openswan
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||
#试验环境 Centos5.6,最高可使用2.6.38,版本再高则无法编译通过#### ###在CentOS6.4上2.6.40可以编译通过,应该是已内核版本2.6.23为界#### ##download from https://download.openswan.org/openswan/ #### ###deps##### yum install gmp-devel flex bison-devel tar zxvf openswan-2.6.38.tar.gz && cd openswan-2.6.38 && make programs && make install uname -r 查看一下内核版本 export KERNELSRC= /usr/src/kernels/2.6.32-220.17.1.el6.x86_64/##这里的目录选择以上一步uname-r 的结果为准 make module && make minstall depmod -a modprobe ipsec ipsec --version Linux Openswan U2.6.38/K(no kernel code presently loaded) See `ipsec --copyright' for copyright information. ###start#### service ipsec start ###sysctl.conf##### sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 net.ipv4.conf.em1.accept_redirects = 0 net.ipv4.conf.em1.send_redirects = 0 net.ipv4.conf.em4.accept_redirects = 0 net.ipv4.conf.em4.send_redirects = 0 net.ipv4.conf.em3.accept_redirects = 0 net.ipv4.conf.em3.send_redirects = 0 net.ipv4.conf.em2.accept_redirects = 0 net.ipv4.conf.em2.send_redirects = 0 ######test####### ipsec verify ##################生成key(左右两端命令一样)##### mv /dev/random /dev/random.back ln -s /dev/urandom /dev/random ipsec newhostkey --output /etc/ipsec.secrets ###/etc/ipsec.secrets添加以下内容,两段公网ip ,123456是共享密钥## 118.145.0.38 118.144.83.20 : PSK "123456" #######ipsec.conf######## version 2.0 config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.10.66.0/24,%v4:192.168.0.0/16,%v4:172.16.3.0/24,%v4:172.16.83.0/24,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=auto conn net-net ike=3des-md5 authby=secret keyingtries=0 left=118.145.0.200 leftsubnet=10.10.66.0/24 leftrsasigkey=123456 leftnexthop=%defaultroute right=118.144.83.121 rightsubnet=172.16.83.0/24 rightrsasigkey=123456 rightnexthop=%defaultroute compress=no auto=start