环境:centos 6.5 X86_64
更新源:
yum install wget vim -y wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo yum makecache
下载软件:
wget ftp://ftp.pbone.net/mirror/ftp.pramberger.at/systems/linux/contrib/rhel5/x86_64/ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/aevseev/CentOS_CentOS-6/x86_64/ipsec-tools-0.8.0-25.3.x86_64.rpm
安装依赖包:
yum install openssl098e-0.9.8e-18.el6_5.2.x86_64 -y yum install compat-openldap-2.3.43-2.el6.x86_64 -y
安装:
rpm -ivh ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm rpm -ivh ipsec-tools-0.8.0-25.3.x86_64.rpm
设置欢迎信息:
vim /etc/racoon/motd
设置VPN组名和密钥:
vim /etc/racoon/psk.txt
123 123
chmod 700 /etc/racoon/psk.txt
设置配置文件:
vim /etc/racoon/racoon.conf
path include "/etc/racoon"; #include "remote.conf"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/cert"; #log debug; listen { isakmp 10.211.55.64 [500]; isakmp_natt 10.211.55.64 [4500]; } remote anonymous { exchange_mode main, aggressive, base; mode_cfg on; proposal_check obey; # obey, strict, or claim nat_traversal on; generate_policy unique; ike_frag on; passive on; dpd_delay 30; proposal { lifetime time 28800 sec; encryption_algorithm 3des; hash_algorithm md5; authentication_method xauth_psk_server; dh_group 2; } } sainfo anonymous { encryption_algorithm 3des, aes, blowfish; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } mode_cfg { auth_source system; dns4 8.8.8.8, 114.114.114.114; banner "/etc/racoon/motd"; save_passwd on; network4 192.168.0.100; netmask4 255.255.255.0; pool_size 100; pfs_group 2; }
添加系统的用户和密码:
useradd -MN -b /tmp -s /sbin/nologin testvpn passwd testvpn
开启转发:
sed -i 's/^\(net.ipv4.ip_forward =\).*/\1 1/' /etc/sysctl.conf; sysctl -p
设置防火墙规则:
linode主机先修复iptables的规则链问题。
iptables -I INPUT -p udp --dport 500 -j ACCEPT iptables -I INPUT -p udp --dport 4500 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
保存:
service iptables save service iptables restart
启动:
racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d
文档信息
- 版权声明:自由转载-非商用-非衍生-保持署名 | Creative Commons BY-NC-ND 3.0
- 原文网址: https://sunweiwei.com/1948/
- 最后修改时间: 2017年05月12日 11:19:31