Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Basic configuration files for strongswan and xl2tp

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Use IPSEC to maintain the dynamic IP connection of the static IP+ branch of the headquarters.

Environment: headquarters: Centos6.5

Branch: vigor or Dlink router

Mobile office: win7

Wget https://download.strongswan.org/strongswan-5.3.5.tar.gz

Tar-xzvf strongswan-5.3.5.tar.gz

Cd strongswan-5.3.5.tar.gz

Yum update

Yum install pam-devel openssl-devel make gcc-y

. / configure-- enable-eap-identity-- enable-eap-md5-- enable-eap-mschapv2-- enable-eap-tls-- enable-eap-ttls-- enable-eap-peap-- enable-eap-tnc-- enable-eap-dynamic-- enable-eap-radius-- enable-xauth-eap-- enable-xauth-pam-- enable-dhcp-- enable-openssl-- enable-addrblock-- enable-unity-- enable-certexpire-enable-radattr-- enable-tools-- enable-openssl-- disable-gmp

Make & & make install

# for * in / proc/sys/net/ipv4/conf/*; do echo 0 > $* * / accept_redirects; echo 0 > $* * / send_redirects; done

Vim / etc/sysctl.conf

Sysctl-p

Vim / usr/local/etc/ipsec.conf

Conn default

Ikelifetime=60m

Rekeymargin=3m

Keyingtries=1

Keyexchange=ikev1

Authby=secret

Ike=3des-sha1-modp1024

Esp=3des-md5

Conn × ×

Left=0.0.0.0

Leftsubnet=192.168.0.0/16

Leftfirewall=yes

Right=%any

Rightsubnet=192.168.3.0/24

Auto=add

Conn * * 2

Left=0.0.0.0

Leftsubnet=192.168.0.0/16

Leftfirewall=yes

Right=%any

Rightsubnet=172.20.15.2/24

Auto=add

Vim / usr/local/etc/ipsec.secrets

: PSK XXXXXX

/ usr/local/sbin/ipsec start

Cat / var/log/messages

Vim / etc/rc.local

#! / bin/sh

#

# This script will be executed * after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.

Touch / var/lock/subsys/local

Ifconfig eth0:0 192.168.16.1 netmask 255.255.0.0 up

Wget http://www.atomicorp.com/installers/atomic

Sh. / atomic

Yum check-update

Yum install xl2tpd-y

Vim / etc/xl2tpd/xl2tpd.conf

[lns default]

Ip range = 192.168.16.128-192.168.16.254

Local ip = 192.168.16.1

Require chap = yes

Refuse pap = yes

Require authentication = yes

Name = Linux × × server

Ppp debug = yes

Pppoptfile = / etc/ppp/options.xl2tpd

Length bit = yes

Vim / etc/ppp/options.xl2tpd

Ipcp-accept-local

Ipcp-accept-remote

Ms-dns 192.168.1.1

Ms-dns 192.168.1.1

Ms-wins 192.168.1.2

Ms-wins 192.168.1.4

Noccp

Auth

Crtscts

Idle 1800

Mtu 1410

Mru 1410

Nodefaultroute

Debug

Lock

Proxyarp

Connect-delay 5000

Vim / etc/ppp/chap-secrets

# Secrets for authentication using CHAP

# client server secret IP addresses

User1 * test1 192.168.16.2

Service xl2tpd start

Vim / etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

* filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

-An INPUT-p 50-j ACCEPT

-An INPUT-p 51-j ACCEPT

-An INPUT-p udp-- dport 500-j ACCEPT

-An INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT

-An INPUT-p icmp-j ACCEPT

-An INPUT-I lo-j ACCEPT

-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 22-j ACCEPT

-An INPUT-j REJECT-- reject-with icmp-host-prohibited

-A FORWARD-j REJECT-- reject-with icmp-host-prohibited

COMMIT

Service iptables restart

Service xl2tpd restart

/ usr/local/sbin/ipsec restart

Done

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report