CentOS 6安装ubuntu openswan 安装问题求助

来源:蜘蛛抓取(WebSpider) 时间:2016-05-24 01:29 标签: centos7 openswan
2914人阅读
security(19)
OpenSWAN可以在linux环境下搭建IPSecVPN。我自己动手在CentOS系统下安装OpenSWAN,现将过程记录下来。
VMware-workstation-7.1
CentOS-6.3-i386-bin-DVD1.iso
openswan-2.6.38.tar.gz
在虚拟机中先将CentOS装好,这里就不详细说明了。
这里需要注意的是需要将机器连到互联网好下载安装一些辅助工具包。IP地址为手动配置好后,发现ping ip可以成功,但是ping某个域名却显示ping: unknown host ***。这是因为没有设置域名服务器的原因。
ping: unknown
解决方法如下:
# vi /etc/resolv.conf
#增加以下两行,具体IP请按实际填写
nameserver 208.67.222.222
nameserver 208.67.220.220
CentOS安装gcc--RPM
#yum install gcc-c++
#yum install flex autoconf zlib curl zlib-devel curl-devel bzip2 bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel
安装相应 ipsec 套件工具和基础软件环境
#yum -y install gmp gmp-devel gawk flex bison
配置环境变量
#sysctl -a | egrep &ipv4.*(accept|send)_redirects& | awk -F &=& '{print $1&= 0&}'
执行上面的命令,把结果添加到/etc/ sysctl.conf的结尾。
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
保存后,执行sysctl -p,使其修改后的参数生效。
# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax =
kernel.shmall =
net.ipv4.conf.bond1.send_redirects = 0
net.ipv4.conf.bond1.accept_redirects = 0
net.ipv4.conf.bond0.send_redirects = 0
net.ipv4.conf.bond0.accept_redirects = 0
net.ipv4.conf.eth4.send_redirects = 0
net.ipv4.conf.eth4.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
安装OpenSWAN
#tar zxvf openswan-2.6.38.tar.gz
#cd openswan-2.6.38
#make programs
#make install
执行下面的命令验证OpenSWan是否正确安装
#ipsec --version&&&& &
如果程序正确安装,此命令将显示
Linux Openswan U2.6.38/K(no kernel code presently loaded)
See `ipsec --copyright' for copyright information.
这里没有加载任何的IPsec stack,当启动IPsec后会自动加载系统自带的netkey。
#/etc/init.d/ipsec start
检查ipsec状态
#/etc/init.d/ipsec status
检查系统环境
#ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
Linux Openswan U2.6.38/K2.6.32-279.el6.i686 (netkey)
Checking for IPsec support in kernel&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
&SAref kernel support&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [N/A]
&NETKEY:& Testing XFRM related proc values&&&&&&&&&&&&&&&&&&&&& [OK]
&&&&&&& [OK]
&&&&&&& [OK]
Checking that pluto is running&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
&Pluto listening for IKE on udp 500&&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
&Pluto listening for NAT-T on udp 4500&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
Checking for 'ip' command&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
Checking /bin/sh is not /bin/dash&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
Checking for 'iptables' command&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [OK]
Opportunistic Encryption Support&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& [DISABLED]
至此安装过程完成了,感觉还是很顺畅的。下面就进入比较复杂的配置阶段,我将在下篇把我验证的过程描述出来。
参考知识库
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
访问:542131次
积分:6536
积分:6536
排名:第2207名
原创:119篇
转载:34篇
评论:110条
(1)(1)(1)(1)(7)(4)(3)(1)(2)(1)(4)(2)(3)(6)(9)(9)(10)(7)(9)(6)(4)(6)(6)(7)(6)(4)(3)(1)(1)(2)(1)(4)(1)(1)(1)(1)(1)(1)(1)(2)(1)(1)(1)(1)(1)(1)(1)(2)(3)(1)(4)CentOS 6安装Openswan问题求助_百度知道
CentOS 6安装Openswan问题求助
提问者采纳
如果是openvz的VPS的话,目前没有很好的解决办法~Checking for IPsec support in kernel
[FAILED]Pluto listening for IKE on udp 500 [FAILED]Pluto listening for NAT-T on udp 4500 [FAILED]我目前测试没有成功过,openvz后台打开ppp和tun开关试试
其他类似问题
为您推荐:
