亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

strongswan、xl2tp基礎配置檔

發布時間:2020-04-09 18:23:24 來源:網絡 閱讀:2833 作者:奈若 欄目:網絡安全

利用IPSEC保持總部靜態IP+分支動態IP的連線。


環境:總部:Centos6.5

      分支:vigor or Dlink 路由器

      移動辦公室:win7


wget https://download.strongswan.org/strongswan-5.3.5.tar.gz


tar -xzvf strongswan-5.3.5.tar.gz


cd strongswan-5.3.5.tar.gz


yum update


yum install pam-devel openssl-devel make gcc -y

 ./configure  --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-tls --enable-eap-ttls --enable-eap-peap  --enable-eap-tnc --enable-eap-dynamic --enable-eap-radius --enable-xauth-eap --enable-xauth-pam  --enable-dhcp  --enable-openssl  --enable-addrblock --enable-unity  --enable-certexpire --enable-radattr --enable-tools --enable-openssl --disable-gmp


make && make install


#for *** in /proc/sys/net/ipv4/conf/*; do echo 0 > $***/accept_redirects; echo 0 > $***/send_redirects; done



vim /etc/sysctl.conf

sysctl -p



vim /usr/local/etc/ipsec.conf


conn %default

    ikelifetime=60m

    rekeymargin=3m

    keyingtries=1

    keyexchange=ikev1

    authby=secret

        ike=3des-sha1-modp1024

        esp=3des-md5


conn ×××


        left=0.0.0.0

        leftsubnet=192.168.0.0/16

        leftfirewall=yes

        right=%any

        rightsubnet=192.168.3.0/24

        auto=add


conn ***2


        left=0.0.0.0

        leftsubnet=192.168.0.0/16

        leftfirewall=yes

        right=%any

        rightsubnet=172.20.15.2/24

        auto=add


vim /usr/local/etc/ipsec.secrets

 : PSK XXXXXX


/usr/local/sbin/ipsec start


cat /var/log/messages  


vim /etc/rc.local

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.


touch /var/lock/subsys/local


ifconfig eth0:0 192.168.16.1  netmask 255.255.0.0  up



wget http://www.atomicorp.com/installers/atomic

sh ./atomic

yum check-update

yum install xl2tpd -y

vim /etc/xl2tpd/xl2tpd.conf


[lns default]

ip range = 192.168.16.128-192.168.16.254

local ip = 192.168.16.1

require chap = yes

refuse pap = yes

require authentication = yes

name = Linux×××server

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes


vim /etc/ppp/options.xl2tpd

ipcp-accept-local

ipcp-accept-remote

ms-dns  192.168.1.1

ms-dns  192.168.1.1

ms-wins 192.168.1.2

ms-wins 192.168.1.4

noccp

auth

crtscts

idle 1800

mtu 1410

mru 1410

nodefaultroute

debug

lock

proxyarp

connect-delay 5000


vim  /etc/ppp/chap-secrets

# Secrets for authentication using CHAP

# client        server  secret                  IP addresses

user1   *       test1   192.168.16.2


service xl2tpd start


vim /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]



-A INPUT -p 50 -j ACCEPT

-A INPUT -p 51 -j ACCEPT

-A INPUT -p udp --dport 500 -j ACCEPT


-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT


service iptables restart

service xl2tpd restart

/usr/local/sbin/ipsec restart


done


向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

湖南省| 盈江县| 乐业县| 和田市| 涪陵区| 略阳县| 乐清市| 丰城市| 秭归县| 峡江县| 水富县| 巴楚县| 荆门市| 柘荣县| 吴旗县| 扎鲁特旗| 博爱县| 长沙县| 安顺市| 南郑县| 崇信县| 班戈县| 恩施市| 桐柏县| 南皮县| 灯塔市| 通榆县| 通许县| 将乐县| 承德市| 肃北| 榆林市| 桂东县| 旬阳县| 上饶县| 吉木萨尔县| 张家界市| 仲巴县| 青铜峡市| 江西省| 上犹县|