文章详情

Php文档 Php问答 行业资讯 Php论坛 Php手册 Php博客
  • 游戏榜单
  • 软件榜单
关闭导航
热搜榜
热门下载
热门标签
关闭搜索
php爱好者> php文档>在RedhatLinux9.0中搭建Freeswan VPN服务器

在RedhatLinux9.0中搭建Freeswan VPN服务器

时间:2007-06-06  来源:一路狂笑

在Redhat Linux 9.0系统中搭建VPN服务器

2007-06-06 by kenthy#qingdaonews.com

###################################################
系统环境:Redhat Linux 9.0 [ 2.4.20-8 ]
软件版本:
 freeswan-2.06.tar.gz

目标功能:
    网络拓扑:
 ClientA[eth0]--->[eth0]ServerA[eth1]--->==Internet==<---[eth1]ServerB[eth0]--->[eth0]ClientB
    网络环境[简化实验配置]:
 Client A:
     eth0: 172.17.17.20/24 Gateway:172.17.17.1
 Server A:
     eth0: 172.17.17.1
     eth1: 20.0.0.1/8 Gateway:20.0.0.1
 Server B:
     eth0: 192.168.3.1/24
     eth1: 20.0.0.2/8 Gateway:20.0.0.2
 Client B:
     eth0: 192.168.3.33/24 Gateway:192.168.3.1

#########################################################################################

一、编译内核[为下一步打ipsec内核补丁提供环境,如果已经有编译过的内核残码,可直接进入第二步]
    # make mrproper
    # cp /boot/config-2.4.20-8 /usr/src/linux-2.4.20-8/.config //不对内核配置作太多细节调整,偷个懒直接使用旧的.config
    # cd /usr/src/linux-2.4.20-8
    # make dep && make bzImage && make modules && make modules_install

二、编译安装freeswan
    # tar zxvf freeswan-2.06.tar.gz -C /usr/src/
    # cd /usr/src/freeswan-2.06
    # make menugo
    # make kinstall
    # reboot  //重启后选择使用新内核进入系统

三、配置VPN
    1、Server A
 1> # /usr/local/sbin/ipsec showhostkey --left | tail -1 > leftrsasigkey  //在20.0.0.1上生成leftrsasigkey
 2> //在20.0.0.2上生成rightrsasigkey
 3> # vi /etc/ipsec.conf   //加入leftrsasigkey和rightrsasigkey两个密钥内容,文件详细内容见文末
    # vi /etc/ipsec.d/policies/block //使用block文件可以限制某些客户机器使用VPN网关,如不需要可以跳过此步
  172.17.17.200/24
 4> //复制Server A的ipsec.conf文件到Server B
 5> # vi /etc/sysctl.conf
  net.ipv4.ip_forward = 1
    # echo 1 > /proc/sys/net/ipv4/ip_forward
    # iptables -t nat -A POSTROUTING -o eth1 -s 172.17.17.0/24 -j SNAT --to 20.0.0.1 //其它防火墙安全策略此处略过
 6> # chkconfig --level 2345 ipsec on
    # /etc/init.d/ipsec restart
    2、Server B
 2> # /usr/local/sbin/ipsec showhostkey --right | tail -1 > rightrsasigkey //在20.0.0.2上生成rightrsasigkey
 4> //复制Server A的ipsec.conf文件到Server B
 5> # vi /etc/sysctl.conf
  net.ipv4.ip_forward = 1
    # echo 1 > /proc/sys/net/ipv4/ip_forward
    # iptables -t nat -A POSTROUTING -o eth1 -s 192.168.3.0/24 -j SNAT --to 20.0.0.2 //其它防火墙安全策略此处略过
 6> # chkconfig --level 2345 ipsec on
    # /etc/init.d/ipsec restart
    3、Client A
 [略]
    4、Client B
 [略]

四、测试
 1、在Server A、Server B上
  # ipsec whack --status  //查看链接隧道
  # route -n    //检查路由表是否有到对端子网络的ipsec0路由记录
  192.168.3.0 20.0.0.2  255.255.255.0 U 0 0 0 ipsec0
  # ping 192.168.3.200  //ping监测到对端子网络的连通性
  # ipsec auto --up lnet-rnet //手动建立隧道连接
  # ipsec auto --up lnet-rgate
  # ipsec auto --up lgate-rnet
  # ipsec auto --up lgate-rgate

