终于把 ipv6 环境下 strongswan 的配置好了

Security Associations (1 up, 0 connecting):
         ec6[16]: ESTABLISHED 10 minutes ago, 2400:8902::f03c:0366:febc:6a0a[xyz.wuruxu.cn]...2409:8a6a:216:6677:67b4:8899:ba5d:344[debian]
         ec6[16]: Remote EAP identity: wuruxu
         ec6[16]: IKEv2 SPIs: 58812b94cf2332f9_i 12425e338a463d3e_r*, public key reauthentication in 2 hours
         ec6[16]: IKE proposal: CHACHA20_POLY1305/PRF_HMAC_SHA2_512/CURVE_25519
         ec6{11}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: caf69aa5_i c2924650_o
         ec6{11}:  AES_GCM_16_256, 966634 bytes_i (7095 pkts, 0s ago), 10632497 bytes_o (12299 pkts, 0s ago), rekeying in 34 minutes
         ec6{11}:   0.0.0.0/0 ::/0 === 10.18.0.1/32 2001:166:188:d88:1::2/128

wolonggl

2023-02-16 10:08:39 +08:00

配置发出来共享下

wuruxu

2023-02-19 18:32:22 +08:00

@wolonggl
```
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
strictcrlpolicy=yes
uniqueids = never

conn %default
keyexchange=ikev2
left=%defaultroute
leftauth=pubkey
leftfirewall=yes
mobike=yes
compress=yes
ike=chacha20poly1305-sha512-newhope128,chacha20poly1305-sha512-x25519,aes256-sha512-modp2048,aes128-sha512-modp2048,aes256ccm96-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,aes128-sha1-modp2048!
esp=chacha20poly1305,aes256gcm128,aes128gcm128,aes256ccm128,aes256

conn ec6
leftsendcert=always
leftcert=nginx.ssl.xyz.ecc.cer
leftid=@xyz.wuruxu.cn
leftsubnet=0.0.0.0/0,::/0
rightauth=eap-mschapv2
rightsourceip=2004:0988:0816:d88:1::/80,10.128.0.0/24
rightdns=2001:4860:4860::8888,1.1.1.1
rightsendcert=never
eap_identity=%identity
auto=add

```

这是一个专为移动设备优化的页面（即为了让你能够在 Google 搜索结果里秒开这个页面），如果你希望参与 V2EX 社区的讨论，你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/916011

V2EX 是创意工作者们的社区，是一个分享自己正在做的有趣事物、交流想法，可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.