OpenSwanIPSecIPSecVPNGentoo LinuxWindows XPVPNVPNRemote access VPNL2TP/IPSec VPNIPSecpre-share keyVPNVPN* 8:IPSec VPN

8:IPSec

OpenswanOpenswanOpenswan ipsecLinuxFreeswan()

OpenSwanIPSec VPNOpenswanVPNsite-to-siteVPNopenswanipsecopenswanVPN windows vpn ;Openswanopensourceipsec 8:IPSec *OpenSwan

8:IPSec

L2TPPPP 8:IPSec *Networking support ---> Networking options ---> PF_KEY socket [*] TCP/IP networking IP: AH transformation IP: ESP transformation IP: IPComp transformation IPsec user configuration interface [*] Network device support PPP (point-to-point protocol) support PPP support for async serial ports PPP support for sync tty ports PPP Deflate compression PPP BSD-Compress compression PPP over Ethernet (EXPERIMENTAL) Device Drivers ---> Character devices ---> [*] Legacy (BSD) PTY support IPSecIPSecLinux

8:IPSec

L2TPPPP 8:IPSec *Cryptographic options ---> --- Cryptographic API --- HMAC support Null algorithms MD4 digest algorithm MD5 digest algorithm SHA1 digest algorithm SHA256 digest algorithm SHA384 and SHA512 digest algorithms DES and Triple DES EDE cipher algorithms Blowfish cipher algorithm Twofish cipher algorithm Serpent cipher algorithm Deflate compression algorithmIPSecIPSec

8:IPSec

L2TPPPPIPSecVPNL2TP/IPSecIPSec VPNL2TPPPPPPPL2TPPPPL2TPPPPemerge pppdL2TPemerge xl2tpdIPSec-toolsemerge ipsec-tools

8:IPSec *#PPPemerge pppd#l2tpemerge xl2tpd#ipsec-toolsemerge ipsec-tools

8:IPSec

L2TPL2TP.confL2TP.conf: [global]()L2TPport(UDP 1701)[lns]1auth file=/etc/ppp/chap-secrets ip rangeIPlocal ipVPNip rangeip range* 8:IPSec [global]listen-addr = 140.125.32.19port = 1701auth file=/etc/ppp/chap-secrets

[lns default]ip range = 192.168.123.1-192.168.123.20local ip = 192.168.123.254length bit = yesrequire chap = yesrefuse pap = yesrequire authentication = yesname = LinuxVPNppp debug = yespppoptfile = /etc/ppp/options.xl2tpdL2TP1

8:IPSec

OpenSwan-ipsec.conf/etc/ppp/options.l2tpL2TPPPPPPPman pppdVPN ipcp-accept-localIPipcp-accept-remoteIPms-dnsDNSCrtscts

* 8:IPSec ipcp-accept-local ipcp-accept-remotems-dns 140.125.252.1noccpauthcrtsctsidle 1800nodefaultroutedebuglockproxyarpconnect-delay 5000silentPPP

8:IPSec

OpenSwanOpenSwanOpenSwan emerge openswan

OpenSwanIPSecipsec.conf (/etc/ipsec/ipsec.conf)ipsecipsecipsec.secret (/etc/ipsec/ipsec.secret)pre-share keypre-share key

* 8:IPSec #OpenSwanemerge openswan

#openswan

ipsec.conf (/etc/ipsec/ipsec.conf)ipsec

ipsec.secret (/etc/ipsec/ipsec.secret)vpn

OpenSwan

8:IPSec

OpenSwan-ipsec.confOpenSwan-ipsec.confipsec.confipsecIPSecIPSecConfig setupconfig setupipsec service configconn Tab service ipsec start Conn %faultconnconn %default (tunnel) conn %default * 8:IPSec config setup # ipsec interfaces=ipsec0=eth0 klipsdebug=none plutodebug=none overridemtu=1410 nat_traversal=yes virtual_private=%v4:192.168.123.0/24 conn %default # keyingtries=3 compress=yes disablearrivalcheck=no authby=secret #ipsec.secret type=tunnel # ipsec keyexchange=ike ikelifetime=240m keylife=60m

8:IPSec

OpenSwan-ipsec.confOpenSwan-ipsec.confremote-vpnconnroadwarriorIPVPNleftleft=%defaultroute rightright=%any%anyIPleftprotoport=17/1701udp=17/port=1701also=roadwarrior also17/1701conn roadwarriorAuto=addipsec.confignoreadd

* 8:IPSec conn roadwarrior-l2tp # for windows vpn client leftprotoport=17/1701 rightprotoport=17/1701 also=roadwarrior conn roadwarrior pfs=no #Perfect Forward Secrecy left=%defaultroute right=%any rightsubnet=vhost:%no,%priv auto=add

8:IPSec

OpenSwan-ipsec.secretOpenSwan-ipsec.secret/etc/ipsec/ipsec.secretVPN(pre-share key)OpenSwanPre-share key IPIPPSKpre-share key ()IPSec* 8:IPSec 140.125.32.19 %any: PSK what are you doing now" ipsec.secretipsec.secret() OpenSwan http://wiki.openswan.org

8:IPSec

OpenSwan-ipsec.secretchap.secret/etc/ppp/chap.secretL2TP/IPSecpre-share key1MS-CHAPCHAPMS-CHAPPPPMD4DES* 8:IPSec # Secrets for authentication using CHAP # client server secret IP addresses es602 * test" 192.168.123.0/24 chap.secrets1

8:IPSec

IPSecIPSecOpenSwan/IPSecipsec verifylog/var/log/everything/current/var/log/ppp/current* 8:IPSec OpenSwan

8:IPSec

VPN VPNWindows XPVPN ServerVPNL2TPUDP 1701VPNVPNVPNVPNVPN * 8:IPSec VPN

8:IPSec

VPN * 8:IPSec 1. 2. 3. 4.5.VPNIP6.

8:IPSec

VPN * 8:IPSec 1. 2.VPNPPTPL2TP IPSec3. pre-share key4.

8:IPSec

VPN * 8:IPSec 1. 2. VPN2VPNVPN private IPIPSecVPN

8:IPSec

IPSec* 8:IPSec IPSec VPNVPNIP140.125.32.19VPN140.125.32.235VPNESPVPN

8:IPSec

VPNL2TP/IPSecVPNVPNVPNLinuxLinuxVPNlogopenswanIPSecL2TPVPNopenswanVPNVPNsite-to-site VPNVPNOpenSwan* 8:IPSec

8:IPSec

OpenSwan (http://wiki.openswan.org) (http://linux.vbird.org/)Gentoo Linux (http://www.gentoo.org/* 8:IPSec

8:IPSec