Chinaunix首页 | 论坛 | 博客
  • 博客访问: 875752
  • 博文数量: 372
  • 博客积分: 10063
  • 博客等级: 中将
  • 技术积分: 4220
  • 用 户 组: 普通用户
  • 注册时间: 2012-02-24 11:36
文章分类

全部博文(372)

文章存档

2012年(372)

分类: 虚拟化

2012-03-13 16:26:33

配置

环境:
10.10.10.1--172.16.1.71-------172.16.1.72----10.20.20.1
172.16.1.71上的配置
[root@vpn-test01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ipsec0
ONBOOT=yes
IKE_METHOD=PSK
DSTGW=10.20.20.1
SRCGW=172.16.1.71
DSTNET=10.20.20.0/24
SRCNET=10.10.10.1/24
DST=172.16.1.72
TYPE=IPSEC
[root@vpn-test01 ~]#
[root@vpn-test01 ~]# cat /etc/sysconfig/network-scripts/keys-ipsec0
IKE_PSK=7c4a8d09ca3762af61e5
[root@vpn-test01 ~]# ls -l /etc/sysconfig/network-scripts/keys-ipsec0
-rw------- 3 root root 29 Mar 9 08:28 /etc/sysconfig/network-scripts/keys-ipsec0
[root@vpn-test01 ~]# cat /etc/racoon/psk.txt
# file for pre-shared keys used for IKE authentication
# format is: 'identifier' 'key'
# For example:
#
# 10.1.1.1 flibbertigibbet
# 12345
# foo@ micropachycephalosaurus
172.16.1.72 7c4a8d09ca3762af61e5
[root@vpn-test01 ~]#
[root@vpn-test01 ~]# cat /etc/racoon/racoon.conf
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
include "/etc/racoon/172.16.1.72.conf";
具体参考
阅读(503) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~