 2、在Client A上ping检测到Client B的连通性

#######################################################################
附录: /etc/ipsec.conf文件

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file:  /usr/local/share/doc/freeswan/ipsec.conf-sample
# Examples:
# http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/examples  

version 2.0 # conforms to second version of ipsec.conf specification

config setup
 interfaces=%defaultroute

conn lnet-rnet
 left=20.0.0.1
 leftsubnet=172.17.17.0/24
 [email protected]
 leftrsasigkey=0sAQOATQFrFTMs3n1jm/K+7xqKMOjXKlKQQeZvE22gsju5GjeACh57tQ2zcJxtR7ilqNgRXhHFMTfJYC5N5qvuCPfIGl490JBaRqkkEiUI13sJAvktKtYdd8wY3Yy3EmTsF60XUZO6n8Pw76gyAq+lxxT0e0HO0UftNC4q500JvNvzNDVlf3JaengKUlLiw1Q14jVaRd7blDyHqw486bFvX816dQfR8ZXbXieE7TL1k7DlJ4IkHSoXLCg4SYy+ZFCM2FfycOJ4iwujucI7JBm90N6qo100nd0QIMoNcNxr4z85eyIBRsXzHqqYac8IQVV/cvAeufFJ3Alk+AmzkFlekAiNzu5g6ApOefGdh1hdWTSC7oxAK6RbGGbwiww2Ig2m6ASewe2RPTjTAFm06Dgjgop07FfzpaRWg1f1dnRX5FyieIFq2SQWrEQrk7SYzwJ/kxq1yCAq6Bwu/nMqnoxkHISIleWXoG+qgkDt9G9PkRZVUqC9IJLB+s2WuBN7H/Vu9sXn+NLNgstleQ==
 leftnexthop=%defaultroute
 right=20.0.0.2
 rightsubnet=192.168.3.0/24
 [email protected]
 rightrsasigkey=0sAQOx5W62vJqET4F8aPHo+OLavUfB1UfvRSCyJSd356BNxXxMsmCnKerLact2IqwKMcCZ7WJ/x1g4Lr66t9JGjgRbSmakW87zU6bGR/nUyJJNwA7VnyuXj0xoBgTgChB91Sl65rosbaQv+s1qB4j/nRGtov/0BrRwUGLBCyCTON69aZfb3Sh/ZjmQQirVb9d8Co83GhSmlX++f3pK/pBNnYu4FuRynrc+TkV+kSFKqleHwOW5jDBNDzudXNNP3hMVZ3fpmuPySSsC4KL/V3OlVtzKRyF2QEc/q/rRZginV2Mk8WBnkoRu8MNFFWL0nvM8vJMm4D4dsZBk69/COt2xMTT/8PTO5HV4y5lcfalKGF5Evd/fI9n3/ypRG9oFmv/EF9I4wMOdw1OpoCbV5zCeCLHf8Uy2dm4ClA5SqIAa3aHCexrrod9FljpBvTIyzMR+dp649TUWVIJfvGTB7fN0UYoaqpT1tWWF0vRj0KLopAI+hEF8nlgmGpsn0vsPG4KeUTiHdGo8gB3aaUgCbD6yV2qBgOHKtaOz3sJI3MaruiQlC/Miqrk4nLpe+64s5lwGxnNuE/21uUQ/stryrafJjOsNVqeyK4eDn11YFJgb6PjReeAg41Rf6yLwDF+KLFbyeoWMcUDWH22mzfA95K8=
 rightnexthop=%defaultroute
 auto=static

