1、configure时,开启--enable-kernel-libipsec
2、运行 sudo ipsec statusall | grep kernel,查看有没有 kernel-libipsec kernel-netlink 插件,默认不启用。
3、编辑 kernel-libipsec.conf
vim etc/strongswan.d/charon/kernel-libipsec.conf
kernel-libipsec {
# Allow that the remote traffic selector equals the IKE peer.
allow_peer_ts = yes
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
}
4、strongswan启动之后,会看到ipsec0 这个tun device,提示
created TUN device: ipsec0