CentOS 7 搭建 IPSec/IKEv2 VPN 服务器

15-10-08 09:25 25676 0 技术

GitHub 地址

https://github.com/jiangxi14520/one-key-ikev2-vpn

wget --no-check-certificate https://raw.githubusercontent.com/quericy/one-key-ikev2-vpn/master/one-key-ikev2.sh
chmod +x one-key-ikev2.sh
bash one-key-ikev2.sh

如果使用 firewalld

vim /etc/firewalld/zones/public.xml

执行以下命令

firewall-cmd --zone=dmz --permanent --add-rich-rule='rule protocol value="esp" accept' # ESP (the encrypted data packets)
firewall-cmd --zone=dmz --permanent --add-rich-rule='rule protocol value="ah" accept' # AH (authenticated headers)
firewall-cmd --zone=dmz --permanent --add-port=500/udp #IKE  (security associations)
firewall-cmd --zone=dmz --permanent --add-port=4500/udp # IKE NAT Traversal (IPsec between natted devices)
firewall-cmd --permanent --add-service="ipsec"
firewall-cmd --zone=dmz --permanent --add-masquerade
firewall-cmd --permanent --set-default-zone=dmz
firewall-cmd --reload
firewall-cmd --list-all
vim /etc/sysctl.conf

添加以下内容:

# VPN
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

使之生效:

sysctl -p
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="80"/>
  <port protocol="udp" port="500"/>
  <port protocol="tcp" port="500"/>
  <port protocol="udp" port="4500"/>
  <port protocol="udp" port="1701"/>
  <port protocol="tcp" port="1723"/>
  <masquerade/>
</zone>

Mac 上配置

进入钥匙串管理,选择登录,然后将证书拖进去。

不被信任解决方法,右键->属性,选择总是被信任

请登录后发表评论 点击登录

文章归档

文章日历

2024 年 12 月
01 02 03 04 05 06 07
08 09 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
30 31 01 02 03 04 05

文章标签

最新评论

友情链接