Linode 安装 Cisco IPSEC 服务流程
步骤如下: 1.新建虚拟机,选择Debian 7 64位系统 2.SSH接入,获取IP,记录之 3.执行以下命令 1)apt-get install racoon
2)vim /etc/racoon/racoon.conf
log info; path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs";
listen { isakmp IP地址 [500]; isakmp_natt IP地址 [4500]; }
remote anonymous { exchange_mode aggressive, main, base; mode_cfg on; proposal_check obey; nat_traversal on; generate_policy unique; ike_frag on; passive on; dpd_delay 30;
proposal { lifetime time 28800 sec; encryption_algorithm 3des; hash_algorithm md5; authentication_method xauth_psk_server; dh_group 2; } }
sainfo anonymous { encryption_algorithm aes, 3des, blowfish; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } mode_cfg { auth_source system; dns4 8.8.8.8; banner "/etc/racoon/motd"; save_passwd on; network4 10.12.0.100; netmask4 255.255.255.0; pool_size 100; pfs_group 2; }
3)vim /etc/racoon/psk.txt 首行加入
Group Name Group Secret
用户组名 SharedKey
chmod 700 /etc/racoon/psk.txt
4)vim /etc/racoon/motd 加入欢迎词
5)useradd -MN -b /tmp -s /bin/false 用户名 passwd 用户名
6) iptables -A INPUT -p udp --dport 500 -j ACCEPT iptables -A INPUT -p udp --dport 4500 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.12.0.0/24 -j ACCEPT
7)vim /etc/sysctl.conf net.ipv4.ip_forward=1 sysctl -p /etc/sysctl.conf
8)/etc/init.d/racoon start
-
可选 mkdir /etc/iptables/ iptables-save > /etc/iptables/rules.v4
-
可选 vim /etc/rc.local =========================== racoon /sbin/iptables-restore < /etc/iptables/rules.v4 ===========================
经过测试,Vultr支持安装Cisco IPSEC