centos的相关知识
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁CentOS 6安装Openswan问题求助_百度知道
CentOS 6安装Openswan问题求助
send_redirects = 0 net.rp_filter = 0
保存后.conf.6。 并且把 netIPSEC的安装.conf.eth4.accept_redirects = 0 net.38.ipv4.38 #make programs #make install 验证安装 执行下面的命令验证OpenSWan是否正确安装 #ipsec --version
如果程序正确安装,把结果添加到&#47.bond0.= 0&quot.conf.ip_forward = 1 net.accept_source_route = 0 kernel.send_redirects = 0 net.ipv4.shmmax =
kernel.ipv4.ipv4,看如下.etc&#47: 连接互联网我;{print $1&quot.send_redirects = 0 net.lo.gz #cd openswan-2,.shmall =
执行上面的命令.ip_forward = 0 net.ip_forward = 1K(no kernel code presently loaded) See `ipsec --copyright&#39.conf.conf的结尾.default.ipv4.default.ipv4.38&#47.ipv4.ipv4.ipv4.ipv4.accept_redirects = 0 net.core_uses_pid = 1 net.accept_redirects = 0 net.6.default.ipv4.conf.=&quot.ipv4.6.conf.default.conf.accept_redirects = 0 net.default.ipv4.rp_filter = 1
修改成sysctl.ipv4.all.bond1; for copyright information.ipv4.ipv4.ipv4.sysrq = 0 kernel.eth4.conf.conf.tar.accept_redirects = 0 安装OpenSWAN #tar zxvf openswan-2.send_redirects = 0 net.ipv4.conf,执行sysctl -p.conf net.tcp_syncookies = 1 kernel.rp_filter = 0 net.bond1,使其修改后的参数生效。 # cat &#47,当启动IPsec后会自动加载系统自带的netkey. &#39.msgmnb = 65536}&#39,用YUM下载 安装相应 ipsec 套件工具和基础软件环境 #yum -y install gmp gmp-devel gawk flex bison 配置环境变量 #sysctl -a | egrep &quot.conf.send_redirects = 0 net.ipv4.ipv4.accept_redirects = 0 net.*(accept|send)_redirects&quot.send_redirects = 0 net. | awk -F &quot.bond0.etc&#47,此命令将显示 Linux Openswan U2. 这里没有加载任何的IPsec stack.conf.ipv4.msgmax = 65536 kernel
知道智能回答机器人
我是知道站内的人工智能,可高效智能地为您解答问题。很高兴为您服务。
其他类似问题
为您推荐:
centos的相关知识
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁CentOS 6安装Openswan问题求助_百度知道
CentOS 6安装Openswan问题求助
提问者采纳
&#39.rp_filter = 0net.ipv4.confnet,把结果添加到&#47.send_redirects = 0net.ipv4.ip_forward = 0net.ipv4.shmall = net.default.*(accept|send)_redirects&quot.conf.38.ipv4.send_redirects = 0net.eth4.accept_redirects = 0net,使其修改后的参数生效;{print $1&quot.send_redirects = 0net.conf,此命令将显示Linux Openswan U2.6.shmmax = kernel,当启动IPsec后会自动加载系统自带的netkey.conf.conf.ip_forward = 1}&#39。并且把net.default.confIPSEC的安装;sysctl.ipv4.bond0.ipv4.default.conf.K(no kernel code presently loaded)See `ipsec --copyright&#39.ipv4.ipv4.gz#cd openswan-2.msgmax = 65536kernel.ipv4.conf.eth4.bond1.bond0.conf.sysrq = 0kernel.conf.accept_redirects = 0net.ipv4.accept_redirects = 0net.这里没有加载任何的IPsec stack,执行sysctl -p.ipv4.conf.all.default.bond1.38&#47.default.core_uses_pid = 1 | awk -F &quot.accept_redirects = 0安装OpenSWAN#tar zxvf openswan-2.conf.send_redirects = 0net.ip_forward = 1net.rp_filter = 0 保存后.ipv4.ipv4.send_redirects = 0net,.ipv4.lo:连接互联网我.etc&#47.conf的结尾;=&quot.ipv4.accept_redirects = 0net.accept_source_route = 0kernel.ipv4.38#make programs#make install验证安装执行下面的命令验证OpenSWan是否正确安装#ipsec --version
如果程序正确安装.tcp_syncookies = 1kernel.6.6.ipv4.ipv4.send_redirects = 0net.msgmnb = 65536ipv4; sysctl.lo.ipv4.accept_redirects = 0net.conf.tar.ipv4.执行上面的命令;= 0&quot.rp_filter = 1 修改成 etc&#47.default,看如下.conf. for copyright information,用YUM下载安装相应 ipsec 套件工具和基础软件环境#yum -y install gmp gmp-devel gawk flex bison配置环境变量#sysctl -a | egrep &quot。# cat &#47
来自团队:
其他类似问题
为您推荐:
centos的相关知识
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁

我要回帖

更多关于 centos7 openswan 的文章

 

随机推荐