\# yum install -y libreswan
\# systemctl enable --now ipsec
/etc/sysctl.conf
수정\# vi /etc/sysctl.conf
----------------------------------
-- 추가
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
sysctl -p
/etc/ipsec.conf
내용중 #include /etc/ipsec.d/*.conf
를 활성화/etc/ipsec.d/*.conf
) 파일로 포함(include
)할 수 있도록 설정 해주는 것/etc/ipsec.d/aws.conf
을 설정\# vi /etc/ipsec.d/aws.conf
--------------------------------------
conn Tunnel1
authby=secret
auto=start
left=%defaultroute
leftid=106.253.56.124
right=3.37.8.195
type=tunnel
ikelifetime=8h
keylife=1h
#phase2alg=aes128-sha1;modp1024
#ike=aes128-sha1;modp1024
phase2alg=aes_gcm
ike=aes256-sha2_256;dh14
keyingtries=%forever
keyexchange=ike
leftsubnet=192.168.0.0/21
rightsubnet=10.39.0.0/16
dpddelay=10
dpdtimeout=30
dpdaction=restart_by_peer
overlapip=yes
conn Tunnel2
authby=secret
auto=start
left=%defaultroute
leftid=106.253.56.124
right=13.125.49.208
type=tunnel
ikelifetime=8h
keylife=1h
#phase2alg=aes128-sha1;modp1024
#ike=aes128-sha1;modp1024
phase2alg=aes_gcm
ike=aes256-sha2_256;dh14
keyingtries=%forever
keyexchange=ike
leftsubnet=192.168.0.0/21
rightsubnet=10.39.0.0/16
dpddelay=10
dpdtimeout=30
dpdaction=restart_by_peer
overlapip=yes
/etc/ipsec.d/aws.secrets
, 로컬과 클라우드간 트래픽 전송간 암호화 키 \# vi /etc/ipsec.d/aws.secrets
-------------------------------------
106.253.56.124 3.37.8.195: PSK "TIbB2VNp7cWvpK73hoRyyE_Wrnn8rjy2"
106.253.56.124 13.125.49.208: PSK "E2gUVMe0iCncx4y9CE2ZI32jauyNcsd3"
iptables -F
ipsec
재시작\# systemctl restart ipsec
\# systemctl status ipsec
+
정적 경로 추가sudo apt-get update -y