通过ipsec服务端给客户端分配ip

适用于A和安全网关B建立ipsec隧道最终实现和C设备的交互

B(server)192.168.9.161

A(client)192.168.9.160

B

/etc/ipsec.conf

config setup
    uniqueids=yes

conn client-vpn
    type=tunnel
    authby=secret
    left=%any
    leftsourceip=%config
    right=192.168.9.161
    auto=start
    leftupdown=/home/xx/printenv.sh

/etc/ipsec.secrets

: PSK "mypassword123456"

printenv.sh

#!/bin/sh
echo "========================" >> /tmp/pluto.log
env | grep PLUTO >> /tmp/pluto.log
echo "========================" >> /tmp/pluto.log

A

/etc/ipsec.conf

config setup
    uniqueids=yes

conn client-vpn
    type=tunnel
    authby=secret
    left=192.168.9.161
    leftsubnet=0.0.0.0/0
    right=192.168.9.160
    rightsourceip=192.168.9.123
    auto=add

/etc/ipsec.secrets

: PSK "mypassword123456"

结果：

A打印B分配的IP