通过ipsec服务端给客户端分配ip

小杨啥都学2026-03-26 9:03

适用于A和安全网关B建立ipsec隧道最终实现和C设备的交互

B(server)192.168.9.161

A(client)192.168.9.160

/etc/ipsec.conf

复制代码

config setup
    uniqueids=yes

conn client-vpn
    type=tunnel
    authby=secret
    left=%any
    leftsourceip=%config
    right=192.168.9.161
    auto=start
    leftupdown=/home/xx/printenv.sh

/etc/ipsec.secrets

复制代码

: PSK "mypassword123456"

printenv.sh

复制代码

#!/bin/sh
echo "========================" >> /tmp/pluto.log
env | grep PLUTO >> /tmp/pluto.log
echo "========================" >> /tmp/pluto.log

/etc/ipsec.conf

复制代码

config setup
    uniqueids=yes

conn client-vpn
    type=tunnel
    authby=secret
    left=192.168.9.161
    leftsubnet=0.0.0.0/0
    right=192.168.9.160
    rightsourceip=192.168.9.123
    auto=add

/etc/ipsec.secrets

复制代码

: PSK "mypassword123456"

结果：

A打印B分配的IP