诺基亚S60手机使用 VPN 之 OpenSwan 安装配置和VPN规则的生成
2010-02-20 16:12:00 来源:WEB开发网echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -s 192.168.6.0/24 -o eth0 -j SNAT ?to 47.117.26.212 <- 你自己的外网IP
重启VPS让所有的改动生效(或者运行“sudo /etc/init.d/ipsec restart”及其它命令)。然后用
sudo /usr/sbin/ipsec verify
命令检查IPSec服务的状态是否正常,应返回如下信息:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.24rc5/K2.6.18-164.10.1.el5xen (netkey)
Checking for IPsec support in kernel [OK]
Testing against enforced SElinux mode [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for ‘ip’ command [OK]
Checking for ‘iptables’ command [OK]
Opportunistic Encryption Support [DISABLED]
以上为OpenSwan的安装设置部分,下面该讲手机端的VPN规则生成了。我最初参考了英文文献一、文献二和文献三(对这篇文章的内容有疑问的读者可自行查询这些文献),在前两篇参考资料中,提到的VPN规则的生成方式还是用makesis生成sis/sisx安装文件的复杂过程。幸好新的mVPN
更多精彩
赞助商链接