{"id":413,"date":"2026-03-18T19:18:50","date_gmt":"2026-03-18T11:18:50","guid":{"rendered":"https:\/\/0x0.pub\/?p=413"},"modified":"2026-03-18T19:18:50","modified_gmt":"2026-03-18T11:18:50","slug":"dsvpn%ef%bc%88ipsecospf%ef%bc%89%e9%85%8d%e7%bd%ae%e5%ae%9e%e9%aa%8c","status":"publish","type":"post","link":"https:\/\/0x0.pub\/?p=413","title":{"rendered":"DSVPN\uff08IPSec+OSPF\uff09\u914d\u7f6e\u5b9e\u9a8c"},"content":{"rendered":"\n

<\/p>\n\n\n\n

\u9700\u6c42\u8bf4\u660e<\/p>\n\n\n\n

\u603b\u90e8\u548c2\u4e2a\u5206\u652f\u529e\u516c\u5ba4\u6253\u901a\u5185\u7f51\u4e92\u8054\uff0c\u5206\u652f\u95f4\u4e92\u8bbf\u5efa\u7acb\u52a8\u6001\u76f4\u8fde\u96a7\u9053\uff0c\u96a7\u9053\u91c7\u7528IPsec\u52a0\u5bc6\u5e76\u8fd0\u884cOSPF\u7ef4\u62a4\u5185\u90e8\u8def\u7531\u3002<\/p>\n\n\n\n

<\/p>\n\n\n\n

\u62d3\u6251\u56fe<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


\u914d\u7f6e\u601d\u8def<\/p>\n\n\n\n

\u91c7\u7528GRE P2MP\u534f\u8bae\uff0c\u914d\u5408IPsec\u52a0\u5bc6\uff0c\u96a7\u9053\u5185\u8fd0\u884cOSPF\u3002<\/p>\n\n\n\n

