\n
![\"\"](\"https:\/\/fsck.jp\/wp-content\/uploads\/2018\/06\/260dc50478618c6d73282000883ed462.png\")
<\/a><\/p>\nVPS \u306e OS: CentOS 7.5
\n\u81ea\u5b85\u30b5\u30fc\u30d0\u306eOS: Raspbian 9.4 (Raspberry Pi)
\nIPsec \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2: strongswan<\/p>\n
1. VPS \u5074<\/h3>\n
strongswan \u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002 \u901a\u904e\u30d1\u30b1\u30c3\u30c8\u3092\u8ee2\u9001\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30ab\u30fc\u30cd\u30eb\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u5909\u66f4\u3059\u308b\u3002 ipsec.conf \u3092\u7de8\u96c6\u3059\u308b\u3002 \u4e8b\u524d\u5171\u6709\u9375\u3092\u8a2d\u5b9a\u3059\u308b\u3002 \u30b5\u30fc\u30d3\u30b9\u3092\u8d77\u52d5\u3059\u308b\u3002 strongswan \u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002 \u901a\u904e\u30d1\u30b1\u30c3\u30c8\u3092\u8ee2\u9001\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30ab\u30fc\u30cd\u30eb\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u5909\u66f4\u3059\u308b\u3002 ipsec.conf \u3092\u7de8\u96c6\u3059\u308b\u3002 VPS \u5074\u3068\u540c\u3058\u4e8b\u524d\u5171\u6709\u9375\u3092\u8a2d\u5b9a\u3059\u308b\u3002 \u30b5\u30fc\u30d3\u30b9\u3092\u8d77\u52d5\u3059\u308b\u3002 \u4ee5\u4e0a\u306e\u8a2d\u5b9a\u3067\u63a5\u7d9a\u3067\u304d\u308b\u3002NAPT \u3092\u8d8a\u3048\u308b\u3053\u3068\u304c\u81ea\u52d5\u7684\u306b\u691c\u51fa\u3055\u308c\u3066\u3001IPsec \u30d1\u30b1\u30c3\u30c8\u306f NAT-Traversal \u3067\u30ab\u30d7\u30bb\u30eb\u5316\u3055\u308c\u308b\u3002iptables \u3067 UDP 4500 \u304c\u9589\u3058\u3089\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u3001ACCEPT \u3059\u308b\u3088\u3046\u306b\u5909\u66f4\u3057\u3066\u304a\u304f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" \u81ea\u5b85(\u52d5\u7684IP\u30a2\u30c9\u30ec\u30b9)\u3068VPS(\u56fa\u5b9aIP\u30a2\u30c9\u30ec\u30b9)\u306e\u9593\u3067\u3001IPsec \u30c8\u30f3\u30cd\u30eb\u3092\u5e38\u6642\u63a5\u7d9a\u3057\u3066\u307f\u308b\u3002\u3053\u308c\u306b\u306f\u3001\u81ea\u5b85\u306eIP\u30a2\u30c9\u30ec\u30b9\u304c\u5909\u308f\u3063\u3066\u3082\u3001VPS \u7d4c\u7531\u3067\u81ea\u5b85\u306b\u5165\u308c\u308b\u3068\u3044\u3046\u30e1\u30ea\u30c3\u30c8\u304c\u3042\u308b\u3002 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u56f3 VPS \u306e […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[20,22,13,23,12,7],"tags":[],"_links":{"self":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/107"}],"collection":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=107"}],"version-history":[{"count":0,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/107\/revisions"}],"wp:attachment":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n[user@myvps1 ~]$ sudo yum install epel-release
\n[user@myvps1 ~]$ sudo yum install strongswan<\/code><\/p>\n
\n[user@myvps1 ~]$ sudo vi \/etc\/sysctl.conf<\/code><\/p>\nnet.ipv4.ip_forward=1 #\u8ffd\u8a18\u3059\u308b<\/pre>\n
[user@myvps1 ~]$ sudo sysctl -p \/etc\/sysctl.conf<\/code><\/p>\n
\n[user@myvps1 ~]$ sudo vi \/etc\/strongswan\/ipsec.conf<\/code><\/p>\nconn myhome-to-vps\r\n authby=secret\r\n auto=add\r\n closeaction=clear\r\n dpdaction=clear\r\n left=203.0.113.180\r\n leftsubnet=203.0.113.180\/32\r\n right=%any\t\t#\u76f8\u624b\u5074IP\u30a2\u30c9\u30ec\u30b9\u306f\u4e0d\u660e\u306a\u306e\u3067%any\u306b\u3057\u3066\u304a\u304f\r\n rightsubnet=192.168.100.0\/24<\/pre>\n
\n[user@myvps1 ~]$ sudo vi \/etc\/strongswan\/ipsec.secrets<\/code><\/p>\n: PSK \"mypresharedkey\"<\/pre>\n
\n[user@myvps1 ~]$ sudo systemctl enable strongswan
\n[user@myvps1 ~]$ sudo systemctl start strongswan<\/code><\/p>\n2. \u81ea\u5b85\u5074<\/h3>\n
\nuser@myserver1:~$ sudo apt install strongswan<\/code><\/p>\n
\nuser@myserver1:~$ sudo vi \/etc\/sysctl.conf<\/code><\/p>\nnet.ipv4.ip_forward=1 #28\u884c\u76ee\u306e\u30b3\u30e1\u30f3\u30c8\u3092\u5916\u3059<\/pre>\n
user@myserver1:~$ sudo sysctl -p \/etc\/sysctl.conf<\/code><\/p>\n
\nuser@myserver1:~$ sudo vi \/etc\/ipsec.conf<\/code><\/p>\nconn myhome-to-vps\r\n authby=secret\r\n auto=start\t\t#\u81ea\u52d5\u7684\u306b\u3053\u3061\u3089\u304b\u3089\u63a5\u7d9a\u3059\u308b\r\n closeaction=restart\r\n dpdaction=restart\r\n left=192.168.100.240\r\n leftsubnet=192.168.100.0\/24\r\n right=203.0.113.180\r\n rightsubnet=203.0.113.180\/32<\/pre>\n
\nuser@myserver1:~$ sudo vi \/etc\/ipsec.secrets<\/code><\/p>\n: PSK \"mypresharedkey\"<\/pre>\n
\nuser@myserver1:~$ sudo systemctl enable strongswan
\nuser@myserver1:~$ sudo systemctl start strongswan<\/code><\/p>\n