Openswan ×?Linux ipsec vpn ·t???÷(?t)

?t  RSAè??¤·?ê?

    (ò?)  net-to-net á??ó·?ê?

        1 í????·?3

         Left network ß---àleft GateWay ß-----|------à Right Gatewayß----àRight network

        192.168.1.0/24    eth0:192.168.1.1         eth0:172.16.1.1     172.16.1.0

        GW192.168.1.1    eth1:1.1.1.1             eth1:1.1.1.2       GW:172.16.1.1

                         GW:1.1.1.2             GW:1.1.1.2

       3yá?ò?é?IPμ??·D??￠ía,?1ó|???a????í?1?éè??ò???ó?óúIPSECD-éì?Dó?ò?è′·?±?′?μ?±êê?,?éò?ó?í?1?×?éíμ?FWDN,?ò??????μ???×?,è?@leftμè,μ±è??aD???×?íêè?ê??éò?óé×??o±àD′

  2  ??è?rsasigkey,2￠°???è?μ?rsa ±￡′?

     ?úLeft  Gateway é???è?rsasigkey

     #ipsec showhostkey  --letf

     ?úRight  Gateway é???è?rsasigkey

     #ipsec showhostkey   --right

  3 ?úLeft GateWayé?????openswan μ??÷???????t/etc/ipsec.conf ???2

ìí?óD??¨ò?μ?á??ó,2￠±￡?¤left GATEWAY oíright GATEWAY ?D???????t?àí?

#vim  /etc/ipsec.conf

 #Add  connection  here

   conn net-to-net

      left=1.1.1.1   #×óí?1?

      # rsakey AQNYfk+V8  #×óí?1?μ?1???,ò2ê??úé?????è?μ?RSA

     leftrsasigkey=0sAQNYfk+V851n9R3vrwNcZFGRqYyuhjRaRyYKIIE0RvBGjHot6JWS1SQINXPy/i+TKTkte3BY104SkV+fd1GH2kZD6UjLQGq85M6waDVteVlxPBsr8+W2XRJVu9REkqT211y85N4HsCMoNDf/B9bjne11hHKsJQCu/DSgt89MSnmvuIHDggz2rs/00awBrg5SOTbi5P6YDncQNx2iU05TD8JY3QqkWyyqWxrthkV/WRpsFtAvW55B5pO0Ply+5heNcWPKSIExw7nfCzJqeaQV/pPVpZt9Kbl4IsqE1SV6BN9MqHPh2ady+avsn6SfXOImrDyp2DZ2+czJEiVrnntnzmU3mT3Wy3WAoiZOPNcYS3yJQpsz

      leftsubnet=192.168.1.0/24  #×óí?1??ù?ú?úí?μ?í???

      leftid=@left              #×óí?±êê?

      leftnexthop=%defaultroute  #???¨×?í?1?μ???ò?ì??a??è??·óé

      right=1.1.1.2              #óòí?1?íaí?IPμ??·