vpn代理服务器

1、下载相关软件包
ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm
ipsec-tools-0.8.0-25.3.x86_64.rpm
2、安装软件包
rpm -ivh ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm
rpm -ivh ipsec-tools-0.8.0-25.3.x86_64.rpm

3、设置欢迎信息
vim /etc/racoon/motd 当连接成功时提示欢迎信息

the vpn server is connect

4、设置vpn组名和密钥:
vim /etc/racoon/psk.txt

123 123
chmod 700 /etc/racoon/psk.txt

5、设置配置文件:
vim /etc/racoon/racoon.conf

path include &34;/etc/racoon&34;;
include &34;remote.conf&34;;
path pre_shared_key &34;/etc/racoon/psk.txt&34;;
path certificate &34;/etc/racoon/cert&34;;
log debug;
listen
{
isakmp 10.211.55.64 [500]; 服务器公网(服务器本身ip)ip+udp500端口
isakmp_natt 10.211.55.64 [4500];服务器公网(服务器本身ip)ip+udp4500端口
}
remote anonymous
{
exchange_mode main, aggressive, base;
mode_cfg on;
proposal_check obey;obey, strict, or claim
nat_traversal on;
generate_policy unique;
ike_frag on;
passive on;
dpd_delay 30;
proposal {
lifetime time 28800 sec;
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method xauth_psk_server;
dh_group 2;
}
}
sainfo anonymous
{
encryption_algorithm 3des, aes, blowfish;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
mode_cfg
{
auth_source system;
dns4 8.8.8.8, 114.114.114.114;
banner &34;/etc/racoon/motd&34;;
save_passwd on;
network4 192.168.0.100; 下发的远端私网ip段
netmask4 255.255.255.0;
pool_size 100;
pfs_group 2;
}
6、添加vpn用户名和使用密码:
useradd -MN -b /tmp -s /sbin/nologin testvpn
passwd xxxxx
密码:xxxxxx
7、开启转发:
vim /etc/sysctl.conf
net.ipv4.ip_forward =1

vpn代理服务器

文章插图
8、设置防火墙规则:
iptables -I INPUT -p udp --dport 500 -j ACCEPT
iptables -I INPUT -p udp --dport 4500 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

保存防火墙规则:
service iptables save
【vpn代理服务器】service iptables restart

启动:
racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d
测试

vpn代理服务器

文章插图