中文字幕在线观看,亚洲а∨天堂久久精品9966,亚洲成a人片在线观看你懂的,亚洲av成人片无码网站,亚洲国产精品无码久久久五月天

一文教會vpn虛擬網(wǎng)絡(luò)架設(shè)

2018-09-05    來源:愛站科技

容器云強勢上線!快速搭建集群,上萬Linux鏡像隨意使用

  vpn虛擬網(wǎng)絡(luò)架設(shè)即是虛擬專用網(wǎng)絡(luò),接下來就由愛站頻道的小編分享一篇關(guān)于vpn組建虛擬網(wǎng)絡(luò)架設(shè)的教程給大家吧!感興趣的朋友跟小編一起來了解一下吧!

  FreeBSD 架設(shè)多點虛擬私人網(wǎng)絡(luò) VPN ( Virtual Private Network ) 采用 IPSec+NAT+VPN

  Description:

  虛擬私人網(wǎng)絡(luò) VPN ﹝Virtual Private Network ﹞, 其技術(shù)是利用公眾網(wǎng)絡(luò)﹝Public Internet ﹞的骨干做私人的加密資料傳輸, VPN 虛擬私人網(wǎng)絡(luò),運用在企業(yè)上,可以讓分散在世界各地的子公司一起分享具機密性的資料,而總公司與子公司之間數(shù)據(jù)資料傳輸,也如同在企業(yè)的 Intranet 內(nèi)網(wǎng)之下傳遞,既安全又穩(wěn)定。其實企業(yè)虛擬網(wǎng)絡(luò)最大一項的優(yōu)點,在于網(wǎng)絡(luò)管理工作的簡化。

  Environment :

  硬件:A B C 三臺 Server

  網(wǎng)卡:6片網(wǎng)卡 ( 每臺機器兩片 )

  作業(yè)系統(tǒng):FreeBSD 4.7 Release

  Server A

  Server B

  Server C

  真實 IP

  203.107.34.2

  203.107.34.3

  203.107.34.4

  虛擬 IP

  192.168.0.0/24

  192.168.1.0/24

  192.168.2.0/24

  Gateway IP

  192.168.0.254

  192.168.1.254

  192.168.2.254

  lo0 alias0 IP

  10.255.255.1/28

  10.255.255.2/28

  10.255.255.3/28

  Setp 1.

  讓 FreeBSD 支援 VPN 的功能必須重新compiler kernel 加入下面幾行,再重新 compiler kernel 即可。

  options IPDIVERT

  options IPFIREWALL

  options DUMMYNET

  options IPSEC

  options IPSEC_ESP

  options IPSEC_DEBUG

  pseudo-device gif 4 # IPv6 and IPv4 tunneling

  Setp 2.

  Server A:

  Server A# vi /etc/rc.conf 內(nèi)容如下:

  defaultrouter="203.107.34.62"

  hostname="Server A.ntut.idv.tw"

  ifconfig_de0="inet 203.107.34.2 netmask 255.255.255.192"

  ifconfig_fxp0="inet 192.168.0.254 netmask 255.255.255.0"

  ifconfig_lo0_alias0="inet 10.255.255.1 netmask 255.255.255.240"

  gif_interfaces="gif0 gif1"

  gifconfig_gif0="203.107.34.2 203.107.34.3"

  gifconfig_gif1="203.107.34.2 203.107.34.4"

  ifconfig_gif0="inet 10.255.255.1 10.255.255.2 netmask 255.255.255.240"

  ifconfig_gif1="inet 10.255.255.1 10.255.255.3 netmask 255.255.255.240"

  firewall_enable="YES"

  firewall_type="OPEN"

  gateway_enable="YES"

  natd_enable="YES"

  natd_interface="de0"

  sshd_enable="YES"

  Server A# vi /etc/rc.firewall 內(nèi)容如下:

