• CentOS 7 搭建 IPSec/IKEv2 VPN 服务器

    15-10-08 09:25 25344 0 技术

    GitHub 地址

    https://github.com/jiangxi14520/one-key-ikev2-vpn

    wget --no-check-certificate https://raw.githubusercontent.com/quericy/one-key-ikev2-vpn/master/one-key-ikev2.sh
    
    chmod +x one-key-ikev2.sh
    bash one-key-ikev2.sh
    

    如果使用 firewalld

    vim /etc/firewalld/zones/public.xml
    

    执行以下命令

    firewall-cmd --zone=dmz --permanent --add-rich-rule='rule protocol value="esp" accept' # ESP (the encrypted data packets)
    firewall-cmd --zone=dmz --permanent --add-rich-rule='rule protocol value="ah" accept' # AH (authenticated headers)
    firewall-cmd --zone=dmz --permanent --add-port=500/udp #IKE  (security associations)
    firewall-cmd --zone=dmz --permanent --add-port=4500/udp # IKE NAT Traversal (IPsec between natted devices)
    firewall-cmd --permanent --add-service="ipsec"
    firewall-cmd --zone=dmz --permanent --add-masquerade
    firewall-cmd --permanent --set-default-zone=dmz
    firewall-cmd --reload
    firewall-cmd --list-all
    
    vim /etc/sysctl.conf
    

    添加以下内容:

    # VPN
    net.ipv4.ip_forward = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.send_redirects = 0
    

    使之生效:

    sysctl -p
    
    <?xml version="1.0" encoding="utf-8"?>
    <zone>
      <short>Public</short>
      <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
      <service name="dhcpv6-client"/>
      <service name="ssh"/>
      <port protocol="tcp" port="80"/>
      <port protocol="udp" port="500"/>
      <port protocol="tcp" port="500"/>
      <port protocol="udp" port="4500"/>
      <port protocol="udp" port="1701"/>
      <port protocol="tcp" port="1723"/>
      <masquerade/>
    </zone>
    

    Mac 上配置

    进入钥匙串管理,选择登录,然后将证书拖进去。

    不被信任解决方法,右键->属性,选择总是被信任

文章归档

文章日历

2015 年 10 月
28 29 30 31 01 02 03
04 05 06 07 08 09 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

文章标签

最新评论

友情链接