1、安装strongswan
apt-get install strongswan strongswan-plugin-xauth-generic
2、编辑 /etc/ipsec.secrets 内容为:
公网IP地址 %any : PSK “密匙”
用户名 : XAUTH “用户密码”
3、编辑 /etc/ipsec.conf 内容为:
config setup
cachecrls=yes
uniqueids=yes
conn ios
keyexchange=ikev1
authby=xauthpsk
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=%any
rightsubnet=10.7.0.0/24
rightsourceip=10.7.0.2/24
rightdns=8.8.8.8
auto=add
4、重启 strongswan
service strongswan restart
5、打开IPv4转发,设置NAT规则
sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 10.7.0.0/16 -o eth1 -j MASQUERADE