情绪不稳定的表现:高手进阶Linux架设最简单的VPN系统1
来源:百度文库 编辑:偶看新闻 时间:2024/04/29 13:23:50
3.PPtP配置
①/etc/pptpd.conf
speed115200
option/etc/ppp/options
localip"公司VPN用户的网关(例如10.0.1.1)"
remoteip"公司VPN用户的IP段(例如10.0.1.200-250)"
②/etc/ppp/chap-secrets
“用户名”"VPN服务器的IP"“密码”10.0.1.20X(200
③/etc/ppp/options
lock
name"VPN服务器的IP"
mtu1490
mru1490
proxyarp
auth
-chap
-mschap
+mschap-v2
require-mppe
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure3
lcp-echo-interval5
ms-dnsX.X.X.X
deflate0
4.Super-freeswan配置
①/etc/freeswan/ipsec.conf
#basicconfiguration
configsetup
#THISSETTINGMUSTBECORRECToralmostnothingwillwork;
#%defaultrouteisokayformostsimplecases.
interfaces="ipsec0=eth0"
#Debug-loggingcontrols:"none"for(almost)none,"all"forlots.
klipsdebug=none
plutodebug=none
#Useauto=parametersinconndescriptionstocontrolstartupactions.
plutoload=%search
plutostart=%search
#ClosedownoldconnectionwhennewoneusingsameIDshowsup.
uniqueids=yes
nat_traversal=yes
#defaultsforsubsequentconnectiondescriptions
#(thesedefaultswillsoongoaway)
conn%default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
#leftrsasigkey=%dnsondemand
#rightrsasigkey=%dnsondemand
connpix
left="VPN服务器的IP"
leftnexthop="VPN服务器的网关"
leftsubnet="公司VPN用户的IP段(例如10.0.1.0/32)"
right="南京PIX525UR的IP"
rightnexthop=%direct
rightsubnet="南京IP段"
authby=secret
pfs=no
auto=start
②/etc/freeswan/ipsec.secrets
"VPN服务器的IP""南京PIX525UR的IP":PSK"密码"
5.iptables配置(样本),用以限制公司VPN用户的访问权限:
iptables-tnat-APOSTROUTING-oeth0-s10.0.1.201/32-d"南京IP段"-jMASQUERADE
serviceiptablessave
注:添加用户名及修改密码/etc/ppp/chap-secrets
用户权限设定编辑修改iptables规则
如果公司路由器上有access-list,则添加
文章来自中国建站:http://www.jz123.cn/text/263910_2.html