yy.yy.yy.yy - на стороне Linux
xx.xx.xx.xx - на стороне D-link
root@gw ~]# cat /etc/ipsec.conf
Код: Выделить всё
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
plutodebug="all"
plutostderrlog=/var/log/pluto.log
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:192.168.2.0/24
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/"
#include /etc/ipsec.d/*.conf
Код: Выделить всё
conn xx.xx.xx.xx
type=tunnel
authby=secret # аутентификация по Preshared Key
keylife=28800s
aggrmode=yes # для идентификация клиентов с динамическим IP
# Настройки локального узла
left=yy.yy.yy.yy
# leftnexthop=EXTERNAL_GW
leftsubnet=192.168.1.0/24
leftid=yy.yy.yy.yy
# Настройки удаленного узла
right=xx.xx.xx.xx
rightsubnet=192.168.2.0/24
rightid=xx.xx.xx.xx
# Настройка алгоритмов шифрования и обмена ключами
auth=esp
keyexchange=ike
ike=3des-sha1-modp1024!
esp=3des-sha1!
auto=add
Лог на OpenSwan:
Код: Выделить всё
| find_host_connection2 called from aggr_inI1_outR1_common, me=yy.yy.yy.yy:500 him=%any:500 policy=PSK+AGGRESSIVE
| find_host_pair_conn (find_host_connection2): yy.yy.yy.yy:500 %any:500 -> hp:none
| searching for connection with policy = PSK+AGGRESSIVE
| find_host_connection2 returns empty
packet from xx.xx.xx.xx:500: initial Aggressive Mode message from xx.xx.xx.xx but no (wildcard) connection has been configured with policy=PSK+AGGRESSIVE
| complete state transition with STF_IGNORE
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 37 seconds
| next event EVENT_PENDING_DDNS in 37 seconds