conn lgate-rnet
 left=20.0.0.1
 [email protected]
 leftrsasigkey=0sAQOATQFrFTMs3n1jm/K+7xqKMOjXKlKQQeZvE22gsju5GjeACh57tQ2zcJxtR7ilqNgRXhHFMTfJYC5N5qvuCPfIGl490JBaRqkkEiUI13sJAvktKtYdd8wY3Yy3EmTsF60XUZO6n8Pw76gyAq+lxxT0e0HO0UftNC4q500JvNvzNDVlf3JaengKUlLiw1Q14jVaRd7blDyHqw486bFvX816dQfR8ZXbXieE7TL1k7DlJ4IkHSoXLCg4SYy+ZFCM2FfycOJ4iwujucI7JBm90N6qo100nd0QIMoNcNxr4z85eyIBRsXzHqqYac8IQVV/cvAeufFJ3Alk+AmzkFlekAiNzu5g6ApOefGdh1hdWTSC7oxAK6RbGGbwiww2Ig2m6ASewe2RPTjTAFm06Dgjgop07FfzpaRWg1f1dnRX5FyieIFq2SQWrEQrk7SYzwJ/kxq1yCAq6Bwu/nMqnoxkHISIleWXoG+qgkDt9G9PkRZVUqC9IJLB+s2WuBN7H/Vu9sXn+NLNgstleQ==
 right=20.0.0.2
 [email protected]
 rightrsasigkey=0sAQOx5W62vJqET4F8aPHo+OLavUfB1UfvRSCyJSd356BNxXxMsmCnKerLact2IqwKMcCZ7WJ/x1g4Lr66t9JGjgRbSmakW87zU6bGR/nUyJJNwA7VnyuXj0xoBgTgChB91Sl65rosbaQv+s1qB4j/nRGtov/0BrRwUGLBCyCTON69aZfb3Sh/ZjmQQirVb9d8Co83GhSmlX++f3pK/pBNnYu4FuRynrc+TkV+kSFKqleHwOW5jDBNDzudXNNP3hMVZ3fpmuPySSsC4KL/V3OlVtzKRyF2QEc/q/rRZginV2Mk8WBnkoRu8MNFFWL0nvM8vJMm4D4dsZBk69/COt2xMTT/8PTO5HV4y5lcfalKGF5Evd/fI9n3/ypRG9oFmv/EF9I4wMOdw1OpoCbV5zCeCLHf8Uy2dm4ClA5SqIAa3aHCexrrod9FljpBvTIyzMR+dp649TUWVIJfvGTB7fN0UYoaqpT1tWWF0vRj0KLopAI+hEF8nlgmGpsn0vsPG4KeUTiHdGo8gB3aaUgCbD6yV2qBgOHKtaOz3sJI3MaruiQlC/Miqrk4nLpe+64s5lwGxnNuE/21uUQ/stryrafJjOsNVqeyK4eDn11YFJgb6PjReeAg41Rf6yLwDF+KLFbyeoWMcUDWH22mzfA95K8=
 rightsubnet=192.168.3.0/24
 auto=static

conn lnet-rgate
 left=20.0.0.1
 [email protected]
 leftrsasigkey=0sAQOATQFrFTMs3n1jm/K+7xqKMOjXKlKQQeZvE22gsju5GjeACh57tQ2zcJxtR7ilqNgRXhHFMTfJYC5N5qvuCPfIGl490JBaRqkkEiUI13sJAvktKtYdd8wY3Yy3EmTsF60XUZO6n8Pw76gyAq+lxxT0e0HO0UftNC4q500JvNvzNDVlf3JaengKUlLiw1Q14jVaRd7blDyHqw486bFvX816dQfR8ZXbXieE7TL1k7DlJ4IkHSoXLCg4SYy+ZFCM2FfycOJ4iwujucI7JBm90N6qo100nd0QIMoNcNxr4z85eyIBRsXzHqqYac8IQVV/cvAeufFJ3Alk+AmzkFlekAiNzu5g6ApOefGdh1hdWTSC7oxAK6RbGGbwiww2Ig2m6ASewe2RPTjTAFm06Dgjgop07FfzpaRWg1f1dnRX5FyieIFq2SQWrEQrk7SYzwJ/kxq1yCAq6Bwu/nMqnoxkHISIleWXoG+qgkDt9G9PkRZVUqC9IJLB+s2WuBN7H/Vu9sXn+NLNgstleQ==
 leftsubnet=172.17.17.0/24
 right=20.0.0.2
 [email protected]
 rightrsasigkey=0sAQOx5W62vJqET4F8aPHo+OLavUfB1UfvRSCyJSd356BNxXxMsmCnKerLact2IqwKMcCZ7WJ/x1g4Lr66t9JGjgRbSmakW87zU6bGR/nUyJJNwA7VnyuXj0xoBgTgChB91Sl65rosbaQv+s1qB4j/nRGtov/0BrRwUGLBCyCTON69aZfb3Sh/ZjmQQirVb9d8Co83GhSmlX++f3pK/pBNnYu4FuRynrc+TkV+kSFKqleHwOW5jDBNDzudXNNP3hMVZ3fpmuPySSsC4KL/V3OlVtzKRyF2QEc/q/rRZginV2Mk8WBnkoRu8MNFFWL0nvM8vJMm4D4dsZBk69/COt2xMTT/8PTO5HV4y5lcfalKGF5Evd/fI9n3/ypRG9oFmv/EF9I4wMOdw1OpoCbV5zCeCLHf8Uy2dm4ClA5SqIAa3aHCexrrod9FljpBvTIyzMR+dp649TUWVIJfvGTB7fN0UYoaqpT1tWWF0vRj0KLopAI+hEF8nlgmGpsn0vsPG4KeUTiHdGo8gB3aaUgCbD6yV2qBgOHKtaOz3sJI3MaruiQlC/Miqrk4nLpe+64s5lwGxnNuE/21uUQ/stryrafJjOsNVqeyK4eDn11YFJgb6PjReeAg41Rf6yLwDF+KLFbyeoWMcUDWH22mzfA95K8=
 auto=static
  
