digi:cellular:ipsec:start [Digi产品中文Wiki]

办公室内网连qcloud公网内的服务器

办公室内网的电脑 ipsec.conf

conn %default
    keyexchange=ikev2
    ike=aes256-sha1-modp1024
    esp=aes256-sha1
    dpdaction=clear
    dpddelay=300s

conn nat-t
    left=%defaultroute
    leftid=robin@palfort.com
    leftcert=robincert.pem
    leftfirewall=yes
    right=118.25.220.122
    rightid=qcloudserver
    rightsubnet=172.27.0.0/24
    auto=add
<code>

云服务器端
<code>
conn %default
 keyexchange=ikev2
 ike=aes256-sha1-modp1024
 esp=aes256-sha1
 dpdaction=clear
 dpddelay=300s

conn nat-t
  left=%defaultroute
  leftcert=qcloudservercert.pem
  leftid=qcloudserver
  leftfirewall=yes
  right=%any
  rightsubnet=10.70.1.0/24
  auto=add

两台linux穿越nat的ipsec通道搭建