Skip to content

Instantly share code, notes, and snippets.

@Foredoomed

Foredoomed/ipsec_vpn

Created November 19, 2012 11:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Foredoomed/4110290 to your computer and use it in GitHub Desktop.
Save Foredoomed/4110290 to your computer and use it in GitHub Desktop.
Download ZIP
ipsec_vpn
Raw
ipsec_vpn
非常简单,假设你用的是 debian 或者是番茄花园 debian,
apt-get install racoon
racoon 包必须为 0.8+
配置请不要随便更改,否则可能丧失某平台兼容,测试通过:iOS/OSX、黑莓(OS4/5/6/7),WebOS,诺基亚,VPNC等。
软件安装完毕,修改 /etc/racoon/motd ,这是 VPN 连接成功后的 banner,可有可无;
修改 /etc/racoon/psk.txt ,这是 VPN 连接的 group name 和 group secret,格式很简单, 一行即可,例如
wk iamsogayyaha
#id and secret
接着,把下面的配置替换掉 /etc/racoon/racoon.conf
log info;
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
listen {
}
remote anonymous {
exchange_mode main,aggressive;
doi ipsec_doi;
nat_traversal on;
proposal_check obey;
generate_policy unique;
ike_frag on;
passive on;
dpd_delay = 30;
dpd_retry = 30;
dpd_maxfail = 800;
mode_cfg = on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
lifetime time 12 hour;
}
}
timer
{
natt_keepalive 20 sec;
}
sainfo anonymous {
lifetime time 12 hour ;
encryption_algorithm aes,3des,des;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
}
mode_cfg {
dns4 xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx; #填上你VPS上的DNS
save_passwd on;
network4 10.1.0.2; #VPS客户端IP
netmask4 255.255.255.0;
pool_size 250;
banner "/etc/racoon/motd";
auth_source pam;
conf_source local;
pfs_group 2;
default_domain "gw.gfw.io";
}
最后加上 VPN 的 iptables 规则和 ipv4 转发即可。
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p
iptables --table nat --append POSTROUTING -o ethX --jump MASQUERADE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment