QQ登录

只需一步,快速开始

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 670|回复: 1

redhat as 3.0怎么通过ipsec做vpn

[复制链接]
发表于 2004-7-23 11:14:25 | 显示全部楼层 |阅读模式
redhat as 3.0内核已经自带了ipsec,也安装了ipsec tools,但是在/etc的目录下并没有ipsec.conf等配置文件,请问我该如何配置ipsec vpn?

[root@abc root]# rpm -qa | grep ipsec
ipsec-tools-0.2.2-7

[root@hkweb root]# rpm -ql ipsec-tools-0.2.2-7
/etc/racoon
/etc/racoon/certs
/etc/racoon/psk.txt
/etc/racoon/racoon.conf
/lib/libipsec.so
/lib/libipsec.so.0
/lib/libipsec.so.0.0.0
/sbin/setkey
/usr/sbin/racoon
/usr/share/doc/ipsec-tools-0.2.2
/usr/share/doc/ipsec-tools-0.2.2/ChangeLog
/usr/share/doc/ipsec-tools-0.2.2/FAQ
/usr/share/doc/ipsec-tools-0.2.2/NEWS
/usr/share/doc/ipsec-tools-0.2.2/README
/usr/share/doc/ipsec-tools-0.2.2/psk.txt
/usr/share/doc/ipsec-tools-0.2.2/racoon.conf
/usr/share/man/man5/racoon.conf.5.gz
/usr/share/man/man8/racoon.8.gz
/usr/share/man/man8/setkey.8.gz


内核参数
<M> PF_KEY sockets
TCP/IP networking
<M> Threaded linUX application protocol accelerator layer (TUX)
External CGI module
[ ] extended TUX logging format
[ ] debug TUX
IP: multicasting
IP: advanced router
IP: policy routing
IP: use netfilter MARK value as routing key
IP: fast network address translation
IP: equal cost multipath
IP: use TOS value as routing key
IP: verbose route monitoring
[ ] IP: kernel level autoconfiguration
<M> IP: tunneling
<M> IP: GRE tunnels over IP
IP: broadcast GRE over IP
IP: multicast routing
IP: PIM-SM version 1 support
IP: PIM-SM version 2 support
[ ] IP: ARP daemon support (EXPERIMENTAL)
[ ] IP: TCP Explicit Congestion Notification support
IP: TCP syncookie support (disabled per default)
<M> IP: AH transformation
<M> IP: ESP transformation

现在对方的vpn服务器端提供了以下参数供我选择,我该怎么选择?

IPSec Policy
Remote PEOPLES VPN Device
Transform set ESP
Encryption Algorithm 3DES
Hashing Algorithm MD5
PFS Yes
DH Group 2
SA Lifetime 3600 seconds
发表于 2004-7-23 16:01:46 | 显示全部楼层
搞清楚 IPSEC VPN 的原理,就知道这些如何配置了
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

GMT+8, 2024-11-8 03:32 , Processed in 0.039670 second(s), 16 queries .

© 2021 Powered by Discuz! X3.5.

快速回复 返回顶部 返回列表