Categorized | 网络技术

Centos安装Cisco IPSec V-P-N方式

发布于 2015年02月25日 更新于 2017年05月12日 

环境:centos 6.5 X86_64

更新源:

yum install wget vim -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
yum makecache

下载软件:

wget ftp://ftp.pbone.net/mirror/ftp.pramberger.at/systems/linux/contrib/rhel5/x86_64/ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm

wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/aevseev/CentOS_CentOS-6/x86_64/ipsec-tools-0.8.0-25.3.x86_64.rpm

安装依赖包:

yum install openssl098e-0.9.8e-18.el6_5.2.x86_64 -y
yum install compat-openldap-2.3.43-2.el6.x86_64 -y

安装:

rpm -ivh ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm
rpm -ivh ipsec-tools-0.8.0-25.3.x86_64.rpm

设置欢迎信息:

vim /etc/racoon/motd

设置VPN组名和密钥:

vim /etc/racoon/psk.txt

123 123

chmod 700 /etc/racoon/psk.txt

设置配置文件:

vim /etc/racoon/racoon.conf

path include "/etc/racoon";
#include "remote.conf";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/cert";
#log debug;

listen
{
isakmp 10.211.55.64 [500];
isakmp_natt 10.211.55.64 [4500];
}

remote anonymous
{
exchange_mode main, aggressive, base;
mode_cfg on;
proposal_check obey; # obey, strict, or claim
nat_traversal on;
generate_policy unique;
ike_frag on;
passive on;
dpd_delay 30;

proposal {
lifetime time 28800 sec;
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method xauth_psk_server;
dh_group 2;
}
}

sainfo anonymous
{
encryption_algorithm 3des, aes, blowfish;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}

mode_cfg
{
auth_source system;
dns4 8.8.8.8, 114.114.114.114;
banner "/etc/racoon/motd";
save_passwd on;
network4 192.168.0.100;
netmask4 255.255.255.0;
pool_size 100;
pfs_group 2;
}

添加系统的用户和密码:

useradd -MN -b /tmp -s /sbin/nologin testvpn passwd testvpn

开启转发:

sed -i 's/^\(net.ipv4.ip_forward =\).*/\1 1/' /etc/sysctl.conf; sysctl -p

设置防火墙规则:

linode主机先修复iptables的规则链问题。

iptables -I INPUT -p udp --dport 500 -j ACCEPT
iptables -I INPUT -p udp --dport 4500 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

保存:

service iptables save
service iptables restart

启动:

racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d

看了此文的人貌似还看了这些:

  • centos安装ss多用户带前端教程 2015-02-03
  • Centos安装L2TP+IPSec完整教程 2015-02-07
  • Amazon EC2的Proftpd连接不上? 2013-08-25
  • dedecms优化中常用的一些函数汇总 2012-06-16
  • excel中批量添加带图片批注的vba宏命令 2015-06-04
  • 自动检测memcached进程,不存在则自动重启(脚本) 2014-11-09
  • dedecms三级栏目SEO标题设置问题 2012-06-29
  • 密码保护:出场教程 2017-10-24
  • 2013年flash倒计时及win7侧边栏小工具制作-by simon 2013-06-12
  • winhttp api和com对象版区别 2017-05-10
  • 发表评论

    Time limit is exhausted. Please reload CAPTCHA.

       我相信你,不会发广告!

    斗牛SEO工具