  #!/bin/sh

  #delete all rule

  /sbin/ipfw -f flush

  #define NAT pass to de0

  /sbin/ipfw add divert natd all from any to any via de0

  /sbin/ipfw add 65000 allow ip from any to any

  Server A# vi /usr/local/etc/rc.d/ipsec.sh 內(nèi)容如下:

  #!/bin/sh

  # Make a static route!!!

  route add -net 192.168.1.0/24 10.255.255.2

  route add -net 192.168.2.0/24 10.255.255.3

  # read in the config

  setkey -f /etc/ipsec.conf

  Server A# vi /etc/ipsec.conf 內(nèi)容如下:

  # This is the test if the network connection will work

  flush;

  spdflush;

  add 203.107.34.3 203.107.34.2 esp 9993 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.3 esp 9994 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.4 esp 9995 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.2 esp 9996 -E blowfish-cbc "123456789";

  spdadd 192.168.0.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/203.107.34.2-203.107.34.3/require;

  spdadd 192.168.1.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/203.107.34.3-203.107.34.2/require;

  spdadd 192.168.0.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/203.107.34.2-203.107.34.4/require;

  spdadd 192.168.2.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/203.107.34.4-203.107.34.2/require;

  Server B:

  Server B#vi /etc/rc.conf 內(nèi)容如下:

  defaultrouter="203.107.34.62"

  hostname="B.ntut.idv.tw"

  ifconfig_de0="inet 203.107.34.3 netmask 255.255.255.192"

  ifconfig_vr0="inet 192.168.1.254 netmask 255.255.255.0"

  ifconfig_lo0_alias0="inet 10.255.255.2 netmask 255.255.255.240"

  gif_interfaces="gif0 gif1"

  gifconfig_gif0="203.107.34.3 203.107.34.4"

  gifconfig_gif1="203.107.34.3 203.107.34.2"

  ifconfig_gif0="inet 10.255.255.2 10.255.255.3 netmask 255.255.255.240"

  ifconfig_gif1="inet 10.255.255.2 10.255.255.1 netmask 255.255.255.240"

  firewall_enable="YES"

  firewall_type="OPEN"

  gateway_enable="YES"

  natd_enable="YES"

  natd_interface="de0"

  sshd_enable="YES"

  Server B#vi /etc/rc.firewall 內(nèi)容如下:

  #!/bin/sh

  #delete all rule

  /sbin/ipfw -f flush

  #define NAT pass to de0

  /sbin/ipfw add divert natd all from any to any via de0

  /sbin/ipfw add 65000 allow ip from any to any

  Server B#vi /usr/local/etc/rc.d/ipsec.sh 內(nèi)容如下:

  #!/bin/sh

  # Make a static route!!!

  route add -net 192.168.2.0/24 10.255.255.3

  route add -net 192.168.0.0/24 10.255.255.1

  # read in the config

  setkey -f /etc/ipsec.conf

  Server B#vi /etc/ipsec.conf 內(nèi)容如下:

  flush;

  spdflush;

  add 203.107.34.3 203.107.34.4 esp 9991 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.3 esp 9992 -E blowfish-cbc "123456789";

  add 203.107.34.3 203.107.34.2 esp 9993 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.3 esp 9994 -E blowfish-cbc "123456789";

  spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/203.107.34.3-203.107.34.4/require;

  spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/203.107.34.4-203.107.34.3/require;

  spdadd 192.168.1.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/203.107.34.3-203.107.34.2/require;

  spdadd 192.168.0.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/203.107.34.2-203.107.34.3/require;

  Server C:

