参考:
CentOS 5.5配置PPTP VPN服务端及客户端
IPSEC+L2TPD安装配置
1、安装OpenSwan
# yum install openswan
配置/etc/ipsec.conf
内容如下:
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=192.168.1.100
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
说明:192.168.1.100为VPN服务器外网IP
配置 PSK /etc/ipsec.secrets
内容如下:
192.168.1.100 %any: PSK "pass"
配置包转发
for i in /proc/sys/net/ipv4/conf/*
do
echo 0 > $i /accept_redirects
echo 0 > $i /send_redirects
done
echo 1 > /proc/sys/net/ipv4/ip_forward
测试IPSEC是否成功
# /etc/init.d/ipsec start
# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.18-194.8.1.el5 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
无FAIL,则配置成功