conn lgate-rgate
 left=20.0.0.1
 [email protected]
 leftrsasigkey=0sAQOATQFrFTMs3n1jm/K+7xqKMOjXKlKQQeZvE22gsju5GjeACh57tQ2zcJxtR7ilqNgRXhHFMTfJYC5N5qvuCPfIGl490JBaRqkkEiUI13sJAvktKtYdd8wY3Yy3EmTsF60XUZO6n8Pw76gyAq+lxxT0e0HO0UftNC4q500JvNvzNDVlf3JaengKUlLiw1Q14jVaRd7blDyHqw486bFvX816dQfR8ZXbXieE7TL1k7DlJ4IkHSoXLCg4SYy+ZFCM2FfycOJ4iwujucI7JBm90N6qo100nd0QIMoNcNxr4z85eyIBRsXzHqqYac8IQVV/cvAeufFJ3Alk+AmzkFlekAiNzu5g6ApOefGdh1hdWTSC7oxAK6RbGGbwiww2Ig2m6ASewe2RPTjTAFm06Dgjgop07FfzpaRWg1f1dnRX5FyieIFq2SQWrEQrk7SYzwJ/kxq1yCAq6Bwu/nMqnoxkHISIleWXoG+qgkDt9G9PkRZVUqC9IJLB+s2WuBN7H/Vu9sXn+NLNgstleQ==
 right=20.0.0.2
 [email protected]
 rightrsasigkey=0sAQOx5W62vJqET4F8aPHo+OLavUfB1UfvRSCyJSd356BNxXxMsmCnKerLact2IqwKMcCZ7WJ/x1g4Lr66t9JGjgRbSmakW87zU6bGR/nUyJJNwA7VnyuXj0xoBgTgChB91Sl65rosbaQv+s1qB4j/nRGtov/0BrRwUGLBCyCTON69aZfb3Sh/ZjmQQirVb9d8Co83GhSmlX++f3pK/pBNnYu4FuRynrc+TkV+kSFKqleHwOW5jDBNDzudXNNP3hMVZ3fpmuPySSsC4KL/V3OlVtzKRyF2QEc/q/rRZginV2Mk8WBnkoRu8MNFFWL0nvM8vJMm4D4dsZBk69/COt2xMTT/8PTO5HV4y5lcfalKGF5Evd/fI9n3/ypRG9oFmv/EF9I4wMOdw1OpoCbV5zCeCLHf8Uy2dm4ClA5SqIAa3aHCexrrod9FljpBvTIyzMR+dp649TUWVIJfvGTB7fN0UYoaqpT1tWWF0vRj0KLopAI+hEF8nlgmGpsn0vsPG4KeUTiHdGo8gB3aaUgCbD6yV2qBgOHKtaOz3sJI3MaruiQlC/Miqrk4nLpe+64s5lwGxnNuE/21uUQ/stryrafJjOsNVqeyK4eDn11YFJgb6PjReeAg41Rf6yLwDF+KLFbyeoWMcUDWH22mzfA95K8=
 auto=static
################################## The End ##############################################

相关阅读 更多 +
排行榜 更多 +
开局一个小兵最新版

开局一个小兵最新版

休闲益智 下载
火柴人联盟2腾讯qq登录版

火柴人联盟2腾讯qq登录版

体育竞技 下载
tsuki odyssey游戏(月兔冒险奥德赛)

tsuki odyssey游戏(月兔冒险奥德赛)

休闲益智 下载

Copyright 2006-2020 (phpxiu.com) All Rights Reserved.

本站为非盈利性网站,不接受任何广告。php爱好者