  Server C#vi /etc/rc.conf 內(nèi)容如下:

  defaultrouter="203.107.34.62"

  hostname="C.ntut.idv.tw"

  ifconfig_rl0="inet 203.107.34.4 netmask 255.255.255.192"

  ifconfig_fxp0="inet 192.168.2.254 netmask 255.255.255.0"

  ifconfig_lo0_alias0="inet 10.255.255.3 netmask 255.255.255.240"

  gif_interfaces="gif0 gif1"

  gifconfig_gif0="203.107.34.4 203.107.34.3"

  gifconfig_gif1="203.107.34.4 203.107.34.2"

  ifconfig_gif0="inet 10.255.255.3 10.255.255.2 netmask 255.255.255.240"

  ifconfig_gif1="inet 10.255.255.3 10.255.255.1 netmask 255.255.255.240"

  firewall_enable="YES"

  firewall_type="OPEN"

  gateway_enable="YES"

  natd_enable="YES"

  natd_interface="rl0"

  sshd_enable="YES"

  Server C#vi /etc/rc.firewall 內(nèi)容如下:

  #!/bin/sh

  #delete all rule

  /sbin/ipfw -f flush

  #define NAT pass to rl0

  /sbin/ipfw add divert natd all from any to any via rl0

  /sbin/ipfw add 65000 allow ip from any to any

  Server C#vi /usr/local/etc/rc.d/ipsec.sh 內(nèi)容如下:

  #!/bin/sh

  # Make a static route!!!

  route add -net 192.168.1.0/24 10.255.255.2

  route add -net 192.168.0.0/24 10.255.255.1

  # read in the config

  setkey -f /etc/ipsec.conf

  Server C#vi /etc/ipsec.conf 內(nèi)容如下:

  flush;

  spdflush;

  add 203.107.34.3 203.107.34.4 esp 9991 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.3 esp 9992 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.4 esp 9995 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.2 esp 9996 -E blowfish-cbc "123456789";

  spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/203.107.34.4-203.107.34.3/require;

  spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec esp/tunnel/203.107.34.3-203.107.34.4/require;

  spdadd 192.168.2.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/203.107.34.4-203.107.34.2/require;

  spdadd 192.168.0.0/24 192.168.2.0/24 any -P in ipsec esp/tunnel/203.107.34.2-203.107.34.4/require;

  Setp 3.

  Server A# ifconfig # 看網(wǎng)絡(luò)介面和 ip

  de0: flags=8843 mtu 1500

  inet6 fe80::200:e8ff:fe4f:527e%de0 prefixlen 64 scopeid 0x1

  inet 203.107.34.2 netmask 0xffffffc0 broadcast 203.107.34.63

  ether 00:00:e8:4f:52:7e

  media: Ethernet autoselect (10baseT/UTP)

  status: active

  fxp0: flags=8843 mtu 1500

  inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255

  inet6 fe80::2a0:c9ff:fe93:438c%fxp0 prefixlen 64 scopeid 0x2

  ether 00:a0:c9:93:43:8c

  media: Ethernet autoselect (none)

