SmartBridge

Установите минимум strongswan-5.9.6 из исходных кодов.

/usr/local/etc/ipsec.conf

XX.XX.XX.XX - ваш белый IP

config setup
                # strictcrlpolicy=yes
                # uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start


conn NIT1
                type=tunnel
                auto=start
                keyexchange=ikev2
                authby=secret
                left=XX.XX.XX.XX
                leftid=XX.XX.XX.XX
                right=195.12.122.44
                rightsubnet=195.12.113.29/32
                ike=aes256-sha256-modp2048
                esp=aes256-sha256-modp2048
                aggressive=no
                keyingtries=1
                ikelifetime=86400s
                lifetime=28800s
                dpdaction=restart

conn NIT2
                also=NIT1
                rightsubnet=195.12.113.79/32

conn NIT_TEST
                also=NIT1
                rightsubnet=195.12.113.7/32

/usr/local/etc/ipsec.secrets

XX.XX.XX.XX 195.12.122.44 : PSK ******************

Перезапуск:

systemctl restart ipsec

Переподключение:

ipsec up NIT1

Тест соединения:

ping 195.12.113.7
ping 195.12.113.29
ping 195.12.113.79