在虚拟机上按照OpenSwan软件,执行以下的操作: 1) yum install -y epel-release 2) yum install -y libreswan 3) yum install -y python2 4) ln -s /usr/bin/python2 /usr/bin/python 5) vi /etc/ipsec.conf 1) 确保include /etc/ipsec.d/*.conf前面没有注释符 2) 确保logfile=/var/log/pluto.log 前面没有注释符 6) vi /etc/ipsec.d/nettonet.conf,并添加如下的内容 conn nettonet authby=secret auto=start leftid=39.98.193.226 <--阿里云VPN虚拟机的公网ip left=%defaultroute leftsubnet=192.168.0.0/16 <--阿里云VPC CIDR leftnexthop=%defaultroute rightid=ZHY right=52.83.126.30 <--AWS VPN虚拟机的公网ip rightsubnet=10.0.0.0/16 <--AWS VPC CIDR keyingtries=%forever ike=aes128-sha1;modp1024 ikelifetime=86400s phase2alg=aes128-sha1 salifetime=3600s pfs=no 7) vi /etc/ipsec.d/nettonet.secrets,并添加如下的内容 39.98.193.226 52.83.126.30: PSK "aws123" 这里的aws123表示密钥密码,可以是任何值。 8) vi /etc/sysctl.conf,并添加如下内容: net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 9)运行sysctl -p从而启用新的配置 10、运行ipsec verify命令确认OpenSwan运行正常。