このページの2つのバージョン間の差分を表示します。
両方とも前のリビジョン前のリビジョン | |||
01_linux:10_network:01_ipsec_server [2017/08/02 05:03] – 01_linux:10_network:01_ipsec renamed to 01_linux:10_network:01_ipsec_server matsui | 01_linux:10_network:01_ipsec_server [2017/08/02 05:14] (現在) – [インストール] matsui | ||
---|---|---|---|
行 1: | 行 1: | ||
+ | ====== 01 Linux ipsec Server ====== | ||
+ | ===== IPsec Server側 ===== | ||
+ | |||
+ | ==== 環境 ==== | ||
+ | |||
+ | CentOS release 6.8 | ||
+ | libreswan-3.15-7.3 | ||
+ | xl2tpd-1.3.8-1 | ||
+ | |||
+ | ==== インストール ==== | ||
+ | |||
+ | # yum -y --enablerepo=epel install openswan xl2tpd | ||
+ | |||
+ | ==== xl2tpd ==== | ||
+ | |||
+ | 一番下に下記を追加 | ||
+ | < | ||
+ | [lns default] | ||
+ | ip range = 192.168.1.128-192.168.1.254 | ||
+ | local ip = 192.168.1.99 | ||
+ | require chap = yes | ||
+ | refuse pap = yes | ||
+ | require authentication = yes | ||
+ | name = LinuxVPNserver | ||
+ | ppp debug = yes | ||
+ | pppoptfile = / | ||
+ | length bit = yes | ||
+ | </ | ||
+ | |||
+ | ==== ppp ==== | ||
+ | |||
+ | 一番下に下記を追加 | ||
+ | < | ||
+ | netmask 255.255.255.0 | ||
+ | persist | ||
+ | require-mschap-v2 | ||
+ | logfile / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # Secrets for authentication using CHAP | ||
+ | # client | ||
+ | " | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== IPsec用の事前共有鍵 ==== | ||
+ | |||
+ | < | ||
+ | : PSK " | ||
+ | </ | ||
+ | |||
+ | ==== iptables使っている場合開放 ==== | ||
+ | < | ||
+ | # L2TP/IPsec | ||
+ | iptables -A FORWARD -i ppp+ -j ACCEPT | ||
+ | iptables -A FORWARD -o ppp+ -j ACCEPT | ||
+ | iptables -A INPUT -p esp -j ACCEPT | ||
+ | iptables -A INPUT -p udp -m udp --dport 1701 -j ACCEPT | ||
+ | iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT | ||
+ | iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== sysctl.conf ==== | ||
+ | |||
+ | 一番下に下記を追加 | ||
+ | < | ||
+ | net.core.xfrm_larval_drop = 1 | ||
+ | net.ipv4.conf.all.send_redirects = 0 | ||
+ | net.ipv4.conf.default.send_redirects = 0 | ||
+ | net.ipv4.conf.eth0.send_redirects = 0 | ||
+ | net.ipv4.conf.lo.send_redirects = 0 | ||
+ | net.ipv4.conf.all.accept_redirects = 0 | ||
+ | net.ipv4.conf.default.accept_redirects = 0 | ||
+ | net.ipv4.conf.eth0.accept_redirects = 0 | ||
+ | net.ipv4.conf.lo.accept_redirects = 0 | ||
+ | net.ipv4.conf.all.rp_filter = 0 | ||
+ | net.ipv4.conf.default.rp_filter = 0 | ||
+ | net.ipv4.conf.eth0.rp_filter = 0 | ||
+ | net.ipv4.conf.lo.rp_filter = 0 | ||
+ | </ | ||
+ | |||
+ | ==== 起動 ==== | ||
+ | < | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | |||
+ | {{tag> |