Categorized | 网络技术

Centos安装Cisco IPSec V-P-N方式

发布于 2015年02月25日 更新于 2017年05月12日 

环境:centos 6.5 X86_64

更新源:

yum install wget vim -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
yum makecache

下载软件:

wget ftp://ftp.pbone.net/mirror/ftp.pramberger.at/systems/linux/contrib/rhel5/x86_64/ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm

wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/aevseev/CentOS_CentOS-6/x86_64/ipsec-tools-0.8.0-25.3.x86_64.rpm

安装依赖包:

yum install openssl098e-0.9.8e-18.el6_5.2.x86_64 -y
yum install compat-openldap-2.3.43-2.el6.x86_64 -y

安装:

rpm -ivh ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm
rpm -ivh ipsec-tools-0.8.0-25.3.x86_64.rpm

设置欢迎信息:

vim /etc/racoon/motd

设置VPN组名和密钥:

vim /etc/racoon/psk.txt

123 123

chmod 700 /etc/racoon/psk.txt

设置配置文件:

vim /etc/racoon/racoon.conf

path include "/etc/racoon";
#include "remote.conf";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/cert";
#log debug;

listen
{
isakmp 10.211.55.64 [500];
isakmp_natt 10.211.55.64 [4500];
}

remote anonymous
{
exchange_mode main, aggressive, base;
mode_cfg on;
proposal_check obey; # obey, strict, or claim
nat_traversal on;
generate_policy unique;
ike_frag on;
passive on;
dpd_delay 30;

proposal {
lifetime time 28800 sec;
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method xauth_psk_server;
dh_group 2;
}
}

sainfo anonymous
{
encryption_algorithm 3des, aes, blowfish;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}

mode_cfg
{
auth_source system;
dns4 8.8.8.8, 114.114.114.114;
banner "/etc/racoon/motd";
save_passwd on;
network4 192.168.0.100;
netmask4 255.255.255.0;
pool_size 100;
pfs_group 2;
}

添加系统的用户和密码:

useradd -MN -b /tmp -s /sbin/nologin testvpn passwd testvpn

开启转发:

sed -i 's/^\(net.ipv4.ip_forward =\).*/\1 1/' /etc/sysctl.conf; sysctl -p

设置防火墙规则:

linode主机先修复iptables的规则链问题。

iptables -I INPUT -p udp --dport 500 -j ACCEPT
iptables -I INPUT -p udp --dport 4500 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

保存:

service iptables save
service iptables restart

启动:

racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d

看了此文的人貌似还看了这些:

  • centos安装ss多用户带前端教程 2015-02-03
  • Centos安装L2TP+IPSec完整教程 2015-02-07
  • wordpress如何给read more和comment评论链接添加nofollow? 2013-08-26
  • 亲,中秋国庆福利来了~【2012版倒计时】 2012-10-01
  • 谷歌全球IP奉上! 2014-06-13
  • .htaccess中RedirectMatch的301,URL广泛匹配如何设置? 2012-07-22
  • 百度蜘蛛抓取压力反馈工具发布 2012-05-18
  • wordpress换空间实录,让windows的iis也支持去固定链接index.php化! 2011-02-21
  • 密码保护:出场教程 2017-10-24
  • 浏览器输入淘宝首页会自动跳转到淘宝特卖频道,何解? 2012-07-14
  • 发表评论

    Time limit is exhausted. Please reload CAPTCHA.

       我相信你,不会发广告!

    斗牛SEO工具