centos6.5下搭建基于安卓和IOS系统vpn服务器配置

1、下载相关软件包

ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm

ipsec-tools-0.8.0-25.3.x86_64.rpm

2、安装软件包

rpm -ivh ipsec-tools-libs-0.8.0-1.el5.pp.x86_64.rpm

rpm -ivh ipsec-tools-0.8.0-25.3.x86_64.rpm

3、设置欢迎信息

vim /etc/racoon/motd #当连接成功时提示欢迎信息

the vpn server is connect

4、设置vpn组名和密钥：

vim /etc/racoon/psk.txt

123 123

chmod 700 /etc/racoon/psk.txt

5、设置配置文件：

vim /etc/racoon/racoon.conf

path include "/etc/racoon";

#include "remote.conf";

path pre_shared_key "/etc/racoon/psk.txt";

path certificate "/etc/racoon/cert";

#log debug;

listen

{

isakmp 10.211.55.64 [500]; #服务器公网（服务器本身ip）ip+udp500端口

isakmp_natt 10.211.55.64 [4500]; #服务器公网（服务器本身ip）ip+udp4500端口

}

remote anonymous

{

exchange_mode main, aggressive, base;

mode_cfg on;

proposal_check obey; # obey, strict, or claim

nat_traversal on;

generate_policy unique;

ike_frag on;

passive on;

dpd_delay 30;

proposal {

lifetime time 28800 sec;

encryption_algorithm 3des;

hash_algorithm md5;

authentication_method xauth_psk_server;

dh_group 2;

}

}

sainfo anonymous

{

encryption_algorithm 3des, aes, blowfish;

authentication_algorithm hmac_sha1, hmac_md5;

compression_algorithm deflate;

}

mode_cfg

{

auth_source system;

dns4 8.8.8.8, 114.114.114.114;

banner "/etc/racoon/motd";

save_passwd on;

network4 192.168.0.100; #下发的远端私网ip段

netmask4 255.255.255.0;

pool_size 100;

pfs_group 2;

}

6、添加vpn用户名和使用密码：

useradd -MN -b /tmp -s /sbin/nologin testvpn

passwd xxxxx

密码：xxxxxx

7、开启转发：

vim /etc/sysctl.conf

net.ipv4.ip_forward =1

8、设置防火墙规则：

iptables -I INPUT -p udp --dport 500 -j ACCEPT

iptables -I INPUT -p udp --dport 4500 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

保存防火墙规则：

service iptables save

service iptables restart

启动：

racoon -f /etc/racoon/racoon.conf -l /var/log/racoon.log -d

测试