openswan安装配置手册(PSK)
来源:互联网 发布:网络出版的类型 编辑:程序博客网 时间:2024/06/02 05:25
下载地址:www.openswan.org/download下载源码包:openswan-2.6.32.tar.gz64 位CentOS 5.8 系统环境1,解压安装openswantar -xvf openswan-2.6.32.tar.gzcd openswan-2.6.32make programsmake installipsec --versionLinux Openswan 2.6.32 (netkey)See `ipsec --copyright' for copyright information.2,修改系统配置文件echo “0” > /selinux/enforce (service selinux stop)sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.confvi /etc/sysctl.conf 将下面两项net.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1改为net.ipv4.ip_forward = 1net.ipv4.conf.default.rp_filter = 0执行以下命令使设置生效sysctl -p 3,配置SA,CA和SB,CB的ip地址CA: 192.168.11.25SA: eth0 192.168.11.215, eth1 192.168.13.215CB: 192.168.15.191SB: eth0 192.168.15.214, eth1 192.168.13.2144,在SA和SB下分别执行以下命令,配置NAT表,为数组包加伪装在SA上执行以下命令iptables -t nat -A POSTROUTING -o eth1 -s 192.168.11.0/24 ! -d 192.168.15.0/24 -j MASQUERADE在SB上执行以下命令iptables -t nat -A POSTROUTING -o eth1 -s 192.168.15.0/24 ! -d 192.168.11.0/24 -j MASQUERADE 5,配置/etc/ipsec.secrets文件SA:vim /etc/ipsec.secrets192.168.13.215 192.168.13.214 : PSK "123456"SB:与SA所执行操作完全相同6,配置/etc/ipsec.conf文件SA:vim /etc/ipsec.confconn net-netauto=add (start)left=192.168.13.215compress=nopfs=noright=192.168.13.214authby=secretikelifetime="3600"keylife="28800"dpddelay=30dpdtimeout=120dpdaction=restartrekey=yeskeyingtries=0leftsubnet=192.168.11.0/24rightsubnet=192.168.15.0/24SB:与SA所执行操作完全相同7,启动openswan虚拟vpnservice ipsec restart (service ipsec status)ipsec verifyChecking your system to see if IPsec got installed and started correctly:Version check and ipsec on-path [OK]Linux Openswan U2.6.32/K2.6.18-308.el5 (netkey)Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing for disabled ICMP send_redirects [OK]NETKEY detected, testing for disabled ICMP accept_redirects [OK]Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK]Two or more interfaces found, checking IP forwarding [OK]Checking NAT and MASQUERADEing Checking for 'ip' command [OK]Checking /bin/sh is not /bin/dash [OK]Checking for 'iptables' command [OK]Opportunistic Encryption Support [DISABLED]在SA和SB上分别执行以下命令,建立VPN隧道ipsec auto --add net-netipsec auto --up net-net8 验证ipsec是否配置成功在网络层进行通信(飞秋),在SA或SB上tcpdump命令抓包验证(ping)tcpdump –i eth0 host 192.168.11.11 and 192.168.15.15
1 0
- openswan安装配置手册(PSK)
- openswan安装配置手册(RSA)
- Openswan在CentOS6.4上的编译安装与配置
- 十分钟配置Openswan
- 快速配置openswan VPN
- centos安装openswan
- PSK
- Brio安装配置手册
- Mantis安装配置手册
- Eclipse安装配置手册
- VSFTPD 安装配置手册
- RabbitMQ安装配置手册
- Nginx + tomcat + SSL 安装配置手册安装配置手册安装配置手册安装配置手册
- ipvsadm安装配置手册
- LNMP安装配置手册
- Oozie安装配置手册
- Gerrit安装配置手册
- flume安装配置手册
- Sublime Text 3 快捷键总结
- hive技术简介
- python3.4连接mysql
- Oracle怎创建自增
- HDU 1164 Eddy's research I
- openswan安装配置手册(PSK)
- 程序打包成可执行的jar包
- Linux下安装maven
- 微软平台文件编码兼容Unix不生成BOM头
- Android编程实用小技巧
- Java动态代理详解
- solr报maxClauseCount is set to 1024 的解决方案
- Hibernate – Many-to-Many example (Annotation)
- 使用layer-list实现单个方向或指定方向描边