FreeBSD 架設多點虛擬私人網路 VPN ( Virtual Pr…

2009-05-13 13:14:21来源:未知 阅读 ()

新老客户大回馈,云服务器低至5折

Description:
虛擬私人網路 VPN ﹝Virtual Private Network ﹞, 其技術是利用公眾網路﹝Public Internet ﹞的骨幹做私人的加密資料傳輸, VPN 虛擬私人網路,運用在企業上,可以讓分散在世界各地的子公司一起分享具機密性的資料,而總公司與子公司之間數據資料傳輸,也如同在企業的 Intranet 內網之下傳遞,既安全又穩定。其實企業虛擬網路最大一項的優點,在於網路管理工作的簡化。
Environment :
硬體:A B C 三台 Server
網卡:6片網卡 ( 每台機器兩片 )
作業系統:FreeBSD 4.7 Release
Server A
Server B
Server C
真實 IP
203.107.34.2
203.107.34.3
203.107.34.4
虛擬 IP
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
Gateway IP
192.168.0.254
192.168.1.254
192.168.2.254
lo0 alias0 IP
10.255.255.1/28
10.255.255.2/28
10.255.255.3/28
Setp 1.
讓 FreeBSD 支援 VPN 的功能必須重新compiler kernel 加入下面幾行,再重新 compiler kernel 即可。
options IPDIVERToptions IPFIREWALLoptions DUMMYNEToptions IPSEC options IPSEC_ESPoptions IPSEC_DEBUGpseudo-device gif 4 # IPv6 and IPv4 tunneling
Setp 2.
Server A:
Server A# vi /etc/rc.conf 內容如下:
defaultrouter="203.107.34.62"hostname="Server A.ntut.idv.tw"ifconfig_de0="inet 203.107.34.2 netmask 255.255.255.192"ifconfig_fxp0="inet 192.168.0.254 netmask 255.255.255.0"ifconfig_lo0_alias0="inet 10.255.255.1 netmask 255.255.255.240"gif_interfaces="gif0 gif1"gifconfig_gif0="203.107.34.2 203.107.34.3"gifconfig_gif1="203.107.34.2 203.107.34.4"ifconfig_gif0="inet 10.255.255.1 10.255.255.2 netmask 255.255.255.240"ifconfig_gif1="inet 10.255.255.1 10.255.255.3 netmask 255.255.255.240"firewall_enable="YES"firewall_type="OPEN"gateway_enable="YES"natd_enable="YES"natd_interface="de0"sshd_enable="YES"
Server A# vi /etc/rc.firewall 內容如下:
#!/bin/sh#delete all rule/sbin/ipfw -f flush#define NAT pass to de0/sbin/ipfw add divert natd all from any to any via de0/sbin/ipfw add 65000 allow ip from any to any
Server A# vi /usr/local/etc/rc.d/ipsec.sh 內容如下:
#!/bin/sh# Make a static route!!!route add -net 192.168.1.0/24 10.255.255.2route add -net 192.168.2.0/24 10.255.255.3# read in the configsetkey -f /etc/ipsec.conf
Server A# vi /etc/ipsec.conf 內容如下:
# This is the test if the network connection will workflush;spdflush;add 203.107.34.3 203.107.34.2 esp 9993 -E blowfish-cbc "123456789";add 203.107.34.2 203.107.34.3 esp 9994 -E blowfish-cbc "123456789";add 203.107.34.2 203.107.34.4 esp 9995 -E blowfish-cbc "123456789";add 203.107.34.4 203.107.34.2 esp 9996 -E blowfish-cbc "123456789";spdadd 192.168.0.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/203.107.34.2-203.107.34.3/require;spdadd 192.168.1.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/203.107.34.3-203.107.34.2/require;spdadd 192.168.0.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/203.107.34.2-203.107.34.4/require;spdadd 192.168.2.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/203.107.34.4-203.107.34.2/require;

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:FreeBSD 兩點 VPN 採用 FreeBSD 5.3 R + PF + IPSec_ESP

下一篇:MyDNS = MySQL + DNS