  status: no carrier

  lp0: flags=8810 mtu 1500

  ppp0: flags=8010 mtu 1500

  sl0: flags=c010 mtu 552

  faith0: flags=8002 mtu 1500

  lo0: flags=8049 mtu 16384

  inet6 ::1 prefixlen 128

  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7

  inet 10.255.255.1 netmask 0xfffffff0

  inet 127.0.0.1 netmask 0xff000000

  gif0: flags=8051 mtu 1280

  tunnel inet 203.107.34.2 --> 203.107.34.3

  inet6 fe80::200:e8ff:fe4f:527e%gif0 prefixlen 64 scopeid 0x8

  inet 10.255.255.1 --> 10.255.255.2 netmask 0xfffffff0

  gif1: flags=8051 mtu 1280

  tunnel inet 203.107.34.2 --> 203.107.34.4

  inet6 fe80::200:e8ff:fe4f:527e%gif1 prefixlen 64 scopeid 0x9

  inet 10.255.255.1 --> 10.255.255.3 netmask 0xfffffff0

  Server A# setkey -DP # 看ipsec 有無起動

  192.168.1.0/24[any] 192.168.0.0/24[any] any

  in ipsec

  esp/tunnel/203.107.34.3-203.107.34.2/require

  spid=10 seq=3 pid=300

  refcnt=1

  192.168.2.0/24[any] 192.168.0.0/24[any] any

  in ipsec

  esp/tunnel/203.107.34.4-203.107.34.2/require

  spid=12 seq=2 pid=300

  refcnt=1

  192.168.0.0/24[any] 192.168.1.0/24[any] any

  out ipsec

  esp/tunnel/203.107.34.2-203.107.34.3/require

  spid=9 seq=1 pid=300

  refcnt=1

  192.168.0.0/24[any] 192.168.2.0/24[any] any

  out ipsec

  esp/tunnel/203.107.34.2-203.107.34.4/require

  spid=11 seq=0 pid=300

  refcnt=1

  Server A# setkey -D

  203.107.34.4 203.107.34.2

  esp mode=any spi=9996(0x0000270c) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000000 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:33:10 2003 hard: 0(s) soft: 0(s)

  current: 1464(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 21 hard: 0 soft: 0

  sadb_seq=3 pid=301 refcnt=1

  203.107.34.2 203.107.34.4

  esp mode=any spi=9995(0x0000270b) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000015 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:33:10 2003 hard: 0(s) soft: 0(s)

  current: 2196(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 21 hard: 0 soft: 0

  sadb_seq=2 pid=301 refcnt=2

  203.107.34.2 203.107.34.3

  esp mode=any spi=9994(0x0000270a) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000004 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:31:20 2003 hard: 0(s) soft: 0(s)

  current: 400(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 4 hard: 0 soft: 0

  sadb_seq=1 pid=301 refcnt=2

  203.107.34.3 203.107.34.2

  esp mode=any spi=9993(0x00002709) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000000 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:31:20 2003 hard: 0(s) soft: 0(s)

  current: 480(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 8 hard: 0 soft: 0

  sadb_seq=0 pid=301 refcnt=1

  Server A#netstat -nr # 查看 Routting table

  Routing tables

  Internet:

  Destination Gateway Flags Refs Use Netif Expire

  default 203.107.34.62 UGSc 1 4782 de0

  10.255.255.1 10.255.255.1 UH 0 0 lo0

  10.255.255.2 10.255.255.1 UH 1 0 gif0

  10.255.255.3 10.255.255.1 UH 1 0 gif1

  127.0.0.1 127.0.0.1 UH 0 0 lo0

  192.168.0 link#2 UC 0 0 fxp0

  192.168.1 10.255.255.2 UGSc 0 8 gif0

  192.168.2 10.255.255.3 UGSc 0 25 gif1

  203.107.34/26 link#1 UC 4 0 de0

  203.107.34.3 link#1 UHLW 1 12 de0

  203.107.34.4 link#1 UHLW 1 21 de0

  203.107.34.11 00:50:04:c3:7d:59 UHLW 2 2020 de0 1149

  203.107.34.62 00:01:63:8c:68:54 UHLW 1 0 de0 1042

  最后確認 ping 看看可不可以到達其它網(wǎng)段:

  Server A#ping 192.168.1.254

  Server A#ping 192.168.2.254

  Server B#ping 192.168.0.254

  Server B#ping 192.168.2.254

  Server C#ping 192.168.0.254

  Server C#ping 192.168.1.254

  以上就是vpn組建虛擬網(wǎng)絡(luò)架設(shè)的詳細教程,更多相關(guān)內(nèi)容請繼續(xù)關(guān)注愛站技術(shù)頻道。

標簽: 安全 網(wǎng)絡(luò)

版權(quán)申明:本站文章部分自網(wǎng)絡(luò),如有侵權(quán),請聯(lián)系:west999com@outlook.com
特別注意:本站所有轉(zhuǎn)載文章言論不代表本站觀點!
本站所提供的圖片等素材,版權(quán)歸原作者所有,如需使用,請與原作者聯(lián)系。

上一篇:Linux 服務(wù)器怎樣操作才安全實用

下一篇:ISA Server怎樣清除故障