VPSとRTX1200をVPN接続できたので、メモ
環境
- LinuxServer:sakuraのVPS centos 5.5 / 2.6.18-194.8.1.el5 (グローバル:2.2.2.2 / ローカル:192.168.200.1 )
- ルータ:YAMAHA RTX1200 ( グローバル:1.1.1.1 / ローカル:192.168.0.1 )
/etc/racoon/racoon.conf
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log notify; #debug
remote 1.1.1.1 {
exchange_mode aggressive,main;
doi ipsec_doi;
nonce_size 16;
lifetime time 28800 sec;
initial_contact on;
situation identity_only;
my_identifier address 2.2.2.2;
peers_identifier address 1.1.1.1;
mode_cfg on;
generate_policy on;
ike_frag on;
passive off;
support_proxy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo address 192.168.200.0/24 any address 192.168.0.0/24 any {
pfs_group 2;
lifetime time 28800 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
sainfo address 2.2.2.2 any address 1.1.1.1 any {
pfs_group 2;
lifetime time 28800 sec;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1 ;
compression_algorithm deflate;
}
/etc/racoon/psk.txt
1.1.1.1 PASSWORD
/etc/ipsec-tooks.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.200.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
spdadd 192.168.0.0/24 192.168.200.0/24 any -P in ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
racoon発進!
setkey -F
setkey -f /etc/ipsec-tools.conf
racoon -l /var/log/racoon.log -f /etc/racoon/racoon.conf
iptunnel add ipsec0 mode ipip remote 1.1.1.1
ifconfig ipsec0 192.168.200.1 netmask 255.255.255.0
route add -net 192.168.0.0/24 dev ipsec0