OpenSWAN可以在Linux环境下搭建IPSecVPN。我自己动手在CentOS系统下安装OpenSWAN,现将过程记录下来。
软件
VMware-workstation-7.1
CentOS-6.3-i386-bin-DVD1.iso
openswan-2.6.38.tar.gz
在虚拟机中先将CentOS装好,这里就不详细说明了。
这里需要注意的是需要将机器连到互联网好下载安装一些辅助工具包。IP地址为手动配置好后,发现ping ip可以成功,但是ping某个域名却显示ping: unknown host ***。这是因为没有设置域名服务器的原因。
# ping baidu.comping: unknown host baidu.com解决方法如下:# vi /etc/resolv.conf#增加以下两行,具体IP请按实际填写nameserver 208.67.222.222nameserver 208.67.220.220
CentOS安装gcc–RPM#yum install gcc-c++#yum install flex autoconf zlib curl zlib-devel curl-devel bzip2 bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel
安装相应 ipsec 套件工具和基础软件环境#yum -y install gmp gmp-devel gawk flex bison
配置环境变量#sysctl -a | egrep “ipv4.*(accept|send)_redirects” | awk -F “=” ‘{print $1″= 0″}’执行上面的命令,把结果添加到/etc/ sysctl.conf的结尾。并且把net.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1修改成net.ipv4.ip_forward = 1net.ipv4.conf.default.rp_filter = 0保存后,执行sysctl -p,使其修改后的参数生效。# cat /etc/sysctl.confnet.ipv4.ip_forward = 1net.ipv4.conf.default.rp_filter = 0net.ipv4.conf.default.accept_source_route = 0kernel.sysrq = 0kernel.core_uses_pid = 1net.ipv4.tcp_syncookies = 1kernel.msgmnb = 65536kernel.msgmax = 65536kernel.shmmax = 68719476736kernel.shmall = 4294967296net.ipv4.conf.bond1.send_redirects = 0net.ipv4.conf.bond1.accept_redirects = 0net.ipv4.conf.bond0.send_redirects = 0net.ipv4.conf.bond0.accept_redirects = 0net.ipv4.conf.eth4.send_redirects = 0net.ipv4.conf.eth4.accept_redirects = 0net.ipv4.conf.lo.send_redirects = 0net.ipv4.conf.lo.accept_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.default.accept_redirects = 0net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.all.accept_redirects = 0
安装OpenSWAN
#tar zxvf openswan-2.6.38.tar.gz#cd openswan-2.6.38#make programs#make install
验证安装执行下面的命令验证OpenSWan是否正确安装#ipsec –version 如果程序正确安装,此命令将显示Linux Openswan U2.6.38/K(no kernel code presently loaded)See `ipsec –copyright’ for copyright information.
这里没有加载任何的IPsec stack,当启动IPsec后会自动加载系统自带的netkey。
,美好的生命应该充满期待惊喜和感激
