CentOS6.3下安装OpenSWAN

OpenSWAN可以在Linux环境下搭建IPSecVPN。我自己动手在CentOS系统下安装OpenSWAN,现将过程记录下来。

软件

VMware-workstation-7.1

CentOS-6.3-i386-bin-DVD1.iso

openswan-2.6.38.tar.gz

在虚拟机中先将CentOS装好,这里就不详细说明了。

这里需要注意的是需要将机器连到互联网好下载安装一些辅助工具包。IP地址为手动配置好后,发现ping ip可以成功,但是ping某个域名却显示ping: unknown host ***。这是因为没有设置域名服务器的原因。

# ping baidu.com
ping: unknown host baidu.com
解决方法如下:
# vi /etc/resolv.conf
#增加以下两行,具体IP请按实际填写
nameserver 208.67.222.222
nameserver 208.67.220.220

CentOS安装gcc--RPM
#yum install gcc-c++
#yum install flex autoconf zlib curl zlib-devel curl-devel bzip2 bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel

安装相应 ipsec 套件工具和基础软件环境
#yum -y install gmp gmp-devel gawk flex bison

配置环境变量
#sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}'
执行上面的命令,把结果添加到/etc/ sysctl.conf的结尾。
并且把
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
 
修改成
 
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
 
保存后,执行sysctl -p,使其修改后的参数生效。
# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.bond1.send_redirects = 0
net.ipv4.conf.bond1.accept_redirects = 0
net.ipv4.conf.bond0.send_redirects = 0
net.ipv4.conf.bond0.accept_redirects = 0
net.ipv4.conf.eth4.send_redirects = 0
net.ipv4.conf.eth4.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0

安装OpenSWAN

#tar zxvf openswan-2.6.38.tar.gz
#cd openswan-2.6.38
#make programs
#make install

验证安装
执行下面的命令验证OpenSWan是否正确安装
#ipsec --version      
如果程序正确安装,此命令将显示
Linux Openswan U2.6.38/K(no kernel code presently loaded)
See `ipsec --copyright' for copyright information.

这里没有加载任何的IPsec stack,当启动IPsec后会自动加载系统自带的netkey。

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/21152.html