基于FreeSwan的IPSec配置手册

jrdxj
3 ℃
2020-02-07

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

FreeS/WANIPSecFreeS/WANIPSec-1-FreeS/WANIPSec...........................................................................................................................3...................................................................................................................41.GatewayGateway.........................................................42.Net-Gate..........................................................................73.Net-Net..........................................................................104..........................................................................115.RawRSAAuthenticationConfiguration.........................................................................11.509.................................................................................................151..........................................................................................................152.Left(LinuxFreeS/WAN)...............................................................................173.Right(Windows).............................................................................................184.RightLinuxFreeS/WAN........................................................................18.............................................................................................................201.Ipsec.conf...............................................................................................202.CONNsection........................................................................................203.CONNsectionforAUTOMATICKEYING...........................................214.CONNsectionforMANUALKEYING.................................................235.CONFIGSection.............................................................................................................246.IPSEC.SECRETS............................................................................................................26-2-FreeS/WANIPSecLinuxLinuxinter-102-592.4.7-10customFreeswan1.97WindowsWindows2kProfession+SP2+ipsecpol+ipsecLeftRightnexthop192.168.101.2Leftnexthop192.168.101.2RightRightSubnet192.168.103.1/24Leftsubnet192.168.104.1/24Right192.168.102.1Left192.168.101.1-3-FreeS/WANIPSec1.GatewayGateway1)/etc/ipsec.conf#/etc/ipsec.conf-FreeS/WANIPsecconfigurationfile#Moreelaborateandmorevariedsampleconfigurationscanbefound#inFreeS/WAN'sdoc/examplesfile,andintheHTMLdocumentation.#basicconfigurationconfigsetup#THISSETTINGMUSTBECORRECToralmostnothingwillwork;#%defaultrouteisokayformostsimplecases.interfaces=%defaultroute#Debug-loggingcontrols:nonefor(almost)none,allforlots.klipsdebug=noneplutodebug=none#Useauto=parametersinconndescriptionstocontrolstartupactions.plutoload=%searchplutostart=%search#ClosedownoldconnectionwhennewoneusingsameIDshowsup.uniqueids=yes#defaultsforsubsequentconnectiondescriptions#(thesedefaultswillsoongoaway)conn%defaultkeyingtries=0disablearrivalcheck=no#authby=rsasig#leftrsasigkey=%dnsondemand#rightrsasigkey=%dnsondemand#connectiondescriptionforopportunisticencryption#(requiresKEYrecordinyourDNSreversemap;seedoc/opportunism.howto)connme-to-anyoneleft=%defaultrouteright=%opportunistickeylife=1hrekey=no#forinitiatoronlyOE,uncommentanduncommentthis#afterputtingyourkeyinyourforwardmap#leftid=@myhostname.example.com-4-FreeS/WANIPSec#uncommentthisnextlinetoenableit#auto=route#sampleVPNconnectionconnsample3#Leftsecuritygateway,subnetbehindit,nexthoptowardright.left=192.168.101.1#leftsubnet=192.168.104.1/24#leftnexthop=10.22.33.44#Rightsecuritygateway,subnetbehindit,nexthoptowardleft.right=192.168.102.1#rightsubnet=192.168.0.0/24#rightnexthop=10.101.102.103#Toauthorizethisconnection,butnotactuallystartit,atstartup,#uncommentthis.auto=startkeyingtries=0spi=0x200esp=3des-md5-96espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf2)/etc/ipsec.secrets#ThisfileholdssharedsecretsorRSAprivatekeysforinter-Pluto#authentication.Seeipsec_pluto(8)manpage,andHTMLdocumentation.#RSAprivatekeyforthishost,authenticatingittoanyotherhost#whichknowsthepublicpart.Suitablepublickeys,foripsec.conf,DNS,#orconfigurationofotherimplementations,canbeextractedconveniently#withipsecshowhostkey.192.168.101.1192.168.102.1:PSKjxj52SjRmUu3nVW521Wu135R5k44uU5lR2V3kujT24U1lVumWSkT52Tu11WVnm1Vu25lV52k43)Windowsipsec.conf#/etc/ipsec.conf-FreeS/WANIPsecconfigurationfile#Moreelaborateandmorevariedsampleconfigurationscanbefound#inFreeS/WAN'sdoc/examplesfile,andintheHTMLdocumentation.#basicconfigurationconfigsetup#THISSETTINGMUSTBECORRECToralmostnothingwillwork;#%defaultrouteisokayformostsimplecases.-5-FreeS/WANIPSecinterfaces=%defaultroute#Debug-loggingcontrols:nonefor(almost)none,allforlots.klipsdebug=noneplutodebug=none#Useauto=parametersinconndescriptionstocontrolstartupactions.plutoload=%searchplutostart=%search#ClosedownoldconnectionwhennewoneusingsameIDshowsup.uniqueids=yes#defaultsforsubsequentconnectiondescriptions#(thesedefaultswillsoongoaway)conn%def