Linode 安装 Cisco IPSEC 服务流程

步骤如下: 1.新建虚拟机,选择Debian 7 64位系统 2.SSH接入,获取IP,记录之 3.执行以下命令 1)apt-get install racoon

2)vim /etc/racoon/racoon.conf

log info; path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs";

listen { isakmp IP地址 [500]; isakmp_natt IP地址 [4500]; }

remote anonymous { exchange_mode aggressive, main, base; mode_cfg on; proposal_check obey; nat_traversal on; generate_policy unique; ike_frag on; passive on; dpd_delay 30;

proposal { lifetime time 28800 sec; encryption_algorithm 3des; hash_algorithm md5; authentication_method xauth_psk_server; dh_group 2; } }

sainfo anonymous { encryption_algorithm aes, 3des, blowfish; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } mode_cfg { auth_source system; dns4 8.8.8.8; banner "/etc/racoon/motd"; save_passwd on; network4 10.12.0.100; netmask4 255.255.255.0; pool_size 100; pfs_group 2; }

3)vim /etc/racoon/psk.txt 首行加入

Group Name Group Secret

用户组名 SharedKey

chmod 700 /etc/racoon/psk.txt

4)vim /etc/racoon/motd 加入欢迎词

5)useradd -MN -b /tmp -s /bin/false 用户名 passwd 用户名

6) iptables -A INPUT -p udp --dport 500 -j ACCEPT iptables -A INPUT -p udp --dport 4500 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.12.0.0/24 -j ACCEPT

7)vim /etc/sysctl.conf net.ipv4.ip_forward=1 sysctl -p /etc/sysctl.conf

8)/etc/init.d/racoon start

  1. 可选 mkdir /etc/iptables/ iptables-save > /etc/iptables/rules.v4

  2. 可选 vim /etc/rc.local =========================== racoon /sbin/iptables-restore < /etc/iptables/rules.v4 ===========================

经过测试,Vultr支持安装Cisco IPSEC