感谢支持
我们一直在努力

CentOS 5.4 源代码安装Openswan 2.6.28

# uname -r
2.6.18-164.el5


一、下载openswan
从www.openswan.org官方网站下载当前最新版本2.6.28


# tar xzvf openswan-2.6.28.tar.gz
# cd openswan-2.6.28


二、安装依赖包
在openswan源码目录下查看README
There a few packages required for Openswan to compile:


1. libgmp + libgmp-devel headers.  (GNU Math Precision Library)


2. gawk, flex and bison (usually included in all distributions)


gawk, flex and bison几个比较容易安装,gawk系统已默认安装,flex和bison可用yum安装,libgmp有点麻烦。先是下载的gmp-5.0.1.tar.gz,但启动openswan服务时会报错(libgmp.so.10),只好删了。后来在CentOS系统盘找到相应的RPM包.


# rpm -ivh gmp-4.1.4-10.el5.i386.rpm
Preparing…                ########################################### [100%]
        package gmp-4.1.4-10.el5.i386 is already installed


# rpm -ivh gmp-devel-4.1.4-10.el5.i386.rpm
Preparing…                ########################################### [100%]
    1gmp-devel              ########################################### [100%]


三、安装openswan


#make programs
#make install


安装成功后,在/etc/目录下生成ipsec.conf配置文件和ipsec.d目录,同时在/usr/local/sbin下生成ipsec可执行程序、在/etc/initl.d/目录下生成ipsec shell脚本


四、openswan基本操作


1. 查看当前openswan版本
# ipsec –version
Linux Openswan U2.6.28/K(no kernel code presently loaded)
See `ipsec –copyright’ for copyright information.



2. ipsec服务
# service ipsec start


# service ipsec restart


# service ipsec stop


3.验证openswan是否正确安装
# ipsec verify


Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.28/K2.6.18-164.el5 (netkey)
Checking for IPsec support in kernel                            [OK]
Testing against enforced SElinux mode                           [FAILED]


  SElinux is running in ‘enforced’ mode.
  If you encounter network related SElinux errors, especially when using KLIPS,
  try disabling SElinux using:


  echo “0” > /selinux/enforce (or edit /etc/sysconfig/selinux)


NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]


  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!


NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]


  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!


Checking that pluto is running                                  [FAILED]
  whack: Pluto is not running (no “/var/run/pluto/pluto.ctl”)
Two or more interfaces found, checking IP forwarding            [FAILED]
  whack: Pluto is not running (no “/var/run/pluto/pluto.ctl”)
Checking for ‘ip’ command                                       [OK]
Checking for ‘iptables’ command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


(1)disabe SELINUX
# vim /etc/sysconfig/selinux
设置 SELINUX=disabled


# setenforce 0


(2)disable ICMP send_redirects和accept_redirects
可编写shell脚本将/proc/sys/net/ipv4/conf/*/send_redirects和/proc/sys/net/ipv4/conf/*/accept_redirects disable掉


(3)enable ip_forward
# vim /etc/sysctl.conf
修改net.ipv4.ip_forward = 0 ->  net.ipv4.ip_forward = 1


# sysctl -p



4. 配置文件
(1)配置文件 (/etc/ipsec.conf)
查看ipsec.conf配置帮助 
# man 5 ipsec.conf


(2)密钥配置文件(/etc/ipsec.secrest)
查看ipsec.secrets配置帮助
# man 5 ipsec.secrets

赞(0) 打赏
转载请注明出处:服务器评测 » CentOS 5.4 源代码安装Openswan 2.6.28
分享到: 更多 (0)

听说打赏我的人,都进福布斯排行榜啦!

支付宝扫一扫打赏

微信扫一扫打赏