    \n
  1. \u6253\u901a\u4e92\u8054\u7f51R1-R2-R3-R4\uff0c\u914d\u7f6e\u8bbe\u5907\u548cPC\u63a5\u53e3IP<\/li>\n\n\n\n
  2. \u914d\u7f6e\u603b\u90e8\u548c\u5206\u652fR1-R2-R3 GRE\u96a7\u9053\u63a5\u53e3\uff0cR2\/R3\u5f00\u542fnhrp\u5411\u603b\u90e8R1\u6ce8\u518c<\/li>\n\n\n\n
  3. \u914d\u7f6e\u603b\u90e8\u548c\u5206\u652fR1-R2-R3 OSPF\u5e76\u5ba3\u544a\u5185\u7f51\u548c\u96a7\u9053\u63a5\u53e3IP<\/li>\n\n\n\n
  4. \u4fee\u6539GRE\u96a7\u9053\u53c2\u6570\u3002\u542f\u7528nhrp\u52a8\u6001\u591a\u64ad\u652f\u6301\uff0cOSPF\u7f51\u7edc\u4e3a\u5e7f\u64ad\u5e76\u5173\u95ed\u5206\u652fDR\u9009\u4e3e<\/li>\n\n\n\n
  5. \u914d\u7f6eIPsec\u63d0\u8bae\uff0cIKE\u63d0\u8bae\uff0cIKE\u5bf9\u7b49\u4f53\uff0cIPsec\u6a21\u677f\u8c03\u7528\u4ee5\u4e0a\u914d\u7f6e<\/li>\n\n\n\n
  6. \u5173\u95edR1\/R2\/R3\u96a7\u9053\u63a5\u53e3\uff0c\u8c03\u7528IPsec\u6a21\u677f\u3002\u542f\u7528HUB-R1\u96a7\u9053\u540e\u518d\u542f\u7528\u5206\u652f\u96a7\u9053\u63a5\u53e3<\/li>\n\n\n\n
  7. \u6d4b\u8bd5\u914d\u7f6e\uff0c\u68c0\u67e5OSPF\u90bb\u5c45\uff0c\u603b\u90e8ping\u5206\u652f1-2\uff0c\u5206\u652f1\u5230\u5206\u652f2\u67e5\u770b\u8def\u7531\u8ddf\u8e2a\uff0c\u6293\u5305\u67e5\u770b\u52a0\u5bc6\u72b6\u6001\u3002<\/li>\n<\/ol>\n\n\n\n
    1.\u6253\u901a\u4e92\u8054\u7f51R1-R2-R3-R4\uff0c\u914d\u7f6e\u8bbe\u5907\u548cPC\u63a5\u53e3IP\u3002PC1\/PC2\u914d\u7f6e\u5982\u56fe\n#HUB-R1\nsysn HUB-R1\nint g0\/0\/0\n ip addr 14.0.0.1 24\nint g0\/0\/1\n ip addr 192.168.1.254 24\nip route-static 0.0.0.0 0 14.0.0.4\n\n#R2\nsysn R2\nint g0\/0\/0\n ip addr 192.168.2.254 24\nint g0\/0\/1\n ip addr 24.0.0.2 24\nip route-static 0.0.0.0 0 24.0.0.4\n\n\n#R3\nsysn R3\nint g0\/0\/0\n ip addr 192.168.3.254 24\nint g0\/0\/2\n ip addr 34.0.0.3 24\nip route-static 0.0.0.0 0 34.0.0.4\n\n#R4\nsysn R4\nint g0\/0\/0\n ip addr 14.0.0.4 24 \nint g0\/0\/1\n ip addr 24.0.0.4 24\nint g0\/0\/2\n ip addr 34.0.0.4 24<\/code><\/pre>\n\n\n\n
    2.\u914d\u7f6e\u603b\u90e8\u548c\u5206\u652fR1-R2-R3 GRE\u96a7\u9053\u63a5\u53e3\uff0cR2\/R3\u5f00\u542fnhrp\u5411\u603b\u90e8R1\u6ce8\u518c\n#HUB-R1\nint tun0\/0\/0\n ip addr 123.0.0.1 24\n tunnel-protocol gre p2mp\n source 14.0.0.1\n\n#R2\nint tun0\/0\/0\n ip address 123.0.0.2 24\n tunnel-protocol gre p2mp\n source 24.0.0.2\n nhrp entry 123.0.0.1 14.0.0.1 register\n\n#R3\nint tun0\/0\/0\n ip address 123.0.0.3 24\n tunnel-protocol gre p2mp\n source 34.0.0.3\n nhrp entry 123.0.0.1 14.0.0.1 register<\/code><\/pre>\n\n\n\n
    3.\u914d\u7f6e\u603b\u90e8\u548c\u5206\u652fR1-R2-R3 OSPF\u5e76\u5ba3\u544a\u5185\u7f51\u548c\u96a7\u9053\u63a5\u53e3IP\n#HUB-R1\nospf 1 router-id 14.0.0.1 \n area 0 \n  network 123.0.0.1 0.0.0.0 \n  network 192.168.1.0 0.0.0.255\n\n#R2\nospf 1 router-id 24.0.0.2 \n area 0\n  network 123.0.0.2 0.0.0.0 \n  network 192.168.2.0 0.0.0.255\n\n#R3\nospf 1 router-id 34.0.0.3 \n area 0\n  network 123.0.0.3 0.0.0.0 \n  network 192.168.3.0 0.0.0.255<\/code><\/pre>\n\n\n\n
