sudo ufw disable
$ sudo ufw enable
Yuqoridagi sozlamalardan so’ng, strongSwan paketini o’rnatib olamiz:
sudo apt update
$ sudo apt install strongswan
O’rnatish jarayoni yakunlangach, tizim avtomatik ravishda faollashadi, bunda biz, holatini tekshirib ko’rishimiz mumkin:
$ sudo systemctl status strongswan.service
$ sudo systemctl is-enabled strongswan.service
Endi, /etc/ipsec.conf yoradamida xavfsizlik shlyuzlarini sozlashni amalga oshiramiz:
Gateway (sedicomm-devgateway)
$ sudo cp /etc/ipsec.conf /etc/ipsec.conf.orig
$ sudo nano /etc/ipsec.conf
Quyidagi konfiguratsiyani faylga nusxalaymiz va joylashtiramiz:
config setup
charondebug="all"
uniqueids=yes
conn devgateway-to-prodgateway
type=tunnel
auto=start
keyexchange=ikev2
authby=secret
left=10.20.20.1
leftsubnet=192.168.0.101/24
right=10.20.20.3
rightsubnet=10.0.2.15/24
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
aggressive=no
keyingtries=%forever
ikelifetime=28800s
lifetime=3600s
dpddelay=30s
dpdtimeout=120s
dpdaction=restart
Gateway (sedicomm-prodgateway)
$ sudo cp /etc/ipsec.conf /etc/ipsec.conf.orig
Do'stlaringiz bilan baham: |