OpenSwan在CentOS6.4上的編譯安裝與配置
1,執行以下命令
sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.conf
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sed -i "s/net.ipv4.conf.default.rp_filter = 1/net.ipv4.conf.default.rp_filter = 0/g" /etc/sysctl.conf
modprobe bridge
sysctl -p
2,安裝編譯工具
yum install -y make gcc autoconf gmp-devel bison flex lsof
3,安裝openswan
wget http://download.openswan.org/openswan/openswan-2.6.39.tar.gz
tar zxvf openswan-2.6.39
make programs
make install
4,修改配置ipsec.conf
version 2.0
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
oe=off
protostack=netkey
plutostderrlog=/var/log/ipsec.log
conn 1to2
type=tunnel
authby=secret
pfs=yes
ike=3des-md5;modp1024
phase2alg=3des-md5;modp1024
left=10.1.1.1
leftsubnet=192.168.1.0/24
right=10.1.1.2
rightsubnet=192.168.2.0/24
auto=start
5,修改金鑰檔案ipsec.secrets
10.1.1.1 10.1.1.2: PSK "test"
6,驗證
service ipsec start
ipsec verify
ipsec auto --status
7,新增路由
PC1(192.168.1.2)
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1
PC2(192.168.2.2)
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1
FY:安裝klips核
安裝核心
yum install kernel-devel
yum install rpm-build redhat-rpm-config unifdef rng-tools
yum install patchutils xmlto asciidoc elfutils binutils-libelf-devel newt-devel python-devel hmaccalc perl-ExtUtils-Embed elfutils-libelf-devel binutils-devel
rpm -i http://vault.centos.org/6.4/updates/Source/SPackages/kernel-2.6.32-358.18.1.el6.src.rpm 2>&1 | grep -v mockb
cd ~/rpmbuild/SPECS
預備原始碼檔案
rpmbuild -bp --target=$(uname -m) kernel.spec
編譯
rpmbuild -bb --target=$(uname -m) kernel.spec 2> prep-err.log | tee prep-out.log
編譯出的核心 rpm 檔案可以在 ~/rpmbuild/RPMS/`uname -m`/ 目錄內找到
安裝並重啟
rpm -ivh kernel-*.rpm
klips編譯
make programs
make module
make install
make minstall
cp /root/openswan-2.6.39/modobj26/ipsec.ko /lib/modules/$(uname -m)/kernel/net/ipsec