_gmt":"2021-07-30T10:20:07","guid":{"rendered":"http:\/\/euhat.com\/wp\/?p=2220"},"modified":"2021-08-31T08:56:59","modified_gmt":"2021-08-31T00:56:59","slug":"strongswan%e9%85%8d%e7%bd%ae%e5%a4%9a%e4%b8%aa%e5%ad%90%e7%bd%91","status":"publish","type":"post","link":"http:\/\/euhat.com\/wp\/2021\/07\/30\/strongswan%e9%85%8d%e7%bd%ae%e5%a4%9a%e4%b8%aa%e5%ad%90%e7%bd%91\/","title":{"rendered":"StrongSwan\u914d\u7f6e\u591a\u4e2a\u5b50\u7f51"},"content":{"rendered":"<p>ipsec.conf\u65b9\u5f0f<\/p>\n<pre >\r\nconn myikesettings\r\n    keyexchange=ikev1\r\n    left=10.0.0.1\r\n    right=10.0.0.2\r\n    leftcert=mycert.pem\r\n    rightcert=othercert.oem\r\n    ike=aesgcm16-prfsha256-modp3072!\r\n    esp=aesgcm16-modp3072!\r\n    auto=add\r\n\r\nconn sa_1\r\n    leftsubnet=192.168.1.0\/24\r\n    rightsubnet=192.168.51.0\/24\r\n    also=myikesettings\r\n\r\nconn sa_2\r\n    leftsubnet=192.168.2.0\/24\r\n    rightsubnet=192.168.52.0\/24\r\n    also=myikesettings\r\n<\/pre>\n<pre lang=\"bash\" line=\"1\">\r\nipsec restart\r\nipsec reload\r\nipsec up sa_1\r\nipsec up sa_2\r\n<\/pre>\n<p>swanctl\u65b9\u5f0f<\/p>\n<pre >\r\nconnections {\r\n\thost-host {\r\n\t\t...\r\n\t\tchildren {\r\n\t\t\thost-host1 {\r\n\t\t\t\tlocal_ts=10.1.0.0\/24\r\n\t\t\t\tremote_ts=10.2.0.0\/24\r\n\t\t\t\t...\r\n\t\t\t}\r\n\t\t\thost-host2 {\r\n\t\t\t\tlocal_ts=10.1.0.0\/24\r\n\t\t\t\tremote_ts=10.2.0.0\/24\r\n\t\t\t\t...\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\r\n<\/pre>\n<pre lang=\"bash\" line=\"1\">\r\ncharon &\r\nswanctl --load-all --clear\r\nswanctl --initiate --child host-host1\r\nswanctl --initiate --child host-host2\r\n<\/pre>\n<p>refer to:<br \/>\n<a href=\"https:\/\/wiki.strongswan.org\/projects\/strongswan\/wiki\/FAQ#Multiple-subnets-per-SA\" rel=\"nofollow\">https:\/\/wiki.strongswan.org\/projects\/strongswan\/wiki\/FAQ#Multiple-subnets-per-SA<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ipsec.conf\u65b9\u5f0f conn myikesettings keyexchange=ikev1 left=10.0.0.1 right=10.0.0.2 leftcert=mycert.pem rightcert=othercert.oem ike=aesgcm16-prfsha256-modp3072! esp=aesgcm16-modp3072! auto=add conn sa_1 leftsubnet=192.168.1.0\/24 rightsubnet=192.168.51.0\/24 also=myikesettings conn sa_2 leftsubnet=192.168.2.0\/24 rightsubnet=192.168.52.0\/24 also=myikesettings ipsec restart ipsec reload ipsec up sa_1 ipsec up sa_2 swanctl\u65b9\u5f0f connections { host-host { ... children { host-host1 { local_ts=10.1.0.0\/24 remote_ts=10.2.0.0\/24 ... } host-host2 { local_ts=10.1.0.0\/24 remote_ts=10.2.0.0\/24 ... } } } } charon ... <a title=\"StrongSwan\u914d\u7f6e\u591a\u4e2a\u5b50\u7f51\" class=\"read-more\" href=\"http:\/\/euhat.com\/wp\/2021\/07\/30\/strongswan%e9%85%8d%e7%bd%ae%e5%a4%9a%e4%b8%aa%e5%ad%90%e7%bd%91\/\" aria-label=\"More on StrongSwan\u914d\u7f6e\u591a\u4e2a\u5b50\u7f51\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[590,246,591,380,589,588],"_links":{"self":[{"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/posts\/2220"}],"collection":[{"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/comments?post=2220"}],"version-history":[{"count":0,"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/posts\/2220\/revisions"}],"wp:attachment":[{"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/media?parent=2220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/categories?post=2220"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/euhat.com\/wp\/wp-json\/wp\/v2\/tags?post=2220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}