    4.\u4fee\u6539GRE\u96a7\u9053\u53c2\u6570\u3002\u542f\u7528nhrp\u52a8\u6001\u591a\u64ad\u652f\u6301\uff0cOSPF\u7f51\u7edc\u4e3a\u5e7f\u64ad\u5e76\u5173\u95ed\u5206\u652fDR\u9009\u4e3e\n#HUB-R1\/R2\/R3\nint tun0\/0\/0\n ospf network-type broadcast\n nhrp entry multicast dynamic\n\n#R1\/R2\nint tun0\/0\/0\n ospf dr-priority 0<\/code><\/pre>\n\n\n\n
    5.\u914d\u7f6eIPsec\u63d0\u8bae\uff0cIKE\u63d0\u8bae\uff0cIKE\u5bf9\u7b49\u4f53\uff0cIPsec\u6a21\u677f\u8c03\u7528\u4ee5\u4e0a\u914d\u7f6e<\/strong>\u3002(\u4e3a\u533a\u5206ike\u5bf9\u7b49\u4f53,\u5728\u5206\u652fR2\/R3\u914d\u7f6eike peer hub v2,\u603b\u90e8R1\u914d\u7f6eike peer spoke v2)\n#HUB-R1\/R2\/R3\nipsec proposal p1\n encapsulation-mode transport\n esp authentication-algorithm sha2-512\n esp encryption-algorithm aes-256\n\nike proposal 1\n encryption-algorithm aes-cbc-256\n dh group14\n authentication-algorithm aes-xcbc-mac-96\n\nike peer spoke v2\n pre-shared-key cipher huawei\n ike-proposal 1\n\nipsec profile s1\n ike-peer spoke\n proposal p1<\/code><\/pre>\n\n\n\n
    6.\u5173\u95edR1\/2\/3\u96a7\u9053\u63a5\u53e3\uff0c\u8c03\u7528IPsec\u6a21\u677f\u3002\u542f\u7528HUB-R1\u96a7\u9053\u540e\u518d\u542f\u7528\u5206\u652f\u96a7\u9053\u63a5\u53e3\n#HUB-R1\/R2\/R3\nint tun0\/0\/0\nshut\nipsec profile s1\n\n#HUB-R1\nint tun0\/0\/0\nundo shut\n\n#R2\/R3\nint tun0\/0\/0\nundo shut<\/code><\/pre>\n\n\n\n
    7.\u6d4b\u8bd5\u914d\u7f6e\uff0c\u68c0\u67e5OSPF\u90bb\u5c45\uff0c\u603b\u90e8PC ping\u5206\u652f1\uff0c\u5206\u652f1 PC2\u5230\u5206\u652f2 PC3\u67e5\u770b\u8def\u7531\u8ddf\u8e2a\uff08\u7b2c\u4e00\u6b21\u7ecf\u8fc7\u4e86\u603b\u90e8\u8f6c\u53d1\uff0c\u7b2c\u4e8c\u6b21\u5c31\u8d70\u6b63\u5e38\u5206\u652f\u95f4\u76f4\u8fde\u96a7\u9053\u4e86\uff09\uff0c\u6293\u5305\u67e5\u770b\u52a0\u5bc6\u72b6\u6001\u3002\u8fbe\u5230\u9884\u671f\u6548\u679c\u3002<\/p>\n\n\n\n
    \"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
    \u9700\u6c42\u8bf4\u660e \u603b\u90e8\u548c2\u4e2a\u5206\u652f\u529e\u516c\u5ba4\u6253\u901a\u5185\u7f51\u4e92\u8054\uff0c\u5206\u652f\u95f4\u4e92\u8bbf\u5efa\u7acb\u52a8\u6001\u76f4\u8fde\u96a7\u9053\uff0c\u96a7\u9053\u91c7\u7528IPsec\u52a0\u5bc6\u5e76\u8fd0\u884cOSPF\u7ef4 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[46],"tags":[65,66,67],"class_list":["post-413","post","type-post","status-publish","format-standard","hentry","category-ensp","tag-dsvpn","tag-dsvpn-over-ipsec","tag-dsvpnospf"],"_links":{"self":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts\/413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=413"}],"version-history":[{"count":3,"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts\/413\/revisions"}],"predecessor-version":[{"id":424,"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts\/413\/revisions\/424"}],"wp:attachment":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}