In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Use IPSEC to maintain the dynamic IP connection of the static IP+ branch of the headquarters.
Environment: headquarters: Centos6.5
Branch: vigor or Dlink router
Mobile office: win7
Wget https://download.strongswan.org/strongswan-5.3.5.tar.gz
Tar-xzvf strongswan-5.3.5.tar.gz
Cd strongswan-5.3.5.tar.gz
Yum update
Yum install pam-devel openssl-devel make gcc-y
. / configure-- enable-eap-identity-- enable-eap-md5-- enable-eap-mschapv2-- enable-eap-tls-- enable-eap-ttls-- enable-eap-peap-- enable-eap-tnc-- enable-eap-dynamic-- enable-eap-radius-- enable-xauth-eap-- enable-xauth-pam-- enable-dhcp-- enable-openssl-- enable-addrblock-- enable-unity-- enable-certexpire-enable-radattr-- enable-tools-- enable-openssl-- disable-gmp
Make & & make install
# for * in / proc/sys/net/ipv4/conf/*; do echo 0 > $* * / accept_redirects; echo 0 > $* * / send_redirects; done
Vim / etc/sysctl.conf
Sysctl-p
Vim / usr/local/etc/ipsec.conf
Conn default
Ikelifetime=60m
Rekeymargin=3m
Keyingtries=1
Keyexchange=ikev1
Authby=secret
Ike=3des-sha1-modp1024
Esp=3des-md5
Conn × ×
Left=0.0.0.0
Leftsubnet=192.168.0.0/16
Leftfirewall=yes
Right=%any
Rightsubnet=192.168.3.0/24
Auto=add
Conn * * 2
Left=0.0.0.0
Leftsubnet=192.168.0.0/16
Leftfirewall=yes
Right=%any
Rightsubnet=172.20.15.2/24
Auto=add
Vim / usr/local/etc/ipsec.secrets
: PSK XXXXXX
/ usr/local/sbin/ipsec start
Cat / var/log/messages
Vim / etc/rc.local
#! / bin/sh
#
# This script will be executed * after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
Touch / var/lock/subsys/local
Ifconfig eth0:0 192.168.16.1 netmask 255.255.0.0 up
Wget http://www.atomicorp.com/installers/atomic
Sh. / atomic
Yum check-update
Yum install xl2tpd-y
Vim / etc/xl2tpd/xl2tpd.conf
[lns default]
Ip range = 192.168.16.128-192.168.16.254
Local ip = 192.168.16.1
Require chap = yes
Refuse pap = yes
Require authentication = yes
Name = Linux × × server
Ppp debug = yes
Pppoptfile = / etc/ppp/options.xl2tpd
Length bit = yes
Vim / etc/ppp/options.xl2tpd
Ipcp-accept-local
Ipcp-accept-remote
Ms-dns 192.168.1.1
Ms-dns 192.168.1.1
Ms-wins 192.168.1.2
Ms-wins 192.168.1.4
Noccp
Auth
Crtscts
Idle 1800
Mtu 1410
Mru 1410
Nodefaultroute
Debug
Lock
Proxyarp
Connect-delay 5000
Vim / etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
User1 * test1 192.168.16.2
Service xl2tpd start
Vim / etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
* filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
-An INPUT-p 50-j ACCEPT
-An INPUT-p 51-j ACCEPT
-An INPUT-p udp-- dport 500-j ACCEPT
-An INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT
-An INPUT-p icmp-j ACCEPT
-An INPUT-I lo-j ACCEPT
-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 22-j ACCEPT
-An INPUT-j REJECT-- reject-with icmp-host-prohibited
-A FORWARD-j REJECT-- reject-with icmp-host-prohibited
COMMIT
Service iptables restart
Service xl2tpd restart
/ usr/local/sbin/ipsec restart
Done
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
