Openswan在CentOS6.4上的编译安装与配置
1,运行以下命令
sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.conf
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sed -i "s/net.ipv4.conf.default.rp_filter = 1/net.ipv4.conf.default.rp_filter = 0/g" /etc/sysctl.conf
modprobe bridge
sysctl -p
2,安装编译工具
yum install -y make gcc autoconf gmp-devel bison flex lsof
3,安装openswan
wget http://download.openswan.org/openswan/openswan-2.6.39.tar.gz
tar zxvf openswan-2.6.39
make programs
make install
4,修改配置ipsec.conf
version 2.0
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
oe=off
protostack=netkey
plutostderrlog=/var/log/ipsec.log
conn 1to2
type=tunnel
authby=secret
pfs=yes
ike=3des-md5;modp1024
phase2alg=3des-md5;modp1024
left=10.1.1.1
leftsubnet=192.168.1.0/24
right=10.1.1.2
rightsubnet=192.168.2.0/24
auto=start
5,修改密钥文件ipsec.secrets
10.1.1.1 10.1.1.2: PSK "test"
6,验证
service ipsec start
ipsec verify
ipsec auto --status
7,添加路由
PC1(192.168.1.2)
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1
PC2(192.168.2.2)
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1
FY:安装klips核
安装内核
yum install kernel-devel
yum install rpm-build redhat-rpm-config unifdef rng-tools
yum install patchutils xmlto asciidoc elfutils binutils-libelf-devel newt-devel python-devel hmaccalc perl-ExtUtils-Embed elfutils-libelf-devel binutils-devel
rpm -i http://vault.centos.org/6.4/updates/Source/SPackages/kernel-2.6.32-358.18.1.el6.src.rpm 2>&1 | grep -v mockb
cd ~/rpmbuild/SPECS
预备源代码文件
rpmbuild -bp --target=$(uname -m) kernel.spec
编译
rpmbuild -bb --target=$(uname -m) kernel.spec 2> prep-err.log | tee prep-out.log
编译出的内核 rpm 文件可以在 ~/rpmbuild/RPMS/`uname -m`/ 目录内找到
安装并重启
rpm -ivh kernel-*.rpm
klips编译
make programs
make module
make install
make minstall
cp /root/openswan-2.6.39/modobj26/ipsec.ko /lib/modules/$(uname -m)/kernel/net/ipsec