诺基亚S60手机使用 VPN 之 OpenSwan 安装配置和VPN规则的生成

核心提示：echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/lo/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/all/accept_redir

echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

echo 0 > /proc/sys/net/ipv4/conf/lo/send_redirects

echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects

echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects

echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects

echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -t nat -A POSTROUTING -s 192.168.6.0/24 -o eth0 -j SNAT ?to 47.117.26.212 <- 你自己的外网IP

重启VPS让所有的改动生效(或者运行“sudo /etc/init.d/ipsec restart”及其它命令)。然后用

sudo /usr/sbin/ipsec verify

命令检查IPSec服务的状态是否正常，应返回如下信息：

Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path [OK]

Linux Openswan U2.6.24rc5/K2.6.18-164.10.1.el5xen (netkey)

Checking for IPsec support in kernel [OK]

Testing against enforced SElinux mode [OK]

NETKEY detected, testing for disabled ICMP send_redirects [OK]

NETKEY detected, testing for disabled ICMP accept_redirects [OK]

Checking for RSA private key (/etc/ipsec.secrets) [OK]

Checking that pluto is running [OK]

Pluto listening for IKE on udp 500 [OK]

Pluto listening for NAT-T on udp 4500 [OK]

Two or more interfaces found, checking IP forwarding [OK]

Checking NAT and MASQUERADEing

Checking for ‘ip’ command [OK]

Checking for ‘iptables’ command [OK]

Opportunistic Encryption Support [DISABLED]

以上为OpenSwan的安装设置部分，下面该讲手机端的VPN规则生成了。我最初参考了英文文献一、文献二和文献三(对这篇文章的内容有疑问的读者可自行查询这些文献)，在前两篇参考资料中，提到的VPN规则的生成方式还是用makesis生成sis/sisx安装文件的复杂过程。幸好新的mVPN